本帖最后由 ranmaozhi 于 2024-6-11 16:14 编辑
各位大佬有没有搞通gre配置的,请问一下该如何配置gre的防火墙及路由表。
在设备 A 上,将 gre tunnel 的配置部分添加到文件中:
config interface hosta
option proto gre
option zone tunnels
option peeraddr 192.168.33.60
option tunlink 'wan'
config interface hosta_addr
option proto static
option ifname @hosta
option ipaddr 10.0.1.2
option netmask 255.255.255.0
root@OpenWrt:/tmp# ip route
default via 192.168.33.1 dev eth0.1 proto static src 192.168.33.173
10.0.1.0/24 dev gre4-hostb proto kernel scope link src 10.0.1.2
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.33.0/24 dev eth0.1 proto kernel scope link src 192.168.33.173
root@OpenWrt:/tmp#
root@OpenWrt:/tmp#
root@OpenWrt:/tmp# ifconfig gre4-hostb
gre4-hostb Link encap:UNSPEC HWaddr C0-A8-21-AD-00-00-01-00-00-00-00-00-00-00-00-00
inet addr:10.0.1.2 P-t-P:10.0.1.2 Mask:255.255.255.0
inet6 addr: fe80::5efe:c0a8:21ad/64 Scopeink
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
在设备 B 上,将 gre tunnel 的类似配置部分添加到文件中:
config interface hostb
option proto gre
option zone tunnels
option peeraddr 192.168.33.173
option tunlink 'wan'
config interface hostb_addr
option proto static
option ifname @hostb
option ipaddr 10.0.1.3
option netmask 255.255.255.0
....
设备B去ping设备A
结果:
Internet Protocol Version 4, Src: 192.168.33.60, Dst: 192.168.33.173
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 108
Identification: 0xc27c (49788)
Flags: 0x40, Don't fragment
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 64
Protocol: Generic Routing Encapsulation (47)
Header Checksum: 0xb3ac [validation disabled]
[Header checksum status: Unverified]
Source Address: 192.168.33.60
Destination Address: 192.168.33.173
Generic Routing Encapsulation (IP)
Flags and Version: 0x0000
Protocol Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.0.1.3, Dst: 10.0.1.2
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 84
Identification: 0x74a8 (29864)
Flags: 0x40, Don't fragment
...0 0000 0000 0000 = Fragment Offset: 0
Time to Live: 64
Protocol: ICMP (1)
Header Checksum: 0xaffc [validation disabled]
[Header checksum status: Unverified]
Source Address: 10.0.1.3
Destination Address: 10.0.1.2
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x7ae8 [correct]
[Checksum Status: Good]
Identifier (BE): 6264 (0x1878)
Identifier (LE): 30744 (0x7818)
Sequence Number (BE): 7 (0x0007)
Sequence Number (LE): 1792 (0x0700)
[No response seen]
[Expert Info (Warning/Sequence):
[No response seen to ICMP request]
[Severity level: Warning]
[Group: Sequence]
Data (56 bytes)
请不要胡乱输入以及粘贴、复制等方式灌水
请尊重作者、并共同维护网站的正常阅读,否则账户将会被限制发帖、回帖,并且积分可能会被清零,站内短信以及阅读权限等都会受到影响,谢谢。
具体限制方式:https://www.right.com.cn/forum/thread-8307840-1-1.html
|