[linux网络] iptables+ip route 实现双线上网流量分割

1 网络结构

a 内网机器

client1 : 192.168.28.20/24 gateway 192.168.28.1

client2 : 192.168.28.120/24 gateway 192.168.28.1

b 路由器

eth0 192.168.28.1/24

eth1 119.161.232.156/29 gateway 119.161.232.154

eth2 192.168.1.91/24 gateway 192.168.1.1



2 路由器配置

a 创建路由表

echo 150 fast >> echo 150 fast >> /etc/iproute2/rt_tables

echo 150 fast >> echo 150 fast >> /etc/iproute2/rt_tables

b 添加路由

ip route add 119.161.232.152/29 dev eth1 src 119.161.232.156 table fast

ip route add 192.168.28.0/24 dev eth0 src 192.168.28.1 table fast

ip route add default via 119.161.232.154 dev eth1 table fast

ip route add 192.168.1.0/24 dev eth2 src 192.168.1.91 table slow

ip route add 192.168.28.0/24 dev eth0 src 192.168.28.1 table slow

ip route add default via 192.168.1.1 dev eth2 table slow

c 删除默认路由

ip route del default

d 添加规则

ip rule add from 192.168.1.0/24 table slow

ip rule add from 119.161.232.152/29 table fast

e 设置过滤

ip rule add from 192.168.28.40 table slow

iptables -t nat -A POSTROUTING -s 192.168.28.40 -j SNAT --to 192.168.1.91

ip rule add from 192.168.28.120 table fast

iptables -t nat -A POSTROUTING -s 192.168.28.120 -j SNAT --to 119.161.232.156