路由表
linux下通过route可以查看本地路由表:
Kernel IP routing table
Destination Gateway
Genmask
Flags Metric Ref Use Iface
default localhost
0.0.0.0
UG 0
0
0 eth1
link-local *
255.255.0.0
U 1000
0
0 eth1
192.168.1.0 * 255.255.255.0 U 2
0 0 eth1
Destination为目的网络地址,Genmask是子网掩码,Gateway是下一跳地址,Metric是权重(优先级),Iface是发送接口。
Flags中U代表此条目有效(可以禁用某些条目),G标志表示此条目的下一跳地址是某个路由器地址,没有G标志的条目表示目的网络地址是与本机接口直接相连的网络,不必经过路由器转发,因此下一跳地址记为*号。
如果要发送一个数据包,首先该数据包的目的地址首先与子网掩码做与运算,得到IP地址后与目的地址比较,相等则从此条路由的接口Iface将数据包发送出去;
不相等,与第二行的子网掩码做与运算,比对目的地址。
若与前面几个路由条目都不匹配,那么就按缺省路由条目的接口把数据包发送出去,让下个路由器按它的路由表决定下一跳地址。
route命令
route [-CFvnee]
route [-v] [-A family] add [-net|-host] target [netmask Nm] [gw Gw] [metric N] [mss M] [window W] [irtt I] [reject] [mod] [dyn] [reinstate] [[dev] If]
route [-v] [-A family] del [-net|-host] target [gw Gw] [netmask Nm] [metric N] [[dev] If]
When the add or del options are used, route modifies the routing tables. Without these options, route displays the current contents of the routing tables.
-A family use the specified address family (eg `inet'; use `route --help' for a full list).
-F operate on the kernel's FIB (Forwarding Information Base) routing table. This is the default.
-C operate on the kernel's routing cache.
-v select verbose operation.
-n show numerical addresses instead of trying to determine symbolic host names. 快速显示路由
This is useful if you are trying to determine why the route to your nameserver has vanished.
-e use netstat(8)-format for displaying the routing table. -ee will generate a very long line with all parameters from the routing table.
del delete a route.
add add a new route.
target the destination network or host. You can provide IP addresses in dotted decimal or host/network names.
目标网络,目的IP,即数据包的目的地址。
-net the target is a network.
-host the target is a host.
netmask NM when adding a network route, the netmask to be used. 路由表中的掩码,作用于目的IP。
gw GW route packets via a gateway. NOTE: The specified gateway must be reachable first.
This usually means that you have to set up a static route to the gateway beforehand.
If you specify the address of one of your local interfaces, it will be used to decide about the interface to which the packets should be routed to.
This is a BSDism compatibility hack.
metric M set the metric field in the routing table (used by routing daemons) to M.
mss M set the TCP Maximum Segment Size (MSS) for connections over this route to M bytes.
The default is the device MTU minus headers, or a lower MTU when path mtu discovery occurred.
This setting can be used to force smaller TCP packets on the other end when path mtu discovery does not work
(usually because of misconfigured firewalls that block ICMP Fragmentation Needed)
window W set the TCP window size for connections over this route to W bytes.
This is typically only used on AX.25 networks and with drivers unable to handle back to back frames.
irtt I set the initial round trip time (irtt) for TCP connections over this route to I milliseconds (1-12000).
This is typically only used on AX.25 networks. If omitted the RFC1122 default of 300ms is used.
reject install a blocking route, which will force a route lookup to fail.
This is for example used to mask out networks before using the default route. This is NOT for firewalling.
mod, dyn, reinstate install a dynamic or modified route. These flags are for diagnostic purposes, and are generally only set by routing daemons.
dev If force the route to be associated with the specified device, as the kernel will otherwise try to determine the device on its own
(by checking already existing routes and device specifications, and where the route is added to). In most normal networks you won't need this.
If dev If is the last option on the command line, the word dev may be omitted, as it's the default. Otherwise the order of the route modifiers (metric - netmask - gw -dev) doesn't matter.
1) 网络接口dev if和网关gw GW是等价的,指定一个参数即可,系统会决定数据包应该发向哪个接口或哪个网关。
2) target即IP有两种表示方法:ip+netmask或ip/prefix,两者等价,若指定ip为192.168.10.0/24,则不要添加netmask参数。注:这里的IP为网段(不含主机)。
3) -net和-host区别是-net指定网段;-host用于指定具体主机IP,是一个确定的IP。
route应用
1. 局域网的网络地址192.168.1.0/24,局域网络连接其他网络的网关地址是192.168.1.1。主机192.168.1.20访问172.16.1.0/24网络的路由。
route add -net 172.16.1.0 gw 192.168.1.1 netmask 255.255.255.0 metric 1
route add -net 172.16.1.0/24 gw 192.168.1.1
2. 缺省网关路由
默认网关就是数据包不匹配任何设定的路由规则,最后流经的地址关口!
route add default gw 192.168.10.1
route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.10.1
route add default gw eth0
route add default gw dev eth0
此处的default可理解为target,即目标网络。
3. 删除默认网关
route del default
删除当前默认网关,在路由表destination项标记为“default”或0.0.0.0 的路由条目。
4. 指定数据包发送的网络接口
route add -net 127.0.0.0 netmask 255.0.0.0 dev lo
回环网络lo增加路由。
5. 增加一条拒绝路由
route add -net 10.0.0.0 netmask 255.0.0.0 reject