실습> Routing 경로 설정
1. 서버 정보 설정
[root@web1 ~]# hostnamectl set-hostname web1.linuxmaster.net
[root@web1 ~]# echo 192.168.108.101 web1.linuxmaster.net >> /etc/hosts
[root@web1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:4a:e5:6c brd ff:ff:ff:ff:ff:ff
inet 192.168.108.101/24 brd 192.168.108.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::603c:ceac:6e3:b97a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
2. 라우팅 테이블 확인
[root@web1 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 100 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
3. ping 통신 확인
[root@web1 ~]# ping 8.8.8.8 -c 3
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=38.5 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=39.1 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=128 time=38.6 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 38.575/38.790/39.164/0.265 ms
4. Default GateWay 삭제
사용법 : route del default gw <gateway address>
[root@web1 ~]# route del default gw 192.168.108.2
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@web1 ~]# ping 8.8.8.8 -c 3
connect: 네트워크가 접근 불가능합니다
5. Default GateWay 추가
사용법 : route add default gw <gateway address>
[root@web1 ~]# route add default gw 192.168.108.2
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@web1 ~]# ping 8.8.8.8 -c 3
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=39.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=39.2 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=128 time=39.2 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 39.109/39.213/39.292/0.179 ms
6. Default GateWay 설정 변경
잘못 설정된 default gateway를 잘 설정해준다.
[root@web1 ~]# route del default gw 192.168.108.2
[root@web1 ~]# route add default gw 192.168.108.3
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.3 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@web1 ~]# ping 8.8.8.8 -c 3
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.108.101 icmp_seq=1 Destination Host Unreachable
From 192.168.108.101 icmp_seq=2 Destination Host Unreachable
From 192.168.108.101 icmp_seq=3 Destination Host Unreachable
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2000ms
pipe 3
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.3 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@web1 ~]# route add default gw 192.168.108.2
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
0.0.0.0 192.168.108.3 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
[root@web1 ~]# ping 8.8.8.8 -c 3
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=39.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=38.7 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=128 time=38.5 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 38.595/39.073/39.917/0.619 ms
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
0.0.0.0 192.168.108.3 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
잘못 설정된 default gw 192.168.108.3 을 삭제한다.
[root@web1 ~]# route del default gw 192.168.108.3
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
7. Static Routing 삭제
네트워크 영역(192.168.108.0) 을 삭제한다.
외부 터미널에서 SSH로 접속해서 사용하고 있다면 접속이 끊어진다.
[root@web1 ~]# route del -net 192.168.108.0 netmask 255.255.255.0
콘솔로 접속해서 진행한다.
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
[root@web1 ~]# route add -net 192.168.108.0 netmask 255.255.255.0 def ens33
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
8. Static Routing 삭제
default gw와 네트워크 영역(192.168.108.0) 을 삭제한다.
외부 터미널에서 SSH로 접속해서 사용하고 있다면 접속이 끊어진다.
[root@web1 ~]# route del default gw 192.168.108.2
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.108.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
네트워크를 삭제하는 순간 SSH 접속이 끊어진다.
[root@web1 ~]# route del -net 192.168.108.0 netmask 255.255.255.0
콘솔로 접속해서 진행한다.
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gw 보다 네트워크부터 설정하고 default gw를 설정해야 한다.
[root@web1 ~]# route add default gw 192.168.108.2
SIOCADDRT: Network is unreachable
아무것도 없을 때 : 네트워크 설정 -> Default GW 설정
[root@web1 ~]# route add -net 192.168.108.0 netmask 255.255.255.0 dev ens33
[root@web1 ~]# route add default gw 192.168.108.2
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
SSH 접속을 하면 접속이 잘되고 외부에 ping 통신도 잘된다.
[root@web1 ~]# ping -c 3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=40.8 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=38.9 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=128 time=39.5 ms
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 38.995/39.803/40.829/0.798 ms
9. Static Routing
특정 IP주소(192.168.10x.XXX)를 추가한다.
사용법 :
추가 : route add -host <IP주소> dev <인터페이스명>
삭제 : route del -host <IP주소>
[root@web1 ~]# route add -host 192.168.101.3 dev ens33
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.101.3 0.0.0.0 255.255.255.255 UH 0 0 0 ens33 <--
192.168.108.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
[root@web1 ~]# route add -host 192.168.102.3 dev ens33
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.101.3 0.0.0.0 255.255.255.255 UH 0 0 0 ens33
192.168.102.3 0.0.0.0 255.255.255.255 UH 0 0 0 ens33 <--
192.168.108.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
192.168.101.3 에 대한 설정을 삭제한다.
[root@web1 ~]# route del -host 192.168.101.3
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.102.3 0.0.0.0 255.255.255.255 UH 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
192.168.102.3 에 대한 설정을 삭제한다.
[root@web1 ~]# route del -host 192.168.102.3
[root@web1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.108.2 0.0.0.0 UG 0 0 0 ens33
192.168.108.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
실습> UTM1에 대한 라우팅 테이블 확인하기
utm1:/root # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.101.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.102.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.108.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
'Linux > 보안장비 운용' 카테고리의 다른 글
| 내부망 WinXP 설정하기 (0) | 2022.03.02 |
|---|---|
| DMZ 내부망 서버 설정하기 (0) | 2022.02.20 |
| UTM 인터페이스 설정 (0) | 2022.02.20 |
| 쉘 접속 설정 (0) | 2022.02.20 |
| UTM 설치하기 (0) | 2022.02.20 |