主机A与主机B之间建立了一条 IPIP 遂道,两个主机之间生成的TCP协议且源端口是8000的包需要通过遂道传输到对方后,通过对方的网关发送出去。
On Host A
TUN_IFACE="tun-b"HOST_A_IP="10.0.0.3"HOST_B_IP="10.0.3.2"TUN_GATEWAY="192.168.4.2"HOST_GATEWAY="10.0.0.1" sudo iptunnel add ${TUN_IFACE} mode ipip remote ${HOST_B_IP} local ${HOST_A_IP}sudo ifconfig ${TUN_IFACE} upsudo route add -host ${TUN_GATEWAY} dev ${TUN_IFACE} sudo iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 8000 -m mark ! --mark 0x8888 -j TEE --gateway ${TUN_GATEWAY}sudo iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 8000 -j MARK --set-mark 0x8888sudo iptables -t mangle -A PREROUTING -m mark --mark 0x8888 -j TEE --gateway ${HOST_GATEWAY}
On Host B
TUN_IFACE="tun-a"HOST_A_IP="10.0.0.3"HOST_B_IP="10.0.3.2"TUN_GATEWAY="192.168.4.1"HOST_GATEWAY="10.0.3.1" sudo iptunnel add ${TUN_IFACE} mode ipip remote ${HOST_A_IP} local ${HOST_B_IP}sudo ifconfig ${TUN_IFACE} upsudo route add -host ${TUN_GATEWAY} dev ${TUN_IFACE} sudo iptables -t mangle -A POSTROUTING -p tcp -m tcp --sport 8000 -m mark ! --mark 0x8888 -j TEE --gateway ${TUN_GATEWAY}sudo iptables -t mangle -A PREROUTING -p tcp -m tcp --sport 8000 -j MARK --set-mark 0x8888sudo iptables -t mangle -A PREROUTING -m mark --mark 0x8888 -j TEE --gateway ${HOST_GATEWAY}
Over!
原文地址:Forward special packets, 感谢原作者分享。 自己战胜自己是最可贵的胜利。
