谈谈设计和建设网站体会,网站信息组织优化,wordpress 块引用,盐城网站建设兼职看下docker中是怎么配置的网络 在虚机中访问外网#xff1a;设定了qemu#xff0c;在主机上添加路由#xff1a;sudo iptables -t nat -I POSTROUTING -s 192.168.1.110 -j SNAT --to-source 192.168.0.108 设置了这句话就可以访问外网了。 设置了两个虚拟机#xff1a; ta…看下docker中是怎么配置的网络 在虚机中访问外网设定了qemu在主机上添加路由sudo iptables -t nat -I POSTROUTING -s 192.168.1.110 -j SNAT --to-source 192.168.0.108 设置了这句话就可以访问外网了。 设置了两个虚拟机 tap0 (192.168.129.1) --- tap1 (192,168.130.1) --- 增加nat的NAT的表项设置 sudo iptables -t nat -I POSTROUTING -s 192.168.128.0/20 -j SNAT --to-source 192.168.0.108 同时去访问我的云主机121.X.X.X从两个主机中都能ping得通这说明在NAT记录了这个地址记录着 两个典型包 192.168.129.110 ---云主机 ( 192.168.0.108 --- 云主机) 192.168.130.110 ---云主机 ( 192.168.0.108 --- 云主机) NAT内部是怎么记录的这个转换是记录咋的从云主机IP中回来了一个包目的地址是192.168.0.108怎么分别分流到 192.168.129.110 和 192.168.130.110 两个 IP地址中。 难道是端口的信息在里面接受数据包的流程 #0 icmp_rcv (skb0xffff88007c9efc00) at net/ipv4/icmp.c:973
#1 0xffffffff816d97af in ip_local_deliver_finish (net0xffffffff81ed8680 init_net, skoptimized out, skb0xffff88007c9efc00) at net/ipv4/ip_input.c:216
#2 0xffffffff816d9e45 in NF_HOOK_THRESH (threshoptimized out, okfnoptimized out, outoptimized out, inoptimized out, skboptimized out, skoptimized out, netoptimized out, hookoptimized out, pfoptimized out)at ./include/linux/netfilter.h:232
#3 NF_HOOK (okfnoptimized out, outoptimized out, inoptimized out, skboptimized out, skoptimized out, netoptimized out, hookoptimized out, pfoptimized out)at ./include/linux/netfilter.h:255
#4 ip_local_deliver (skb0xffff88007c9efc00)at net/ipv4/ip_input.c:257
#5 0xffffffff816d9a7b in dst_input (skboptimized out)at ./include/net/dst.h:507
#6 ip_rcv_finish (net0xffffffff81ed8680 init_net, skoptimized out, skb0xffff88007c9efc00)at net/ipv4/ip_input.c:396
#7 0xffffffff816da11e in NF_HOOK_THRESH (threshoptimized out, okfnoptimized out, outoptimized out, inoptimized out, skboptimized out, skoptimized out, netoptimized out, hookoptimized out, pfoptimized out)at ./include/linux/netfilter.h:232
#8 NF_HOOK (okfnoptimized out, outoptimized out, inoptimized out, skboptimized out, skoptimized out, netoptimized out, hookoptimized out, pfoptimized out)at ./include/linux/netfilter.h:255
#9 ip_rcv (skb0xffff88007c9efc00, dev0xffff88007c530000, ptoptimized out, orig_devoptimized out)at net/ipv4/ip_input.c:487
#10 0xffffffff81684eea in __netif_receive_skb_core (skb0xffff88007c9efc00, pfmemallocoptimized out)at net/core/dev.c:4211
#11 0xffffffff816878cd in __netif_receive_skb (skboptimized out)at net/core/dev.c:4249
#12 0xffffffff8168793d in netif_receive_skb_internal (skb0xffff88007c9efc00) at net/core/dev.c:4277
#13 0xffffffff81688582 in napi_skb_finish (skboptimized out, retoptimized out) at net/core/dev.c:4626
---Type return to continue, or q return to quit---
#14 napi_gro_receive (napi0xffff88007c530b70, skb0xffff88007c9efc00)at net/core/dev.c:4658
#15 0xffffffff81532db1 in e1000_receive_skb (skboptimized out, vlanoptimized out, statusoptimized out, adapteroptimized out)at drivers/net/ethernet/intel/e1000/e1000_main.c:4035
#16 e1000_clean_rx_irq (adapter0xffff88007c5308c0, rx_ringoptimized out, work_doneoptimized out, work_to_dooptimized out)at drivers/net/ethernet/intel/e1000/e1000_main.c:4491
#17 0xffffffff81531bb0 in e1000_clean (napi0xffff88007c530b70, budget64) at drivers/net/ethernet/intel/e1000/e1000_main.c:3836
#18 0xffffffff8168968a in napi_poll (repolloptimized out, noptimized out) at net/core/dev.c:5158
#19 net_rx_action (hoptimized out) at net/core/dev.c:5223
#20 0xffffffff8187c0d9 in __do_softirq () at kernel/softirq.c:284
#21 0xffffffff81058f70 in invoke_softirq () at kernel/softirq.c:364
#22 irq_exit () at kernel/softirq.c:405
#23 0xffffffff8187be94 in exiting_irq ()at ./arch/x86/include/asm/apic.h:659
#24 do_IRQ (regs0xffffc9000006be08) at arch/x86/kernel/irq.c:251
#25 0xffffffff8187a4bf in common_interrupt ()at arch/x86/entry/entry_64.S:520
#26 0xffffc9000006be08 in ?? ()
#27 0x0000000000000000 in ?? ()设置完SNAT后接收icmp包: NAT是 当服务器14.17.88.99回复了一个数据包后(src14.17.88.99 dst115.22.112.12)进入到wan侧接口的PRE_ROUTING链时则在调用其nat相关的hook函数后会调用函数ip_nat_packet获取到 origin tuple 值然后再根据 origin tuple计算出反方向的tuple即为new_tuple.src 14.17.88.99 new_tuple.dst 192.168.1.123,然后就会根据这个新的tuple修改其目的ip地址修改后的数据包的目的地址即为192.168.1.123 。然后再查找路由将数据发送到正常的lan口。这就是nat的De-SNAT路由地址 ipt_do_table -- nf_nat_ipv4_fn在nf_nat_ipv4_fn函数中首先上来是nf_ct_getct: conntrack, 其中涉及到的数据结构有 ip_conntrace_info / nf_conn_nat 下面的链接中有一个详细解释了当设置之后出包和进包的一个流程 http://blog.csdn.net/lickylin/article/details/36740207当数据到达路由器的wan0口进入到PRE_ROUTING时会先建立一个nf_conn结构和两个nf_conntrack_tupleorigin 与reply问题 prerouting 在哪里 postrouting的代码在哪里 nf_conntrack_l3proto_ipv4_init 初始化的啥东西 链接跟踪正是在相应的函数中注册了相应的函数nf_conntrack_l3proto_ipv4_init函数 ipv4_conntrack_in -- 转载于:https://www.cnblogs.com/honpey/p/8454236.html
