当前位置:网站首页>The correct way to set the bypass route
The correct way to set the bypass route
2022-07-01 21:56:00 【Full stack programmer webmaster】
Hello everyone , I meet you again , I'm your friend, Quan Jun .
Recently, I'm playing side route , Stepped on some pits , I also learned some related knowledge , Specially arrange and record .
One 、 Configuration of side route
The above figure shows the connection mode of side route , Generally, there is only one side route LAN mouth , Think of it as an ordinary computer connected to a router . Let them ip In one network segment , For example, the main routing gateway 192.168.3.1, The side route is configured as 192.168.3.2
1. Primary route configuration :DHCP In the configuration, the gateway and DNS Change to side route ip Address , Such as 192.168.3.2.
2. Side route configuration : close DHCP, Change the gateway to the main routing address , Such as 192.168.3.1, Turn off bridging mode , What other subnet masks , Don't say the broadcast address .
explain : Others turn off the main route dhcp, Turn on the side route dhcp, Personally, this practice is not recommended , although dhcp Just one. ip distributor , The difference is only who distributes ip The problem of , But we use side routing , I want to minimize the impact on the main route . After the above configuration , After the bypass route is removed or there is a problem with the bypass route , Just change the main route dhcp gateway , Just restart , Very convenient .
After this configuration , The network traffic is shown in the figure below :
Scientific flow is processed , Will be carried out in nat, In this way, both uplink and downlink will follow the bypass route for encryption and decryption .
Ordinary traffic is just forwarded by the upstream route ,ip Will not change ; When going down, the main route is found ip Bag is a computer , Will send it directly .
It is perfect to deal with it in this way , Side route only encrypts and decrypts scientific traffic , But some routers are configured like this , Domestic traffic is not available online , Only foreign ones are ok , You must configure a firewall rule .
iptables -t nat -I POSTROUTING -j MASQUERADE
Why is that ?
Huawei usually has problems , millet ,360 Wait for the main router ( I found that they all have a common feature - Can't configure dhcp gateway ), The essential reason is , These routers will verify packets ip and mac Correspondence of address . When the uplink of domestic packets is forwarded to the main route through the side route , The primary route finds packets sent by the secondary route ip Not its own , Check failed , So the road of ordinary traffic in the figure is blocked .
Then add firewall rules. Why is it ok , The above rule means to execute SNAT function , The source of the packet ip Change to the current machine , That is, by-pass ip, But also dynamic change ( Prevent side routing ip It's dynamic ?). After this configuration , The network traffic becomes the following figure :
In this way, the bypass router is actually a secondary router without routing function , You will find that when you are downloading at a high speed, such as Xunlei, there is a side route cpu Will be abnormally high , All for nat 了 , Not the purpose of the original bypass – Only encrypt and decrypt scientific traffic .
Another setting method is not to add firewall rules , Add one to the side route wan mouth , Share one etho so , In this way, I understand that it is actually single arm routing ? In fact, it's similar to the above .
It's easy to check whether the correct method is set
1. Watch it when Xunlei waits for high-speed download cpu Is the occupation very high
2. A more reliable one , Look at the upstream and downstream traffic , If configured correctly , The uplink of the side route is greater than the downlink , If the top and bottom are the same and the data flow is large ( It is obvious when downloading at high speed ), There is a problem with the configuration .
This is the download speed :
Correctly configured uplink and downlink speeds and cpu Occupy :
Misconfigured uplink and downlink speeds and cpu Occupy :
3. The most reliable thing is to go to the main route to see the information of networked devices , You will find the device ip It's computer. , however mac The address is soft routed
Of course , If the main route used is Huawei 、 millet 、360 etc. , There's no way , You can only add firewall rules or wan mouth , use nat The way to avoid its inspection ( In this way, it is better to make secondary routing time-saving and worry saving ), Or change the main router .
Publisher : Full stack programmer stack length , Reprint please indicate the source :https://javaforall.cn/130484.html Link to the original text :https://javaforall.cn
边栏推荐
猜你喜欢
随机推荐
NIO与传统IO的区别
天气预报小程序源码 天气类微信小程序源码
CNN卷积神经网络原理讲解+图片识别应用(附源码)[通俗易懂]
二叉树的基本操作
名单揭晓 | 2021年度中国杰出知识产权服务团队
股票手机开户哪个app好,安全性较高的
统计字符中每个字符出现的个数
One of the basic learning of function
BPR(贝叶斯个性化排序)
Electron学习(三)之简单交互操作
[deep learning] use deep learning to monitor your girlfriend's wechat chat?
[live broadcast review] the first 8 live broadcasts of battle code Pioneer have come to a perfect end. Please look forward to the next one!
杰理之烧录都使用 VBAT 供电,供电电压 4.2V【篇】
【直播回顾】战码先锋首期8节直播完美落幕,下期敬请期待!
浏览器tab页之间的通信
MySQL数据库驱动(JDBC Driver)jar包下载
以飞地园区为样本,看雨花与韶山如何奏响长株潭一体化发展高歌
PCB线路板塞孔工艺的那些事儿~
杰理之关于长按开机检测抬起问题【篇】
东哥套现,大佬隐退?