How to redirect specific outgoing packet from one physical interface to another one in Linux?
In the linux bridge br100 of 1 linux host, vnet0 is the interface connecting 1 internal linux VM.
br100 is 1 linux bridge, which has 3 IP addresses:
10.11.13.1/24 is the GW of linux VM (the VM has internal address 10.11.13.2/24 in VM)
192.168.57.102/24 is the bridge local address connecting to remote port 192.168.57.1/24 via physical interface eth1.
192.168.57.225/32 is the external IP address of VM internal address 10.11.13.2/24, which is realized by floating IP of openstack.
The printout is as below: (only essential info is shown)
# ip addr
2: eth0: 10.0.1.15/24
3: eth1:
5: br100:
inet 10.11.13.1/24 brd 10.11.13.255 scope global br100
inet 192.168.57.102/24 brd 192.168.57.255 scope global br100
inet 192.168.57.225/32 scope global br100
6: vnet0:
7: virbr0:
# brctl show
bridge name bridge id STP enabled interfaces
br100 8000.0800270c1456 no eth1
vnet0
virbr0 8000.000000000000 yes
Now only outgoing packets via eth0 can connect to the internet.
By using what method can I make packets with public address destination sent from linux VM to be sent via eth1 interface rather than eth0 interface,considering that the bridge br100 connects to physical interface eth1? Now the packet doesn't go out of eth1 , nor eth0 even if the default route is via eth0.
Note the default route is via eth0, but the thing is NOT about route, it's about how to forward the outgoing packets from eth1 to eth0 since the bridge doesn't connect to eth0.
Is iptables or policy routing feasible to realize it?
Вы должны настроить NAT на iptables. Попробуйте следующее:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
Если это сработает, вы должны установить эти правила постоянными, потому что после перезагрузки они будут удалены. Если нет, вы должны настроить правила NAT в соответствии со своими требованиями.