server：CentOS5.8

 

ip：172.16.8.11 Gateway：172.16.8.1

ip：10.120.6.78 Gateway：10.120.6.1

网卡配置：

eth0 point：[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0# Intel Corporation 82576 Gigabit Network ConnectionDEVICE=eth0BOOTPROTO=noneHWADDR=80:FB:06:B0:F3:CEONBOOT=yesIPADDR=172.16.8.11NETMASK=255.255.255.0GATEWAY=172.16.8.1TYPE=Ethernetech1 point：[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1DEVICE=eth1BOOTPROTO=noneHWADDR=80:FB:06:B0:F3:CFONBOOT=yesHOTPLUG=noIPADDR=10.120.6.78NETMASK=255.255.254.0

打开转发：

[root@localhost ~]# echo 1 > /proc/sys/net/ipv4/ip_forward 不知道这一步是不是有必要我临时打开了。

配置路由表：

[root@localhost ~]# cat /etc/iproute2/rt_tables # reserved values255     local254     main253     default252     net0251     net10       unspec## local##1      inr.ruhep[root@localhost ~]#

使用ip route添加默认路由：

ip route add 127.0.0.0/8 dev lo table net1ip route add default via 172.16.8.1 dev eth0 src 172.16.8.11 table net1ip rule add from 172.16.8.11 table net1ip route add 127.0.0.0/8 dev lo table net0ip route add default via 10.120.6.1 dev eth1 src 10.120.6.78 table net0ip rule add from 10.120.6.78 table net0ip route flush table net1ip route flush table net0

 

注意测试的时候指定源地址：

 

[root@localhost ~]# ping -I 172.16.8.11 www.baidu.comPING www.a.shifen.com (220.181.111.188) from 172.16.8.11 : 56(84) bytes of data.64 bytes from 220.181.111.188: icmp_seq=1 ttl=52 time=8.69 ms64 bytes from 220.181.111.188: icmp_seq=2 ttl=52 time=8.57 ms--- www.a.shifen.com ping statistics ---2 packets transmitted, 2 received, 0% packet loss, time 999msrtt min/avg/max/mdev = 8.575/8.636/8.698/0.111 ms[root@localhost ~]#++++++++++++++++++++++++++++++++++++++++++++++++++[root@localhost ~]# ping -I 10.120.6.78 10.11.240.22PING 10.11.240.22 (10.11.240.22) from 10.120.6.78 : 56(84) bytes of data.64 bytes from 10.11.240.22: icmp_seq=1 ttl=251 time=10.9 ms64 bytes from 10.11.240.22: icmp_seq=2 ttl=251 time=10.6 ms64 bytes from 10.11.240.22: icmp_seq=3 ttl=251 time=10.6 ms64 bytes from 10.11.240.22: icmp_seq=4 ttl=251 time=10.7 ms64 bytes from 10.11.240.22: icmp_seq=5 ttl=251 time=10.8 ms64 bytes from 10.11.240.22: icmp_seq=6 ttl=251 time=10.5 ms64 bytes from 10.11.240.22: icmp_seq=7 ttl=251 time=10.6 ms--- 10.11.240.22 ping statistics ---7 packets transmitted, 7 received, 0% packet loss, time 6002msrtt min/avg/max/mdev = 10.525/10.727/10.910/0.172 ms[root@localhost ~]#

PS：10.11.240.22 是我们的ipsec对端，是能够通过10.120.6.78 访问的。