Jump to content

Выборочный роутинг с помощью ipset


Recommended Posts

Всем доброго дня. Пытаюсь сделать выборочный роутинг по инструкции https://keenetic-gi.ga/2018/01/16/selective-routing.html , но почему-то соединение просто висит. Не уверен что это поможет, но вот tcpdump с попыткой открыть https://linkedin.com

Spoiler

~ # tcpdump -i ovpn_br0 -vv
tcpdump: listening on ovpn_br0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:48:57.536119 IP (tos 0x0, ttl 127, id 12958, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.255.6.52157 > 13.107.42.14.https: Flags [S], cksum 0xdfa7 (correct), seq 925931686, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
08:48:57.691822 IP (tos 0x0, ttl 116, id 44032, offset 0, flags [DF], proto TCP (6), length 52)
    13.107.42.14.https > 192.168.255.6.52157: Flags [S.], cksum 0x362e (correct), seq 3198608920, ack 925931687, win 65535, options [mss 1358,nop,wscale 8,nop,nop,sackOK], length 0
08:48:57.695452 IP (tos 0x0, ttl 127, id 12959, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.255.6.52157 > 13.107.42.14.https: Flags [.], cksum 0x7499 (correct), seq 1, ack 1, win 514, length 0
08:48:57.698313 IP (tos 0x0, ttl 127, id 12960, offset 0, flags [DF], proto TCP (6), length 432)
    192.168.255.6.52157 > 13.107.42.14.https: Flags [P.], cksum 0xace8 (correct), seq 1:393, ack 1, win 514, length 392
08:48:57.853623 IP (tos 0x0, ttl 117, id 44033, offset 0, flags [DF], proto TCP (6), length 40)
    13.107.42.14.https > 192.168.255.6.52157: Flags [.], cksum 0x6d10 (correct), seq 1, ack 393, win 2051, length 0
08:48:57.854726 IP (tos 0x0, ttl 117, id 44034, offset 0, flags [DF], proto TCP (6), length 1398)
    13.107.42.14.https > 192.168.255.6.52157: Flags [.], cksum 0xcfcc (correct), seq 1:1359, ack 393, win 2051, length 1358
08:48:57.855144 IP (tos 0x0, ttl 117, id 44035, offset 0, flags [DF], proto TCP (6), length 1398)
    13.107.42.14.https > 192.168.255.6.52157: Flags [.], cksum 0xe2c1 (correct), seq 1359:2717, ack 393, win 2051, length 1358
08:48:57.855485 IP (tos 0x0, ttl 117, id 44036, offset 0, flags [DF], proto TCP (6), length 1038)
    13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xcdf8 (correct), seq 2717:3715, ack 393, win 2051, length 998
08:48:57.858017 IP (tos 0x0, ttl 127, id 12961, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.255.6.52157 > 13.107.42.14.https: Flags [.], cksum 0x6880 (correct), seq 393, ack 2717, win 503, length 0
08:48:57.858097 IP (tos 0x0, ttl 127, id 12962, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.255.6.52157 > 13.107.42.14.https: Flags [.], cksum 0x6875 (correct), seq 393, ack 2717, win 514, length 0
08:48:57.875542 IP (tos 0x0, ttl 127, id 12963, offset 0, flags [DF], proto TCP (6), length 198)
    192.168.255.6.52157 > 13.107.42.14.https: Flags [P.], cksum 0xc2c3 (correct), seq 393:551, ack 3715, win 510, length 158
08:48:58.030963 IP (tos 0x0, ttl 117, id 44037, offset 0, flags [DF], proto TCP (6), length 40)
    13.107.42.14.https > 192.168.255.6.52157: Flags [.], cksum 0x5df1 (correct), seq 3715, ack 551, win 2050, length 0
08:48:58.032235 IP (tos 0x0, ttl 117, id 44038, offset 0, flags [DF], proto TCP (6), length 91)
    13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51
08:48:58.380668 IP (tos 0x0, ttl 116, id 44039, offset 0, flags [DF], proto TCP (6), length 91)
    13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51
08:48:58.740483 IP (tos 0x0, ttl 117, id 44040, offset 0, flags [DF], proto TCP (6), length 91)
    13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51
08:48:59.439163 IP (tos 0x0, ttl 117, id 44041, offset 0, flags [DF], proto TCP (6), length 91)
    13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51
08:49:00.835664 IP (tos 0x0, ttl 117, id 44042, offset 0, flags [DF], proto TCP (6), length 91)
    13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51
08:49:02.765293 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 13.107.42.14 tell 192.168.255.6, length 28
08:49:02.765332 ARP, Ethernet (len 6), IPv4 (len 4), Reply 13.107.42.14 is-at de:72:0d:a2:a8:0e (oui Unknown), length 28
08:49:03.628367 IP (tos 0x0, ttl 117, id 44043, offset 0, flags [DF], proto TCP (6), length 91)
    13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51
08:49:09.212746 IP (tos 0x0, ttl 117, id 44044, offset 0, flags [DF], proto TCP (6), length 91)
    13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51

 

Если задать прямой маршрут ip route add 13.107.42.14 dev ovpn_br0, то всё работает, но через ipset ни в какую не хочет. Подскажите, куда можно подсмотреть чтобы понять в чём проблема?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...