helcoder Posted December 16, 2020 Share Posted December 16, 2020 Всем доброго дня. Пытаюсь сделать выборочный роутинг по инструкции https://keenetic-gi.ga/2018/01/16/selective-routing.html , но почему-то соединение просто висит. Не уверен что это поможет, но вот tcpdump с попыткой открыть https://linkedin.com Spoiler ~ # tcpdump -i ovpn_br0 -vv tcpdump: listening on ovpn_br0, link-type EN10MB (Ethernet), capture size 262144 bytes 08:48:57.536119 IP (tos 0x0, ttl 127, id 12958, offset 0, flags [DF], proto TCP (6), length 52) 192.168.255.6.52157 > 13.107.42.14.https: Flags [S], cksum 0xdfa7 (correct), seq 925931686, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 08:48:57.691822 IP (tos 0x0, ttl 116, id 44032, offset 0, flags [DF], proto TCP (6), length 52) 13.107.42.14.https > 192.168.255.6.52157: Flags [S.], cksum 0x362e (correct), seq 3198608920, ack 925931687, win 65535, options [mss 1358,nop,wscale 8,nop,nop,sackOK], length 0 08:48:57.695452 IP (tos 0x0, ttl 127, id 12959, offset 0, flags [DF], proto TCP (6), length 40) 192.168.255.6.52157 > 13.107.42.14.https: Flags [.], cksum 0x7499 (correct), seq 1, ack 1, win 514, length 0 08:48:57.698313 IP (tos 0x0, ttl 127, id 12960, offset 0, flags [DF], proto TCP (6), length 432) 192.168.255.6.52157 > 13.107.42.14.https: Flags [P.], cksum 0xace8 (correct), seq 1:393, ack 1, win 514, length 392 08:48:57.853623 IP (tos 0x0, ttl 117, id 44033, offset 0, flags [DF], proto TCP (6), length 40) 13.107.42.14.https > 192.168.255.6.52157: Flags [.], cksum 0x6d10 (correct), seq 1, ack 393, win 2051, length 0 08:48:57.854726 IP (tos 0x0, ttl 117, id 44034, offset 0, flags [DF], proto TCP (6), length 1398) 13.107.42.14.https > 192.168.255.6.52157: Flags [.], cksum 0xcfcc (correct), seq 1:1359, ack 393, win 2051, length 1358 08:48:57.855144 IP (tos 0x0, ttl 117, id 44035, offset 0, flags [DF], proto TCP (6), length 1398) 13.107.42.14.https > 192.168.255.6.52157: Flags [.], cksum 0xe2c1 (correct), seq 1359:2717, ack 393, win 2051, length 1358 08:48:57.855485 IP (tos 0x0, ttl 117, id 44036, offset 0, flags [DF], proto TCP (6), length 1038) 13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xcdf8 (correct), seq 2717:3715, ack 393, win 2051, length 998 08:48:57.858017 IP (tos 0x0, ttl 127, id 12961, offset 0, flags [DF], proto TCP (6), length 40) 192.168.255.6.52157 > 13.107.42.14.https: Flags [.], cksum 0x6880 (correct), seq 393, ack 2717, win 503, length 0 08:48:57.858097 IP (tos 0x0, ttl 127, id 12962, offset 0, flags [DF], proto TCP (6), length 40) 192.168.255.6.52157 > 13.107.42.14.https: Flags [.], cksum 0x6875 (correct), seq 393, ack 2717, win 514, length 0 08:48:57.875542 IP (tos 0x0, ttl 127, id 12963, offset 0, flags [DF], proto TCP (6), length 198) 192.168.255.6.52157 > 13.107.42.14.https: Flags [P.], cksum 0xc2c3 (correct), seq 393:551, ack 3715, win 510, length 158 08:48:58.030963 IP (tos 0x0, ttl 117, id 44037, offset 0, flags [DF], proto TCP (6), length 40) 13.107.42.14.https > 192.168.255.6.52157: Flags [.], cksum 0x5df1 (correct), seq 3715, ack 551, win 2050, length 0 08:48:58.032235 IP (tos 0x0, ttl 117, id 44038, offset 0, flags [DF], proto TCP (6), length 91) 13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51 08:48:58.380668 IP (tos 0x0, ttl 116, id 44039, offset 0, flags [DF], proto TCP (6), length 91) 13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51 08:48:58.740483 IP (tos 0x0, ttl 117, id 44040, offset 0, flags [DF], proto TCP (6), length 91) 13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51 08:48:59.439163 IP (tos 0x0, ttl 117, id 44041, offset 0, flags [DF], proto TCP (6), length 91) 13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51 08:49:00.835664 IP (tos 0x0, ttl 117, id 44042, offset 0, flags [DF], proto TCP (6), length 91) 13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51 08:49:02.765293 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 13.107.42.14 tell 192.168.255.6, length 28 08:49:02.765332 ARP, Ethernet (len 6), IPv4 (len 4), Reply 13.107.42.14 is-at de:72:0d:a2:a8:0e (oui Unknown), length 28 08:49:03.628367 IP (tos 0x0, ttl 117, id 44043, offset 0, flags [DF], proto TCP (6), length 91) 13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51 08:49:09.212746 IP (tos 0x0, ttl 117, id 44044, offset 0, flags [DF], proto TCP (6), length 91) 13.107.42.14.https > 192.168.255.6.52157: Flags [P.], cksum 0xa6bc (correct), seq 3715:3766, ack 551, win 2050, length 51 Если задать прямой маршрут ip route add 13.107.42.14 dev ovpn_br0, то всё работает, но через ipset ни в какую не хочет. Подскажите, куда можно подсмотреть чтобы понять в чём проблема? Quote Link to comment Share on other sites More sharing options...
helcoder Posted December 24, 2020 Author Share Posted December 24, 2020 Удалось найти ответ на свой вопрос тут. Оказывается проблема в fastnat. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.