По поводу "Linux Advanced Routing & Traffic Control HOWTO"
когда только поставил ось (несколько лет назад) я именно по этому мануалу и сделал через rc.local
все красиво работало до последнего обновления (где-то месяц назад, но я обновляю нерегулярно).
Так вот после обновления перестал нормально работать WGET, тоесть он стартует (закачка),
а потом скорость ниже-ниже-ниже и завис.
С этого я и начал копать именно через netplan.
===
Вот все настройки (адреса MAC и IPv6 я скрыл троеточием).
===
ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 2c:... brd ff:...
inet 192.168.1.21/24 brd 192.168.1.255 scope global eth2
valid_lft forever preferred_lft forever
inet6 fe80::.../64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 2c:... brd ff:...
inet 192.168.100.21/24 brd 192.168.100.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::.../64 scope link
valid_lft forever preferred_lft forever
===
ip route show table all
default via 192.168.100.1 dev eth1 table T_NET1 proto static
default via 192.168.1.1 dev eth2 table T_NET2 proto static
default via 192.168.100.1 dev eth1 proto static src 192.168.100.21 metric 10 onlink
default via 192.168.1.1 dev eth2 proto static src 192.168.1.21 metric 20 onlink
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.21
192.168.100.0/24 dev eth1 proto kernel scope link src 192.168.100.21
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev eth2 table local proto kernel scope link src 192.168.1.21
local 192.168.1.21 dev eth2 table local proto kernel scope host src 192.168.1.21
broadcast 192.168.1.255 dev eth2 table local proto kernel scope link src 192.168.1.21
broadcast 192.168.100.0 dev eth1 table local proto kernel scope link src 192.168.100.21
local 192.168.100.21 dev eth1 table local proto kernel scope host src 192.168.100.21
broadcast 192.168.100.255 dev eth1 table local proto kernel scope link src 192.168.100.21
local ::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
default proto ra metric 1024 mtu 1472
nexthop via fe80::1 dev eth1 weight 1
nexthop via fe80::1 dev eth2 weight 1
local ::1 dev lo table local proto kernel metric 0 pref medium
local fe80::2e4d:54ff:fe9e:1d11 dev eth1 table local proto kernel metric 0 pref medium
local fe80::2e4d:54ff:fe9e:1d12 dev eth2 table local proto kernel metric 0 pref medium
ff00::/8 dev eth2 table local proto kernel metric 256 pref medium
ff00::/8 dev eth1 table local proto kernel metric 256 pref medium
===
ip rule list
0: from all lookup local
31000: from 192.168.100.21 lookup T_NET1
32000: from 192.168.1.21 lookup T_NET2
32766: from all lookup main
32767: from all lookup default
===
sudo ss -l -p sport = ssh
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 0.0.0.0:ssh 0.0.0.0:* users:(("sshd",pid=1136,fd=3))
tcp LISTEN 0 128 [::]:ssh [::]:* users:(("sshd",pid=1136,fd=4))
===
sudo ss -l -p sport = domain
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 192.168.100.21:domain 0.0.0.0:* users:(("named",pid=956,fd=557),("named",pid=956,fd=556),("named",pid=956,fd=555),("named",pid=956,fd=554),("named",pid=956,fd=553),("named",pid=956,fd=552),("named",pid=956,fd=551),("named",pid=956,fd=550),("named",pid=956,fd=549),("named",pid=956,fd=548),("named",pid=956,fd=547))
udp UNCONN 0 0 192.168.1.21:domain 0.0.0.0:* users:(("named",pid=956,fd=544),("named",pid=956,fd=543),("named",pid=956,fd=542),("named",pid=956,fd=541),("named",pid=956,fd=540),("named",pid=956,fd=539),("named",pid=956,fd=538),("named",pid=956,fd=537),("named",pid=956,fd=536),("named",pid=956,fd=535),("named",pid=956,fd=534))
udp UNCONN 0 0 127.0.0.1:domain 0.0.0.0:* users:(("named",pid=956,fd=533),("named",pid=956,fd=532),("named",pid=956,fd=531),("named",pid=956,fd=530),("named",pid=956,fd=529),("named",pid=956,fd=528),("named",pid=956,fd=527),("named",pid=956,fd=526),("named",pid=956,fd=525),("named",pid=956,fd=524),("named",pid=956,fd=523))
udp UNCONN 0 0 127.0.0.53%lo:domain 0.0.0.0:* users:(("systemd-resolve",pid=831,fd=12))
udp UNCONN 0 0 [::]:domain [::]:* users:(("named",pid=956,fd=522),("named",pid=956,fd=521),("named",pid=956,fd=520),("named",pid=956,fd=519),("named",pid=956,fd=518),("named",pid=956,fd=517),("named",pid=956,fd=516),("named",pid=956,fd=515),("named",pid=956,fd=514),("named",pid=956,fd=513),("named",pid=956,fd=512))
tcp LISTEN 0 10 192.168.100.21:domain 0.0.0.0:* users:(("named",pid=956,fd=26))
tcp LISTEN 0 10 192.168.1.21:domain 0.0.0.0:* users:(("named",pid=956,fd=25))
tcp LISTEN 0 10 127.0.0.1:domain 0.0.0.0:* users:(("named",pid=956,fd=22))
tcp LISTEN 0 128 127.0.0.53%lo:domain 0.0.0.0:* users:(("systemd-resolve",pid=831,fd=13))
tcp LISTEN 0 10 [::]:domain [::]:* users:(("named",pid=956,fd=21))
===
sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
===
sudo iptables-save
# Generated by iptables-save v1.6.1 on Thu Sep 2 17:24:53 2021
*filter
:INPUT ACCEPT [58159:5524560]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [70623:157428598]
COMMIT
# Completed on Thu Sep 2 17:24:53 2021
===
Netplan config
network:
version: 2
renderer: networkd
ethernets:
eth1:
addresses: [192.168.100.21/24]
dhcp4: no
routes:
- to: 0.0.0.0/0 # основной маршрут по умолчанию для таблицы main
from: 192.168.100.21
via: 192.168.100.1
metric: 10
on-link: yes
- to: 0.0.0.0/0 # маршрут по умолчанию для таблицы T_NET2 (101)
via: 192.168.100.1
table: 101
routing-policy:
- from: 192.168.100.21
table: 101
priority: 31000
nameservers:
addresses: [127.0.0.1]
eth2:
addresses: [192.168.1.21/24]
dhcp4: no
routes:
- to: 0.0.0.0/0 # резервный маршрут по умолчанию для таблицы main
from: 192.168.1.21
via: 192.168.1.1
metric: 20
on-link: yes
- to: 0.0.0.0/0 # маршрут по умолчанию для таблицы T_NET1 (102)
via: 192.168.1.1
table: 102
routing-policy:
- from: 192.168.1.21
table: 102
priority: 32000
nameservers:
addresses: [127.0.0.1]