| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
舉例說明該算法。
例:給定一 class c address : 192.168.5.0 ,要求劃分20個子網,每個子網5個主機。
解:因為4 <5 < 8 ,用256-8=248 ---->即是所求的子網掩碼,對應的子網數也就出來了。這是針對C類地址。
針對B類地址的做法。對於B類地址,假如主機數小於或等於254,與C類地址算法相同。對於主機數大於254的,如需主機 700台,50個子網(相當大了),512 < 700< 1024
256-(1024/256)=256-4=252 ---->即是所求的子網掩碼,對應的子網數也就出來了。上面256-4中的4(2的2次冪)是指主機數用2進製表示時超過8位的位數,即超過2位,掩碼為剩餘的前6位,即子網數為2(6)-2=62個。
Append :Host/Subnet Quantities Table ---------------------------------------------------------------------- Class A Effective Effective # bits Mask Subnets Hosts ------- --------------- --------- --------- 2 255.192.0.0 2 4194302 3 255.224.0.0 6 2097150 4 255.240.0.0 14 1048574 5 255.248.0.0 30 524286 6 255.252.0.0 62 262142 7 255.254.0.0 126 131070 8 255.255.0.0 254 65536 9 255.255.128.0 510 32766 10 255.255.192.0 1022 16382 11 255.255.224.0 2046 8190 12 255.255.240.0 4094 4094 13 255.255.248.0 8190 2046 14 255.255.252.0 16382 1022 15 255.255.254.0 32766 510 16 255.255.255.0 65536 254 17 255.255.255.128 131070 126 18 255.255.255.192 262142 62 19 255.255.255.224 524286 30 20 255.255.255.240 1048574 14 21 255.255.255.248 2097150 6 22 255.255.255.252 4194302 2 Class B Effective Effective # bits Mask Subnets Hosts ------- --------------- --------- --------- 2 255.255.192.0 2 16382 3 255.255.224.0 6 8190 4 255.255.240.0 14 4094 5 255.255.248.0 30 2046 6 255.255.252.0 62 1022 7 255.255.254.0 126 510 8 255.255.255.0 254 254 9 255.255.255.128 510 126 10 255.255.255.192 1022 62 11 255.255.255.224 2046 30 12 255.255.255.240 4094 14 13 255.255.255.248 8190 6 14 255.255.255.252 16382 2 Class C Effective Effective # bits Mask Subnets Hosts ------- --------------- --------- --------- 2 255.255.255.192 2 62 3 255.255.255.224 6 30 4 255.255.255.240 14 14 5 255.255.255.248 30 6 6 255.255.255.252 62 2 *Subnet all zeroes and all ones excluded. *Host all zeroes and all ones excluded.
子網掩碼快速算法 大家都應該知道2的x次方值吧?下面是2的0次到10次方的計算值分別是: 1 2 4 8 16 32 64 128 256 512 1024。 實例 如果你希望每個子網中只有5個ip地址可以給機器用,那麼你就最少需要準備給每個子網7個ip位址,因為需要加上兩頭的不可用的網絡和廣播ip,所以你需要選比7多的最近的那位,也就是8,就是說選每個子網8個ip。到這一步,你就可以算屏蔽了。 這個方法就是:最後一位屏蔽就是256減去你每個子網所需要的ip位元址的數量,那麼這個例子就是256-8=248,那麼算出這個,你就可以知道那些ip是不能用的了, 依此類推:0-7,8-15,16-23,24-31,……,寫在上面的0、7、8、15、16、23、24、31……都是不能用的,你應該用某兩個數字之間的IP,那個就是一個子網可用的IP。 再試驗一下,就拿200台機器分成4個子網來做例子吧。 200台機器,4個子網,那麼就是每個子網50台機器,設定為192.168.10.0,C類的IP,大子網掩碼應為255.255.255.0,對吧,但是我們要分子網,所以按照上面的,我們用32個IP一個子網內不夠,應該每個子網用64個IP(其中62位可用,足夠了吧),然後用我的辦法:子網掩碼應該是256-64=192,那麼總的子網掩碼應該為:255.255.255.192。不相信?算算:0-63,64-127,128-191,192-255,這樣你就可以把四個區域分別設定到四個子網的機器上了。
# iptab +----------------------------------------------+ | addrs bits pref class mask | +----------------------------------------------+ | 1 0 /32 255.255.255.255 | | 2 1 /31 255.255.255.254 | | 4 2 /30 255.255.255.252 | | 8 3 /29 255.255.255.248 | | 16 4 /28 255.255.255.240 | | 32 5 /27 255.255.255.224 | | 64 6 /26 255.255.255.192 | | 128 7 /25 255.255.255.128 | | 256 8 /24 1C 255.255.255.0 | | 512 9 /23 2C 255.255.254.0 | | 1K 10 /22 4C 255.255.252.0 | | 2K 11 /21 8C 255.255.248.0 | | 4K 12 /20 16C 255.255.240.0 | | 8K 13 /19 32C 255.255.224.0 | | 16K 14 /18 64C 255.255.192.0 | | 32K 15 /17 128C 255.255.128.0 | | 64K 16 /16 1B 255.255.0.0 | | 128K 17 /15 2B 255.254.0.0 | | 256K 18 /14 4B 255.252.0.0 | | 512K 19 /13 8B 255.248.0.0 | | 1M 20 /12 16B 255.240.0.0 | | 2M 21 /11 32B 255.224.0.0 | | 4M 22 /10 64B 255.192.0.0 | | 8M 23 /9 128B 255.128.0.0 | | 16M 24 /8 1A 255.0.0.0 | | 32M 25 /7 2A 254.0.0.0 | | 64M 26 /6 4A 252.0.0.0 | | 128M 27 /5 8A 248.0.0.0 | | 256M 28 /4 16A 240.0.0.0 | | 512M 29 /3 32A 224.0.0.0 | | 1024M 30 /2 64A 192.0.0.0 | | 2048M 31 /1 128A 128.0.0.0 | | 4096M 32 /0 256A 0.0.0.0 | +----------------------------------------------+
$ sudo apt-get install netmask
-s, --standard Output address/netmask pairs
$ netmask -s 192.168.1.0/28
192.168.1.0/255.255.255.240
$ netmask -s 192.168.1.0/24
192.168.1.0/255.255.255.0
$ netmask -s 192.168.1.0/24
192.168.1.0/255.255.255.0
$ netmask -s 192.168.1.0/26
192.168.1.0/255.255.255.192
[root@netkiller src]# netmask -s 11.111.195.211/27
11.111.195.192/255.255.255.224
-c, --cidr Output CIDR format address lists
$ netmask -c 192.168.1.0/255.255.255.252
192.168.1.0/30
$ netmask -c 192.168.1.0/255.255.255.192
192.168.1.0/26
$ netmask -c 192.168.1.0/255.255.255.240
192.168.1.0/28
-i, --cisco Output Cisco style address lists 思科風格的反子網掩碼計算
$ netmask -i 192.168.1.0/255.255.255.0
192.168.1.0 0.0.0.255
$ netmask -i 192.168.1.0/255.255.255.252
192.168.1.0 0.0.0.3
$ netmask -i 192.168.1.0/24
192.168.1.0 0.0.0.255
$ netmask -i 192.168.1.0/28
192.168.1.0 0.0.0.15
-r, --range Output ip address ranges 輸出地址範圍
計算子網掩碼位數
[root@netkiller src]# netmask 11.111.195.211/255.255.255.224 11.111.195.192/27
$ netmask -r 192.168.1.0/255.255.255.0
192.168.1.0-192.168.1.255 (256)
$ netmask -r 192.168.1.0/255.255.255.192
192.168.1.0-192.168.1.63 (64)
$ netmask -r 192.168.1.0/255.255.255.252
192.168.1.0-192.168.1.3 (4)
$ netmask -r 192.168.1.0/28
192.168.1.0-192.168.1.15 (16)
$ netmask -r 192.168.1.0/24
192.168.1.0-192.168.1.255 (256)
$ netmask -r 192.168.1.0/255.255.255.252
192.168.1.0-192.168.1.3 (4)
$ netmask -r 192.168.1.2/255.255.255.252
192.168.1.0-192.168.1.3 (4)
$ netmask -r 192.168.1.6/255.255.255.252
192.168.1.4-192.168.1.7 (4)
$ netmask -r 192.168.1.12/255.255.255.252
192.168.1.12-192.168.1.15 (4)
$ netmask -r 192.168.1.13/255.255.255.252
192.168.1.12-192.168.1.15 (4)
$ netmask -r 192.168.1.100/255.255.255.252
192.168.1.100-192.168.1.103 (4)
$ netmask -r 192.168.1.100/255.255.255.240
192.168.1.96-192.168.1.111 (16)
$ netmask -r 192.168.1.50/255.255.255.240
192.168.1.48-192.168.1.63 (16)
-b, --binary Output address/netmask pairs in binary 二進制
$ netmask -b 192.168.1.0/255.255.255.240 11000000 10101000 00000001 00000000 / 11111111 11111111 11111111 11110000 $ netmask -b 172.16.0.0/255.255.252.0 10101100 00010000 00000000 00000000 / 11111111 11111111 11111100 00000000
display (all) hosts in alternative (BSD) style
[root@dev2 ~]# arp -a ? (192.168.3.253) at 00:1D:0F:82:05:DC [ether] on eth0 ? (192.168.3.48) at 00:25:64:9A:D7:CC [ether] on eth0 ? (192.168.3.101) at 00:25:64:A3:65:93 [ether] on eth0 nis.example.com (192.168.3.5) at 00:25:64:9A:D7:E0 [ether] on eth0 ? (192.168.3.1) at 00:0F:E2:71:8E:FB [ether] on eth0 ? (192.168.3.153) at B8:AC:6F:25:D2:2E [ether] on eth0
display (all) hosts in default (Linux) style
[root@dev2 ~]# arp -e Address HWtype HWaddress Flags Mask Iface 192.168.3.48 ether 00:25:64:9A:D7:CC C eth0 192.168.3.101 ether 00:25:64:A3:65:93 C eth0 nis.example.com ether 00:25:64:9A:D7:E0 C eth0 192.168.3.1 ether 00:0F:E2:71:8E:FB C eth0 10.0.0.1 ether 00:1F:12:55:A9:02 C eth0 192.168.3.153 ether B8:AC:6F:25:D2:2E C eth0
don't resolve names
[root@dev2 ~]# arp -a -n ? (192.168.3.253) at 00:1D:0F:82:05:DC [ether] on eth0 ? (192.168.3.48) at 00:25:64:9A:D7:CC [ether] on eth0 ? (192.168.3.101) at 00:25:64:A3:65:93 [ether] on eth0 ? (192.168.3.5) at 00:25:64:9A:D7:E0 [ether] on eth0 ? (192.168.3.1) at 00:0F:E2:71:8E:FB [ether] on eth0 ? (192.168.3.153) at B8:AC:6F:25:D2:2E [ether] on eth0
[root@dev2 ~]# arp -d 192.168.3.101 [root@dev2 ~]# arp -i eth1 -d 10.0.0.1
[root@dev2 ~]# cat /proc/net/arp IP address HW type Flags HW address Mask Device 192.168.3.48 0x1 0x2 00:25:64:9A:D7:CC * eth0 192.168.3.101 0x1 0x2 00:1E:7A:E0:47:40 * eth0 192.168.3.5 0x1 0x2 00:25:64:9A:D7:E0 * eth0 192.168.3.1 0x1 0x2 00:0F:E2:71:8E:FB * eth0 192.168.3.153 0x1 0x2 B8:AC:6F:25:D2:2E * eth0
add 增加路由 del 刪除路由 via 網關出口 IP地址 dev 網關出口 物理設備名
ip route add 192.168.0.0/24 via 192.168.0.1 ip route add 192.168.1.1 dev 192.168.0.1
[root@router ~]# ip route 192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.47 192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.47 default via 192.168.3.1 dev eth0 [root@router ~]# ip route change default via 192.168.5.1 dev eth0 [root@router ~]# ip route list 192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.47 192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.47 default via 192.168.5.1 dev eth0
比如我們的LINUX有3個網卡 eth0: 192.168.1.1 (區域網路) eth1: 172.17.1.2 (default gw=172.17.1.1,可以上INTERNET) eth2: 192.168.10.2 (連接第二路由192.168.10.1,也可以上INTERNET) 實現兩個目的 1、讓192.168.1.66從第二路由上網,其他人走預設路由 2、讓所有人訪問192.168.1.1的FTP時,轉到192.168.10.96上 配置方法: vi /etc/iproute2/rt_tables # # reserved values # 255 local 254 main 253 default 100 ROUTE2 # ip route default via 172.17.1.1 dev eth1 # ip route default via 192.168.10.1 dev eth2 table ROUTE2 # ip rule add from 192.168.1.66 pref 1001 table ROUTE2 # ip rule add to 192.168.10.96 pref 1002 table ROUTE2 # echo 1 >; /proc/sys/net/ipv4/ip_forward # iptables -t nat -A POSTROUTING -j MASQUERADE # iptables -t nat -A PREROUTING -d 192.168.1.1 -p tcp --dport 21 -j DNAT --to 192.168.10.96 # ip route flush cache
http://phorum.study-area.org/viewtopic.php?t=10085
引用:# 對外網卡
EXT_IF="eth0"
# HiNet IP
EXT_IP1="111.111.111.111"
EXT_MASK1="24"
GW1="111.111.111.1"
# SeedNet IP
EXT_IP2="222.222.222.222"
EXT_MASK2="24"
GW2="222.222.222.1"
# ?#93;定 ip
ip addr add $EXT_IP1/$EXT_MASK1 dev $EXT_IF
ip addr add $EXT_IP2/$EXT_MASK2 dev $EXT_IF
# ?#93;定 HiNet routing
ip rule add to $EXT_IP1/$EXT_MASK1 lookup 201
ip route add default via $GW1 dev $EXT_IF table 201
# ?#93;定 SeedNet routing
ip rule add to $EXT_IP2/$EXT_MASK2 lookup 202
ip route add default via $GW2 dev $EXT_IF table 202
# ?#93;定 Default route
ip route replace default equalize \
nexthop via $GW1 dev $EXT_IF \
nexthop via $GW2 dev $EXT_IF
# 清除 route cache
ip route flush cache
它這裡的ip rule也是這麼使用的
ip route add default scope global nexthop dev ppp0 nexthop dev ppp1
neo@debian:~$ sudo ip route add default scope global nexthop via 192.168.3.1 dev eth0 weight 1 \
nexthop via 192.168.5.1 dev eth2 weight 1
neo@debian:~$ sudo ip route
192.168.5.0/24 dev eth1 proto kernel scope link src 192.168.5.9
192.168.4.0/24 dev eth0 proto kernel scope link src 192.168.4.9
192.168.3.0/24 dev eth0 proto kernel scope link src 192.168.3.9
172.16.0.0/24 dev eth2 proto kernel scope link src 172.16.0.254
default
nexthop via 192.168.3.1 dev eth0 weight 1
nexthop via 192.168.5.1 dev eth1 weight 1
ip route add default scope global nexthop via $P1 dev $IF1 weight 1 \ nexthop via $P2 dev $IF2 weight 1
iptables–tnat–APOSTROUTING–d192.168.1.0/24–s0/0–oppp0–jMASQUERD iptables–tnat–APOSTROUTING–s192.168.1.0/24-jSNAT–to202.103.224.58 iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
#ip route add via ppp0 dev eth0 #ip route add via 202.103.224.58 dev eth0
ipip 是IP隧道模組
過程 13.1. ip tunnel IP隧道配置步驟
server 1
modprobe ipip ip tunnel add mytun mode ipip remote 220.201.35.11 local 211.100.37.167 ttl 255 ifconfig mytun 10.42.1.1 route add -net 10.42.1.0/24 dev mytun
server 2
modprobe ipip ip tunnel add mytun mode ipip remote 211.100.37.167 local 220.201.35.11 ttl 255 ifconfig mytun 10.42.1.2 route add -net 10.42.1.0/24 dev mytun
nat
/sbin/iptables -t nat -A POSTROUTING -s 10.42.1.0/24 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -s 211.100.37.0/24 -j MASQUERADE
刪除路由表
route del -net 10.42.1.0/24 dev mytun
修改IP隧道的IP
ifconfig mytun 10.10.10.220 route add -net 10.10.10.0/24 dev mytun
ip 偽裝
/sbin/iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j MASQUERADE
首先需確保加載了內核模組 802.1q
[root@development ~]# lsmod | grep 8021q [root@development ~]# modprobe 8021q
加載後會生成目錄/proc/net/vlan
[root@development ~]# cat /proc/net/vlan/config VLAN Dev name | VLAN ID Name-Type: VLAN_NAME_TYPE_RAW_PLUS_VID_NO_PAD