桥接就是把一台机器上的若干个网络接口连接起来,其结果是,其中一个网卡 收到的报文会被复制给其他网卡发送出去。以使得网口之间的报文能够互相转 发。

1.创建一个桥接设备和会话

[root@localhost ~]# nmcli c add type bridge con-name br1 ifname br1
 ipv4.addresses 192.168.179.122/24 
ipv4.gateway 192.168.179.2 
ipv4.dns 114.114.114.114 ipv4.method manual

2.添加会话到桥接设备

[root@localhost ~]# nmcli c add type bridge-slave con-name br1-port1 
ifname ens160 master br1
[root@localhost ~]# nmcli c add type bridge-slave con-name br1-port2 
ifname ens224 master br1

3.启用设备,先启用slave,然后启用master(bridge)

[root@localhost ~]# nmcli c up br1-port1
[root@localhost ~]# nmcli c up br1-port2
[root@localhost ~]# nmcli c up br1

4.查看网络连接状态

[root@localhost ~]# nmcli c show
NAME       UUID                                  TYPE      DEVICE 
br1        732e51d5-6ec4-4a27-acdd-a723d68d7ec3  bridge    br1    
br1-port1  2d300655-a746-4636-bd8d-bfe6b45bdce5  ethernet  ens160 
br1-port2  5e3819dc-7ce5-4dfa-83f4-d892a76680bc  ethernet  ens224 
ens160     d28cfa05-03c6-449b-975b-6fe3f4672cd6  ethernet  --     
rhce       74e098f7-4c7d-4401-93f2-4b156cfce63d  ethernet  --     

[root@localhost ~]# ifconfig
br1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.179.122  netmask 255.255.255.0  broadcast 192.168.179.255
        inet6 fe80::e6e8:a065:11e9:8942  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:bd:80:47  txqueuelen 1000  (Ethernet)
        RX packets 170  bytes 36007 (35.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 71  bytes 7898 (7.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:0c:29:bd:80:47  txqueuelen 1000  (Ethernet)
        RX packets 2281  bytes 294532 (287.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 434  bytes 50857 (49.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens224: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:0c:29:bd:80:51  txqueuelen 1000  (Ethernet)
        RX packets 1109  bytes 120856 (118.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5  bytes 240 (240.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

可以看到br1上是我们配置的ip

5.抓包验证

(1)使用windows端ping192.168.179.122,在ens160上抓包

来自 192.168.179.122 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.179.122 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.179.122 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.179.122 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.179.122 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.179.122 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.179.122 的回复: 字节=32 时间<1ms TTL=64
来自 192.168.179.122 的回复: 字节=32 时间<1ms TTL=64
[root@localhost ~]# tcpdump icmp -i ens160
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes
00:55:07.723624 IP 192.168.179.1 > localhost.localdomain: ICMP echo request, id 1, seq 24, length 40
00:55:07.723658 IP localhost.localdomain > 192.168.179.1: ICMP echo reply, id 1, seq 24, length 40
00:55:08.728605 IP 192.168.179.1 > localhost.localdomain: ICMP echo request, id 1, seq 25, length 40
00:55:08.728641 IP localhost.localdomain > 192.168.179.1: ICMP echo reply, id 1, seq 25, length 40
00:55:09.733592 IP 192.168.179.1 > localhost.localdomain: ICMP echo request, id 1, seq 26, length 40
00:55:09.733626 IP localhost.localdomain > 192.168.179.1: ICMP echo reply, id 1, seq 26, length 40
00:55:10.739531 IP 192.168.179.1 > localhost.localdomain: ICMP echo request, id 1, seq 27, length 40

在ens224上抓包

[root@localhost ~]# tcpdump icmp -i ens224
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens224, link-type EN10MB (Ethernet), capture size 262144 bytes
01:22:13.280200 IP 192.168.179.1 > bogon: ICMP echo request, id 1, seq 982, length 40
01:22:13.281985 IP bogon > 192.168.179.1: ICMP echo reply, id 1, seq 982, length 40
01:22:14.298299 IP 192.168.179.1 > bogon: ICMP echo request, id 1, seq 983, length 40
01:22:14.298310 IP bogon > 192.168.179.1: ICMP echo reply, id 1, seq 983, length 40
01:22:15.317315 IP 192.168.179.1 > bogon: ICMP echo request, id 1, seq 984, length 40
01:22:15.317671 IP bogon > 192.168.179.1: ICMP echo reply, id 1, seq 984, length 40
01:22:16.328481 IP 192.168.179.1 > bogon: ICMP echo request, id 1, seq 985, length 40
01:22:16.328884 IP bogon > 192.168.179.1: ICMP echo reply, id 1, seq 985, length 40
01:22:17.336825 IP 192.168.179.1 > bogon: ICMP echo request, id 1, seq 986, length 40
01:22:17.337111 IP bogon > 192.168.179.1: ICMP echo reply, id 1, seq 986, length 40
01:22:18.350702 IP 192.168.179.1 > bogon: ICMP echo request, id 1, seq 987, length 40

成功抓包

# 网络 # linux # 网络安全
Logo
向您推荐>>Eolink开发者社区

权威|前沿|技术|干货|国内首个API全生命周期开发者社区

更多推荐

深入理解 Mocha 测试框架:从零实现一个 Mocha

前言什么是自动化测试自动化测试在很多团队中都是Devops环节中很难执行起来的一个环节,主要原因在于测试代码的编写工作很难抽象,99%的场景都需要和业务强绑定,而且写测试代码的编写工作量往往比编写实际业务代码的工作量更多。在一些很多业务场景中投入产出比很低,适合写自动化测试的应该是那些中长期业务以及一些诸如组件一样的基础库。自动化测试是个比较大的概念,其中分类也比较多,比如单元测试,端对端测试,集

avatar 云原生

ELK实现containerd的容器日志采集展示【基于logging的全栈监测】

企业级ELK Stack构建介绍

avatar 云原生

(20200916 Solved)docker-compose up创建容器自动退出

问题描述如题,创建容器后自动退出了。并且docker start container无效解决方案原因是缺失了控制终端的配置,需要在docker-compose.yml中增加tty:true ,有时候这样也不行,需要再增加一个command:/bin/bash,命令不一定是这个,需要是一个不会退出的命令,然后用-d后台启动容器。Referencesdocker-compose启动容器后自动退出...

avatar 云原生