If multiple IP addresses are configured on one network card, which one will be used when data packets are sent? On Linux, you can use iproute2 to set the src parameter to forcibly encapsulate the source address:
Ip route add 1.2.3.4/32 via 4.3.2.1 src 3.3.3.3
However, in Windows, everything is automatically selected by internal logic. The principle is as follows:
For a single Nic, select the IP address that best matches with the default gateway in the same network segment as the source;
When multiple NICs exist, select the NIC where the default gateway is located as the sending Nic. However, select an IP address as the source NIC based on the single Nic principle.
Therefore, if your target address is 1.2.3.4 and the default gateway is 4.3.2.1, there are two IP addresses on the local connection: 4.3.2.2 and 3.3.3.3. Obviously, 4.3.2.2 will be selected as the source IP address, in this way, 4.3.2.2 serves as the source IP address of the data packet during packet sending.
However, sometimes in order to implement some of your own policies or tips, you do not want the system to automatically encapsulate the source IP address for me. For example, it is obvious that you are using OpenVPN.
First, let's take a look at the essential meaning of the so-called default gateway. The default gateway is actually a special "Next Hop", which is actually a next hop address. The purpose of this address is to throw data packets to the next hop (nonsense ), in fact, it is only an auxiliary function. What actually works is the MAC address resolved by it, because the MAC address is truly encapsulated in the ethereframe, the default gateway is only used to obtain the MAC address. Therefore, if a MAC address can be specified statically, the default gateway can be any one. So there is a way:
1. Generate a fake default gateway that is located in the same CIDR block as the source IP address to be selected for a route, that is, the next hop of the route;
2. Create a static arp ing to the MAC address of the gateway;
In this way, the selection process of the source IP address will fully comply with the selection logic of Windows, and we will bypass its restrictions from outside the kernel, you can select any address configured on the local connection as the source IP address.
Programming is essential to implement manual configuration into an automatic process, however, I don't want to call that complex API (I have to do a lot of preparation work to implement a very simple function ...), I can only hope for scripts, but Windows command line functions are too weak and difficult. I asked my colleagues Baidu and google to try it over and over again. After a long time, I finally wrote a batch processing script. I found that the Script Function of Windows XP is still very powerful, not to mention Power Shell. The script is as follows (no echo off ):
[Plain]
Set destination = % 1
Set mask = % 2
Set origw = % 3
Set source = % 4
: Get the Default Gateway (you can automatically find the default gateway, which is too fancy and not recommended)
: GetGW
: Set origw =
: For/f "delims =: tokens = 2" % I in ('"ipconfig | find/I" default gateway "| findstr [0-9]. "') do set origw = % I
: Obtain the MAC address of the default gateway
: GetMac
Set mac =
For/f "skip = 3 tokens = 2" % I in ('Arp-a % origw % ') do set mac = % I
Echo % mac % | findstr \-
: There is a problem here. In fact, it doesn't matter if the ping fails (for example, the gateway disables the ping). All we need is its MAC address.
: If the MAC address is not resolved, do not use it as the default gateway. Therefore, the correct method should be a counter, continuous
: Failed to get MAC twice.
If ERRORLEVEL 1 (
Ping % origw %-n 1
If ERRORLEVEL 1 goto end
Goto GetMac
)
Set gw =
Set I =
: Generate a false gateway address (a simple algorithm, the source IP address to be used minus 1)
For/f "delims =. tokens = 4" % I in ('echo % source % ') do set/a host = % I-1
Set I =
Set j =
Set k =
For/f "delims =. tokens = 1, 2, 3 "% I in ('echo % source % ') do set gw = % I. % j. % k. % host %
: Sets the arp ing of the false gateway.
Arp-s % gw % mac %
: Add a route
Route add % destination % mask % gw %
: End
Save the above script as "route2.bat" and you can use it directly.
In fact, it is not a common practice for a host to select an IP address that does not belong to the same network segment as the default gateway as the source IP address, when the source IP address is selected as the target address, the default gateway of this segment may encounter problems during routing, unless it points the next hop to the address of the same network segment of the host where the IP address is located, otherwise, data packets may be discarded because the destination address is inaccessible.
In addition, the above script has a problem when establishing arp ing statically, that is, it is not associated with Windows's "Dead Gateway Detection" function, in this way, the gateway will be Notofy after it expires, or the gateway will not expire, but it will only change the machine and MAC, and then the MAC ing needs to be updated.
Blog: http://blog.csdn.net/dog250/article/details/10044433