Ubuntu 18.04 netplan 创建从 wifi 到以太网的桥接

tag-icon tag-icon networking 18.04 server netplan network-bridge
Ubuntu 18.04 netplan 创建从 wifi 到以太网的桥接

我正在运行 ubuntu 18.04,对网络没有太多经验。这个 ubuntu 服务器在我们的机器人上运行,应该充当机器人上其余有线模块的无线到局域网桥接器。我之前一直在客户端桥接模式下使用 dd-wrt ​​路由器来实现相同的功能,但它们太不一致了。带有以太网端口的现成扩展器有点贵,因此我想尝试一下。我已经使用 netplan 配置了无线接口。

以下是我的服务器上的网络接口,enp2s0 是以太网接口,wlp3s0 是 wifi 接口:

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::7c0d:f9ff:feb1:68ba  prefixlen 64  scopeid 0x20<link>
        ether 7e:0d:f9:b1:68:ba  txqueuelen 1000  (Ethernet)
        RX packets 3  bytes 138 (138.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 39  bytes 5047 (5.0 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.9.1  netmask 255.255.255.0  broadcast 192.168.9.255
        inet6 fe80::42:a6ff:fee9:59a4  prefixlen 64  scopeid 0x20<link>
        ether 02:42:a6:e9:59:a4  txqueuelen 0  (Ethernet)
        RX packets 1115  bytes 84610 (84.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 843  bytes 77266 (77.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eno1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 169.254.32.1  netmask 255.255.255.0  broadcast 169.254.32.255
        ether fc:aa:14:e3:e4:96  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf7e00000-f7e20000  

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.64  netmask 255.255.255.0  broadcast 192.168.0.255
        ether fc:aa:14:e3:e4:94  txqueuelen 1000  (Ethernet)
        RX packets 3  bytes 180 (180.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 216  bytes 14171 (14.1 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 50687  bytes 11888298 (11.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 50687  bytes 11888298 (11.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethea1fda5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::94b1:bcff:fe80:d58e  prefixlen 64  scopeid 0x20<link>
        ether 96:b1:bc:80:d5:8e  txqueuelen 0  (Ethernet)
        RX packets 558  bytes 50143 (50.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 486  bytes 45921 (45.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethf80ef47: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::d419:a5ff:fe1d:fb02  prefixlen 64  scopeid 0x20<link>
        ether d6:19:a5:1d:fb:02  txqueuelen 0  (Ethernet)
        RX packets 557  bytes 50077 (50.0 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 486  bytes 45965 (45.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.43  netmask 255.255.255.0  broadcast 192.168.0.255
        ether d8:fc:93:c5:df:aa  txqueuelen 1000  (Ethernet)
        RX packets 6318  bytes 5376431 (5.3 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4444  bytes 851545 (851.5 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

这是我的 netplan 配置 yaml:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp2s0:
      dhcp4: no

  wifis:
    wlp3s0:
      dhcp4: no
      dhcp6: no
      addresses: [192.168.0.44/24]
      gateway4: 192.168.0.1
      access-points:
        "leibnitz":
          password: "***********"

  bridges:
   br0:
    dhcp4: no
    addresses: [192.168.0.10/24]
    interfaces: [enp2s0,wlp3s0]
    parameters:
      stp: true
      forward-delay: 4

配置文件中的桥接部分主要是从这里和那里复制粘贴的,并没有真正理解发生了什么。我的理解是,这会在接口之间创建一个桥梁,因为我已经指定要使用的接口是 enp2s0 和 wlp3s0。它在 2 个接口之间创建了一个桥梁(如果我错了,请原谅)。目前的状态是我可以通过无线接口连接到互联网,但无法 ping 主路由器(192.168.0.1)或同一子网上的任何其他计算机。以下是 brctl show 的输出:

bridge name     bridge id               STP enabled     interfaces
br0             8000.7e0df9b168ba       yes             enp2s0
docker0         8000.0242a6e959a4       no              vethea1fda5
                                                        vethf80ef47

当我将一台计算机(配置了静态 IP)连接到 enp2s0 时,我什么也没得到。我甚至无法 ping 连接到 enp2s0 的计算机。任何有关此问题的建议或帮助都将非常有用。

答案1

好的,现在桥接接口已经可以正常工作了。以下是 netplan yaml 文件:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp2s0:
      dhcp4: no
      dhcp6: no

  wifis:
    wlp3s0:
      dhcp4: no
      dhcp6: no
      access-points:
        "leibnitz":
          password: ""

  bridges:
   br0:
    dhcp4: no
    dhcp6: no
    addresses: [192.168.0.10/24]
    gateway4: 192.168.0.1
#    routes:
#     - to: 0.0.0.0/0
#       via: 192.168.0.1/24
    interfaces: [enp2s0,wlp3s0]
    mtu: 1500
    nameservers:
      addresses: [8.8.8.8]
    parameters:
      stp: true
      forward-delay: 4

但是为了将无线接口 wlp3s0 添加到网桥,我必须做一些额外的配置:

 $ iw dev wlp3s0 set 4addr on

 $ brctl addif br0 wlp3s0

完成上述步骤后,brctl show br0的输出为:

bridge name     bridge id               STP enabled     interfaces
br0             8000.7e0df9b168ba       yes             enp2s0
                                                        wlp3s0

此后必须使用 ebtables 进行第 2 层 nat,因为只有 wlp3s0 通过 AP(这是我的主路由器)进行身份验证。

ebtables -t nat -A POSTROUTING -o wlp3s0 -n snat --to-src  "MAC_OF_WLP3S0" --snat-arp --snat-target ACCEPT

ebtables -t nat -A PREROUTING -p IPv4 -i wlp3s0 --ip-dst 192.168.0.12 -j dnat --to-dst $MAC_OF_CLIENT --dnat-target ACCEPT
ebtables -t nat -A PREROUTING -p ARP -i wlp3s0 --arp-ip-dst 192.168.0.12 -j dnat --to-dst $MAC_OF_CLIENT --dnat-target ACCEPT

192.168.0.12 是客户端计算机的 IP。如果我对上述命令的理解有误,请纠正我。第一个 ebtables 命令确保从桥接接口发出的每个数据包都具有 wlp3s0 的 mac 地址。随后的 2 个命令确保当输入链接收到寻址到 192.168.0.12 的数据包时,其目标 mac 地址将更改为桥接客户端的 mac 地址。

现在桥接接口可以工作了。

$ brctl showmacs br0
port no mac addr                is local?       ageing timer                                                                                                                                         
  2     00:0a:f7:81:da:a3       no                 0.00                                                                                                                                              
  2     24:0a:64:89:33:8d       no               241.86                                                                                                                                              
  2     70:bb:e9:13:b6:03       no                32.02                                                                                                                                              
  1     d8:50:e6:23:32:6b       no                 3.34                                                                                                                                              
  2     d8:fc:93:c5:df:aa       yes                0.00                                                                                                                                              
  2     d8:fc:93:c5:df:aa       yes                0.00                                                                                                                                              
  2     f4:8c:eb:9e:e2:64       no                 0.08                                                                                                                                              
  1     fc:aa:14:e3:e4:94       yes                0.00                                                                                                                                              
  1     fc:aa:14:e3:e4:94       yes                0.00

我可以在连接到网桥以太网接口的客户端计算机上 ping 8.8.8.8。但我无法上网,无法在客户端上浏览互联网。

这是客户端的路由表:

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    20100  0        0 enp4s0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enp4s0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp4s0

这是 ifconfig 的输出:

br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.10  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::7c0d:f9ff:feb1:68ba  prefixlen 64  scopeid 0x20<link>
        inet6 fd01::7c0d:f9ff:feb1:68ba  prefixlen 64  scopeid 0x0<global>
        ether 7e:0d:f9:b1:68:ba  txqueuelen 1000  (Ethernet)
        RX packets 80966  bytes 108616599 (108.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 82286  bytes 10385602 (10.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.9.1  netmask 255.255.255.0  broadcast 192.168.9.255
        inet6 fe80::42:ddff:fe39:8ff0  prefixlen 64  scopeid 0x20<link>
        ether 02:42:dd:39:8f:f0  txqueuelen 0  (Ethernet)
        RX packets 38417  bytes 2933398 (2.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28883  bytes 2575833 (2.5 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether fc:aa:14:e3:e4:94  txqueuelen 1000  (Ethernet)
        RX packets 3863  bytes 326607 (326.6 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1662  bytes 125423 (125.4 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1288744  bytes 205878639 (205.8 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1288744  bytes 205878639 (205.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth8bdf2aa: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::b834:49ff:fe31:12ac  prefixlen 64  scopeid 0x20<link>
        ether ba:34:49:31:12:ac  txqueuelen 0  (Ethernet)
        RX packets 19226  bytes 1736798 (1.7 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14559  bytes 1297280 (1.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

veth9e8287f: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::eccb:eaff:fe68:6b60  prefixlen 64  scopeid 0x20<link>
        ether ee:cb:ea:68:6b:60  txqueuelen 0  (Ethernet)
        RX packets 19191  bytes 1734438 (1.7 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14593  bytes 1299457 (1.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether d8:fc:93:c5:df:aa  txqueuelen 1000  (Ethernet)
        RX packets 129600  bytes 112940617 (112.9 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 89885  bytes 13247558 (13.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

以下是客户端电脑的yaml文件:

network:
  version: 2
  renderer: NetworkManager
  ethernets:
   enp4s0:
     dhcp4: no
     dhcp6: no
     addresses: [192.168.0.12/24]
     gateway: 192.168.0.1
     nameservers:
       addresses: [8.8.8.8, 8.8.4.4]

我不确定 192.168.0.1 是否是桥接客户端的正确网关,或者它应该是桥接器的 IP。我知道桥接器是一种第 2 层机制,它应该对第 3 层透明,因此连接到桥接器的所有设备都将具有与连接到桥接器外部 AP 的设备相同的网关。

我如何将客户端计算机连接到互联网

相关内容