我已经将 Ubuntu 20.04 就地升级到 22.04,发现 NAT 不再在此防火墙盒上起作用。升级之前,专用网络可以正常访问互联网。显然我在重新设置时遗漏了一些简单的事情。
公共<-- enp2s0 -- 本盒子 -- eno1 --> 私有网络
经过一段时间的挣扎后,我
apt-get 清除 ufw && apt-get 安装 ufw
ufw status verbose 给我:
Status: active
Logging: on (medium)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
/etc/defaults/ufw 包含:
DEFAULT_FORWARD_POLICY="ACCEPT"
/etc/ufw.conf 包含:
# /etc/ufw/ufw.conf
#
# Set to yes to start on boot. If setting this remotely, be sure to add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
ENABLED=yes
# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
# See 'man ufw' for details.
LOGLEVEL=medium
/etc/ufw/before.rules 包含:
# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
# ufw-before-input
# ufw-before-output
# ufw-before-forward
#
# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]
# Forward traffic from eth1 through eth0.
-A POSTROUTING -s 192.168.255.0/24 -o enp2s0 -j MASQUERADE
# don't delete the 'COMMIT' line or these nat table rules won't be processed
COMMIT
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
两个问题:
- 我忘记做什么才能使 NAT 正常工作?
- 似乎有时 ufw 不会在启动时启动。日志没有显示任何原因。有什么方法可以调试这个问题吗?
答案1
更新到 Ubuntu 22.04 后,我的 NAT 也无法正常工作。经过调查,我发现所有 NAT 规则仍然有效。
问题是 OpenVPN 网络配置不允许路由。我执行了以下步骤。
编辑以下文件。
sudo nano /etc/sysctl.conf
添加以下行。我刚刚从我的配置文件中删除了注释字符。
net.ipv4.ip_forward = 1
运行此程序以加载新设置。
sudo sysctl-p
上述命令将输出
net.ipv4.ip_forward = 1
我也禁用并启用了 ufw
sudo ufw 禁用 sudo ufw 启用