为什么我的 LAN 和 DHCP 配置“不是私有类子网”?

为什么我的 LAN 和 DHCP 配置“不是私有类子网”?

我正在维护一个带有小型 LAN 和 wifi 的网关服务器,它充当防火墙、备份服务器、宽带网关、媒体服务器等。

Bind9 变得过于复杂,所以我干脆将它完全卸载了。一切都运行顺利,直到我发现我无法从任何工作站登录到 backuppc 管理站点 - 它只允许我通过服务器上的 localhost 直接登录。显然:

看起来您正试图从网络外部(即不在私有子网上)访问 BackupPC 页面。默认情况下,BackupPC 的配置会阻止远程访问,以尽量减少数据被广泛使用的安全风险,但在某些情况下,这可能不是所希望的

这是我的dhcpd.conf

adam@gondolin:~$ cat /etc/dhcp/dhcpd.conf
#
# Attention: If /etc/ltsp/dhcpd.conf exists, that will be used as
# configuration file instead of this file.

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
authoritative;
log-facility local7;
default-lease-time 7200;
max-lease-time 86400;
option domain-name "localdomain";
option domain-name-servers 208.67.220.220, 208.67.222.222;
ignore client-updates;
update-static-leases on;
update-optimization off;
ddns-update-style none;

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.5 192.168.0.254;
  option subnet-mask 255.255.255.0;
  option routers 192.168.0.3;
}

这是我的笔记本电脑客户端的 LAN 和 wifi 接口的样子:

adam@erebor:~$ ifconfig -a
enxd45d645c12ed: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.31  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::cb6a:9e79:1777:e285  prefixlen 64  scopeid 0x20<link>
        ether d4:5d:64:5c:12:ed  txqueuelen 1000  (Ethernet)
        RX packets 48070  bytes 37288002 (37.2 MB)
        RX errors 0  dropped 5  overruns 0  frame 0
        TX packets 43659  bytes 9716286 (9.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1868  bytes 192244 (192.2 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1868  bytes 192244 (192.2 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.28  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::c5c5:4941:dff4:32f0  prefixlen 64  scopeid 0x20<link>
        ether 34:e1:2d:c3:7c:51  txqueuelen 1000  (Ethernet)
        RX packets 305  bytes 38927 (38.9 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 283  bytes 47749 (47.7 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

我预计这里有一个基本错误但我看不到它。

===============================

这是我混合的一些 IPv6 配置内容 - 我一直在文档中给出的地方添加 IPv6 配置,但它肯定不完整。

adam@gondolin:~$ cat /etc/dhcp/dhcpd6.conf 
default-lease-time 2592000;
preferred-lifetime 604800;
option dhcp-renewal-time 3600;
option dhcp-rebinding-time 7200;
allow leasequery;
option dhcp6.name-servers 3ffe:501:ffff:100:200:ff:fe00:3f3e;
option dhcp6.domain-search "test.example.com","example.com";
option dhcp6.info-refresh-time 21600;

我现在意识到 DNS 是包中的默认设置。

iptables6也有一些配置,但看起来不错。

相关内容