我在为我的树莓派设置桥接时遇到问题。
我的设置是:
我有一台运行 fedora 27 工作站的笔记本电脑,它通过wifi.我有一个 Raspberry Pi Zero W,它通过usb(并且只有usb,没有外部电源,没有以太网,什么都没有)连接到我的笔记本电脑。
我将stretch lite镜像闪现到我的圆周率上,然后P4wnP1从这里安装:https://github.com/mame82/P4wnP1
在我安装之前,P4wnP1我的 pi 有一个随机169.254.xxx.xxx地址,这就是为什么我将 USB 以太网接口的 IP 更改为正确的子网以ssh进入 pi。一段时间后,我找到了正确的设置,可以让我的 pi 在线并下载 git 来克隆存储库。
在我运行install.sh并重新启动 pi 后,pi 就有了一个静态 IP 地址172.16.0.1。我尝试了同样的方法让它上网,更改了我的接口的IP,通过ssh连接到pi,设置了我的fedora机器的网关。
但我无法在线获取 pi。
我可能应该在这里提到,我启用了“与其他计算机共享连接”,network manager并且还尝试了很多东西iptables,但我无法让它工作。
过去三天我一直在试图弄清楚,但没有成功。
这是我的 Fedora 上的 ifconfig:
$ ifconfig
enp0s20f0u6i1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.2 netmask 255.255.0.0 broadcast 172.16.255.255
inet6 fe80::f7f7:80c:8a15:5771 prefixlen 64 scopeid 0x20<link>
ether ee:98:9b:bc:37:ab txqueuelen 1000 (Ethernet)
RX packets 2687 bytes 186674 (182.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1648 bytes 176862 (172.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s31f6: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether c8:5b:76:6b:e4:90 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xf1200000-f1220000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1982 bytes 177290 (173.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1982 bytes 177290 (173.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:08:e4:d3 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.106 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::ebcf:d3b1:5a74:185e prefixlen 64 scopeid 0x20<link>
ether e4:a7:a0:99:2e:8d txqueuelen 1000 (Ethernet)
RX packets 135496 bytes 72791497 (69.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 51579 bytes 21450089 (20.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
这里的enp0s20f06i3接口是连接到 pi 的接口。在我更改其 IP 地址之前,它有一个10.46.0.1地址,重启后也是相同的地址。
来自route -n我的圆周率
pi@MAME82-P4WNP1:~ $ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.2 0.0.0.0 UG 0 0 0 usb0
172.16.0.0 0.0.0.0 255.255.255.252 U 0 0 0 usb0
172.24.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
和我的 pi 的 ifconfig
pi@MAME82-P4WNP1:~ $ ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
usb0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 255.255.255.252 broadcast 172.16.0.3
inet6 fe80::cc4b:62ff:fe84:7df0 prefixlen 64 scopeid 0x20<link>
ether ce:4b:62:84:7d:f0 txqueuelen 1000 (Ethernet)
RX packets 1959 bytes 182340 (178.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3197 bytes 269463 (263.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.24.0.1 netmask 255.255.255.0 broadcast 172.24.0.255
inet6 fe80::ba27:ebff:fe5e:ceb7 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:5e:ce:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1404 (1.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在route -n我的软呢帽上
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 600 0 0 wlp4s0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp0s20f0u6i1
192.168.2.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp4s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
resolv.conf在我的圆周率上
pi@MAME82-P4WNP1:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 10.46.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
在/etc/network/interfaces我的圆周率上
pi@MAME82-P4WNP1:~ $ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
dns-nameservers 8.8.8.8 8.8.4.4
auto usb0
iface usb0 inet manual
auto usb1
iface usb1 inet manual
最后我iptables在我的软呢帽上,我认为问题是:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 10.42.0.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 10.42.0.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_FedoraWorkstation all -- anywhere anywhere [goto]
FWDI_FedoraWorkstation all -- anywhere anywhere [goto]
FWDI_FedoraWorkstation all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_FedoraWorkstation all -- anywhere anywhere [goto]
FWDO_FedoraWorkstation all -- anywhere anywhere [goto]
FWDO_FedoraWorkstation all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation (3 references)
target prot opt source destination
FWDI_FedoraWorkstation_log all -- anywhere anywhere
FWDI_FedoraWorkstation_deny all -- anywhere anywhere
FWDI_FedoraWorkstation_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation (3 references)
target prot opt source destination
FWDO_FedoraWorkstation_log all -- anywhere anywhere
FWDO_FedoraWorkstation_deny all -- anywhere anywhere
FWDO_FedoraWorkstation_allow all -- anywhere anywhere
Chain FWDO_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_FedoraWorkstation all -- anywhere anywhere [goto]
IN_FedoraWorkstation all -- anywhere anywhere [goto]
IN_FedoraWorkstation all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation (3 references)
target prot opt source destination
IN_FedoraWorkstation_log all -- anywhere anywhere
IN_FedoraWorkstation_deny all -- anywhere anywhere
IN_FedoraWorkstation_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_FedoraWorkstation_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpts:blackjack:65535 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpts:blackjack:65535 ctstate NEW
Chain IN_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
我想我需要添加正确的条目,但我无法弄清楚,我搜索了很多论坛。
有没有办法更改10.46.0.0/24网络条目172.16.0.0/24?
因为我的接口之前有该 ip,如果我可以在规则中交换 ip,我就完成了,对吗?
我尝试过sudo iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE,也尝试过自己设定规则,但是我无法FORWARD相应地设定我的规则。
答案1
概括:
Pi 需要 Fedora 将流量转发到互联网。
圆周率
1 个网卡(我们关心的),名称为:
usb0——连接到 Fedora。
软呢帽:
已连接互联网。
2 个网卡(我们关心的),名称为:
wlp4s0——无线网络
enp0s20f0u6i1 -- 连接到 pi。
为了让生活更简单,我建议停止可预测的网络接口名称。我们想要使用网卡名称,并且不希望它们在我们身上改变。
步骤1: 通过在内核命令行中添加“net.ifnames=0”来停止 systemd 的可预测网络接口名称。
sudo vi /etc/default/grub
GRUB_CMDLINE_LINUX="net.ifnames=0"
现在更新 grub:
sudo grub-mkconfig -o /boot/grub/grub.cfg
笔记:
我已经看到除了 net.ifnames=0 之外,还将值“biosdevname=0”添加到内核命令行中。我的设置不需要它。
第2步:
通过创建新的规则文件,使用 udev 规则分配新名称
sudo vi /etc/udev/rules.d/10-myCustom-net.rules
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:f3:79:59", KERNEL=="eth*", NAME="test0"
必须将行更改ATTR{address}=="08:00:27:f3:79:59"为你的MAC地址。
更改NAME="test0"为您想要为网卡指定的名称。
笔记:
ATTR{dev_id}=="0x0" and ATTR{type}=="1"从我的 Ubuntu 14 模板中删除。
有人说删除KERNEL=="eth*"或忽略整行。我的设置中并非如此。
如果您像我一样因为在这一步之前重新启动而“丢失”了 MAC 地址,并且 ifconfig 没有显示,请在/sys/class/net/assignedName/address.
顺便说一句:这个系统重命名了它eth0,cat /sys/class/net/eth0/address
步骤3:
为新接口名称分配地址
sudo vi /etc/network/interfaces
auto test0
iface test0 inet static
address 192.168.2.202 -- use your address
netmask 255.255.255.0 -- use your address
and what other entries your system requires.
步骤4:
重新启动(对我们大多数人来说更容易)
现在这只是为我们的网卡提供了一个静态名称。
您只需向 Fedora 添加 iptable 规则,因此在 Pi 上不需要这样做。
假设:
Fedora 和 Pi 都有默认路由表,并且没有 iptable 规则。
笔记:
我们希望将我们的私有 IP 地址保密而不是公开。
RFC1918 name IP address range largest CIDR block (subnet mask)
24-bit block 10.0.0.0 – 10.255.255.255 10.0.0.0/8 (255.0.0.0)
20-bit block 172.16.0.0 – 172.31.255.255 172.16.0.0/12 (255.240.0.0)
16-bit block 192.168.0.0 – 192.168.255.255 192.168.0.0/16 (255.255.0.0)
圆周率:
分配IP地址给USB0
sudo vi /etc/network/interfaces
auto usb0
iface usb0 inet static
address 172.16.0.1
netmask 255.240.0.0
add any other values needed.
软呢帽:
启用 ipv4 转发
sudo vi /etc/sysctl.conf
net.ipv4.ip_forward=1
为test0分配ip地址(记住我们更改了上面的网卡名称)
sudo vi /etc/network/interfaces
# This connects to the Pi
auto test0
iface test0 inet static
address 172.16.0.2
netmask 255.240.0.0
add any other values needed.
# This is the internet connection
auto wlp4s0
iface wlp4s0 inet static
address 192.168.2.106
netmask 255.255.255.255
add any other values needed like
gateway a.b.c.d
dns-nameservers 8.8.8.8 8.8.4.4
如果 wlp4s0 地址由 DHCP 分配,它看起来更像这样
这是互联网连接
auto wlp4s0
iface wlp4s0 inet dhcp
设置 iptable 规则以将数据包从 test0 转发到 wlp4s0 并使用本地子网地址...包装器来包装数据包。在命令行输入规则。
# this rule will forward all traffic from nic test0 to nic wlp4s0
sudo iptables -A FORWARD -i test0 -o wlp4s0 -j ACCEPT
# this rule will continue to forward any existing connections from test0 to wlp4so
sudo iptables -A FORWARD -i test0 -o wlp4s0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# this rule will wrap the packet with a local address so they do not get lost in transit.
sudo iptables -t nat -A POSTROUTING -j MASQUERADE
笔记:
没有启用防火墙规则。这是让它正常工作的最低要求。添加其他规则以保护您的系统。
使 iptable 规则在重新启动后保持不变。
在 Ubuntu16 上,包名称为iptables-persistent. Fedora 可能有所不同。
sudo apt-get install iptables-persistent
保存当前的iptable规则
iptables-save > /etc/iptables/rules.v4
重新启动 Fedora。
核实:
IP 地址。
iptable规则