这是互联网连接

这是互联网连接

我在为我的树莓派设置桥接时遇到问题。

我的设置是:
我有一台运行 fedora 27 工作站的笔记本电脑,它通过wifi.我有一个 Raspberry Pi Zero W,它通过usb(并且只有usb,没有外部电源,没有以太网,什么都没有)连接到我的笔记本电脑。
我将stretch lite镜像闪现到我的圆周率上,然后P4wnP1从这里安装:https://github.com/mame82/P4wnP1
在我安装之前,P4wnP1我的 pi 有一个随机169.254.xxx.xxx地址,这就是为什么我将 USB 以太网接口的 IP 更改为正确的子网以ssh进入 pi。一段时间后,我找到了正确的设置,可以让我的 pi 在线并下载 git 来克隆存储库。

在我运行install.sh并重新启动 pi 后,pi 就有了一个静态 IP 地址172.16.0.1。我尝试了同样的方法让它上网,更改了我的接口的IP,通过ssh连接到pi,设置了我的fedora机器的网关。
但我无法在线获取 pi。

我可能应该在这里提到,我启用了“与其他计算机共享连接”,network manager并且还尝试了很多东西iptables,但我无法让它工作。

过去三天我一直在试图弄清楚,但没有成功。

这是我的 Fedora 上的 ifconfig:

$ ifconfig
enp0s20f0u6i1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.0.2  netmask 255.255.0.0  broadcast 172.16.255.255
        inet6 fe80::f7f7:80c:8a15:5771  prefixlen 64  scopeid 0x20<link>
        ether ee:98:9b:bc:37:ab  txqueuelen 1000  (Ethernet)
        RX packets 2687  bytes 186674 (182.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1648  bytes 176862 (172.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp0s31f6: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether c8:5b:76:6b:e4:90  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 16  memory 0xf1200000-f1220000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 1982  bytes 177290 (173.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1982  bytes 177290 (173.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:08:e4:d3  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.2.106  netmask 255.255.255.0  broadcast 192.168.2.255
        inet6 fe80::ebcf:d3b1:5a74:185e  prefixlen 64  scopeid 0x20<link>
        ether e4:a7:a0:99:2e:8d  txqueuelen 1000  (Ethernet)
        RX packets 135496  bytes 72791497 (69.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 51579  bytes 21450089 (20.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

这里的enp0s20f06i3接口是连接到 pi 的接口。在我更改其 IP 地址之前,它有一个10.46.0.1地址,重启后也是相同的地址。

来自route -n我的圆周率

pi@MAME82-P4WNP1:~ $ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.0.2      0.0.0.0         UG    0      0        0 usb0
172.16.0.0      0.0.0.0         255.255.255.252 U     0      0        0 usb0
172.24.0.0      0.0.0.0         255.255.255.0   U     0      0        0 wlan0

和我的 pi 的 ifconfig

pi@MAME82-P4WNP1:~ $ ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

usb0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.16.0.1  netmask 255.255.255.252  broadcast 172.16.0.3
        inet6 fe80::cc4b:62ff:fe84:7df0  prefixlen 64  scopeid 0x20<link>
        ether ce:4b:62:84:7d:f0  txqueuelen 1000  (Ethernet)
        RX packets 1959  bytes 182340 (178.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3197  bytes 269463 (263.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.24.0.1  netmask 255.255.255.0  broadcast 172.24.0.255
        inet6 fe80::ba27:ebff:fe5e:ceb7  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:5e:ce:b7  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 14  bytes 1404 (1.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

route -n我的软呢帽上

$ route -n                 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.2.1     0.0.0.0         UG    600    0        0 wlp4s0
172.16.0.0      0.0.0.0         255.255.0.0     U     0      0        0 enp0s20f0u6i1
192.168.2.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp4s0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

resolv.conf在我的圆周率上

pi@MAME82-P4WNP1:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 10.46.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4

/etc/network/interfaces我的圆周率上

pi@MAME82-P4WNP1:~ $ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d


dns-nameservers 8.8.8.8 8.8.4.4

auto usb0

iface usb0 inet manual

auto usb1

iface usb1 inet manual

最后我iptables在我的软呢帽上,我认为问题是:

$ sudo iptables -L                                                          
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
INPUT_direct  all  --  anywhere             anywhere            
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere            
INPUT_ZONES  all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             10.42.0.0/24         state RELATED,ESTABLISHED
ACCEPT     all  --  10.42.0.0/24         anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
FORWARD_direct  all  --  anywhere             anywhere            
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere            
FORWARD_IN_ZONES  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES  all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
OUTPUT_direct  all  --  anywhere             anywhere            

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 
FWDI_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 
FWDI_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 
FWDO_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 
FWDO_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation (3 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation_log  all  --  anywhere             anywhere            
FWDI_FedoraWorkstation_deny  all  --  anywhere             anywhere            
FWDI_FedoraWorkstation_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain FWDI_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation (3 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation_log  all  --  anywhere             anywhere            
FWDO_FedoraWorkstation_deny  all  --  anywhere             anywhere            
FWDO_FedoraWorkstation_allow  all  --  anywhere             anywhere            

Chain FWDO_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 
IN_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 
IN_FedoraWorkstation  all  --  anywhere             anywhere            [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation (3 references)
target     prot opt source               destination         
IN_FedoraWorkstation_log  all  --  anywhere             anywhere            
IN_FedoraWorkstation_deny  all  --  anywhere             anywhere            
IN_FedoraWorkstation_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain IN_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ns ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-dgm ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpts:blackjack:65535 ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:blackjack:65535 ctstate NEW

Chain IN_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination        

我想我需要添加正确的条目,但我无法弄清楚,我搜索了很多论坛。
有没有办法更改10.46.0.0/24网络条目172.16.0.0/24
因为我的接口之前有该 ip,如果我可以在规则中交换 ip,我就完成了,对吗?

我尝试过sudo iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE,也尝试过自己设定规则,但是我无法FORWARD相应地设定我的规则。

答案1

概括:

Pi 需要 Fedora 将流量转发到互联网。

圆周率

1 个网卡(我们关心的),名称为:

usb0——连接到 Fedora。

软呢帽:

已连接互联网。

2 个网卡(我们关心的),名称为:

wlp4s0——无线网络

enp0s20f0u6i1 -- 连接到 pi。

为了让生活更简单,我建议停止可预测的网络接口名称。我们想要使用网卡名称,并且不希望它们在我们身上改变。

步骤1: 通过在内核命令行中添加“net.ifnames=0”来停止 systemd 的可预测网络接口名称。

sudo vi /etc/default/grub

GRUB_CMDLINE_LINUX="net.ifnames=0"

现在更新 grub:

sudo grub-mkconfig -o /boot/grub/grub.cfg

笔记:

我已经看到除了 net.ifnames=0 之外,还将值“biosdevname=0”添加到内核命令行中。我的设置不需要它。

第2步:

通过创建新的规则文件,使用 udev 规则分配新名称

sudo vi /etc/udev/rules.d/10-myCustom-net.rules

SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:f3:79:59", KERNEL=="eth*", NAME="test0"

必须将行更改ATTR{address}=="08:00:27:f3:79:59"你的MAC地址。

更改NAME="test0"为您想要为网卡指定的名称。

笔记:

ATTR{dev_id}=="0x0" and ATTR{type}=="1"从我的 Ubuntu 14 模板中删除。

有人说删除KERNEL=="eth*"或忽略整行。我的设置中并非如此。

如果您像我一样因为在这一步之前重新启动而“丢失”了 MAC 地址,并且 ifconfig 没有显示,请在/sys/class/net/assignedName/address.

顺便说一句:这个系统重命名了它eth0cat /sys/class/net/eth0/address

步骤3:

为新接口名称分配地址

sudo vi /etc/network/interfaces

auto test0
iface test0 inet static
    address 192.168.2.202 --  use your address
    netmask 255.255.255.0 --  use your address
and what other entries your system requires.

步骤4:

重新启动(对我们大多数人来说更容易)

现在这只是为我们的网卡提供了一个静态名称。

您只需向 Fedora 添加 iptable 规则,因此在 Pi 上不需要这样做。

假设:

Fedora 和 Pi 都有默认路由表,并且没有 iptable 规则。

笔记:

我们希望将我们的私有 IP 地址保密而不是公开。

RFC1918 name    IP address range    largest CIDR block (subnet mask)
24-bit block    10.0.0.0 – 10.255.255.255   10.0.0.0/8 (255.0.0.0)
20-bit block    172.16.0.0 – 172.31.255.255 172.16.0.0/12 (255.240.0.0)
16-bit block    192.168.0.0 – 192.168.255.255   192.168.0.0/16 (255.255.0.0)

圆周率:

分配IP地址给USB0

sudo vi /etc/network/interfaces

auto usb0
iface usb0 inet static
    address 172.16.0.1
    netmask 255.240.0.0
add any other values needed.

软呢帽:

启用 ipv4 转发

sudo vi /etc/sysctl.conf

net.ipv4.ip_forward=1

为test0分配ip地址(记住我们更改了上面的网卡名称)

sudo vi /etc/network/interfaces

# This connects to the Pi
auto test0
iface test0 inet static
    address 172.16.0.2
    netmask 255.240.0.0
add any other values needed.

# This is the internet connection
auto wlp4s0
iface wlp4s0 inet static
    address 192.168.2.106
    netmask 255.255.255.255
add any other values needed like
    gateway a.b.c.d
    dns-nameservers 8.8.8.8 8.8.4.4

如果 wlp4s0 地址由 DHCP 分配,它看起来更像这样

这是互联网连接

auto wlp4s0
iface wlp4s0 inet dhcp

设置 iptable 规则以将数据包从 test0 转发到 wlp4s0 并使用本地子网地址...包装器来包装数据包。在命令行输入规则。

# this rule will forward all traffic from nic test0 to nic wlp4s0
sudo iptables -A FORWARD -i test0 -o wlp4s0 -j ACCEPT
# this rule will continue to forward any existing connections from test0 to wlp4so
sudo iptables -A FORWARD -i test0 -o wlp4s0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# this rule will wrap the packet with a local address so they do not get lost in transit.
sudo iptables -t nat -A POSTROUTING -j MASQUERADE

笔记:

没有启用防火墙规则。这是让它正常工作的最低要求。添加其他规则以保护您的系统。

使 iptable 规则在重新启动后保持不变。

在 Ubuntu16 上,包名称为iptables-persistent. Fedora 可能有所不同。

sudo apt-get install iptables-persistent

保存当前的iptable规则

iptables-save > /etc/iptables/rules.v4

重新启动 Fedora。

核实:

IP 地址。

iptable规则

相关内容