我有一台笔记本电脑,它连接到 wifi 以访问互联网。这台计算机运行 Linux(Fedora),它充当另一台没有 wifi 适配器的计算机(ubuntu linaro)的 DHCP 服务器。笔记本电脑和另一台计算机通过交叉电缆通过各自的标准以太网端口连接。因此,笔记本电脑是 DHCP 服务器,而另一台计算机是 DHCP 客户端。
我已经验证了另一台计算机是否正确地从笔记本电脑获取了 DHCP 地址。但是,ping www.yahoo.com不起作用。我还可以在/etc/resolv.confDHCP 客户端计算机中看到来自 DHCP 服务器的正确设置。
我没有对 做任何更改iptables。
我的问题是,如何告诉笔记本电脑将 DNS 请求和互联网访问从 dhcp 客户端传递到 wifi 网络?我是否还需要运行 DNS 守护程序?
[idf@localhost ~]$ cat /proc/sys/net/ipv4/ip_forward
1
[idf@localhost ~]$
以下是笔记本电脑(DHCP 服务器)上 ifconfig -a 的输出
[idf@localhost ~]$ ifconfig -a
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::28c:faff:feac:2de0 prefixlen 64 scopeid 0x20<link>
ether 00:8c:fa:ac:2d:e0 txqueuelen 1000 (Ethernet)
RX packets 899 bytes 123800 (120.8 KiB)
RX errors 0 dropped 8 overruns 0 frame 0
TX packets 1338 bytes 131506 (128.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 6557 bytes 1142539 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6557 bytes 1142539 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
inet6 fe80::5054:ff:fe0c:77c4 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:0c:77:c4 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1174 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:54:00:0c:77:c4 txqueuelen 500 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.128.231.168 netmask 255.255.255.128 broadcast 10.128.231.255
inet6 fe80::2ae3:47ff:febd:bc4a prefixlen 64 scopeid 0x20<link>
ether 28:e3:47:bd:bc:4a txqueuelen 1000 (Ethernet)
RX packets 10004803 bytes 10357195255 (9.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7473957 bytes 1022964388 (975.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[idf@localhost ~]$
这是我的 dhcpd.conf 文件
[idf@localhost ~]$ more /etc/dhcp/dhcpd.conf
ddns-update-style interim; # Required for dhcp 3.0+ / Red Hat 8.0+
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.128 192.168.1.254; # Range of IP addresses to be issued to DHCP clients
option subnet-mask 255.255.255.0; # Default subnet mask to be used by DHCP clients
option broadcast-address 192.168.1.255; # Default broadcastaddress to be used by DHCP clients
option routers 192.168.1.1; # Default gateway to be used by DHCP clients
option domain-name "synctrading.org";
option domain-name-servers 192.168.1.1; # Default DNS to be used by DHCP clients
option netbios-name-servers 192.168.1.100; # Specify a WINS server for MS/Windows clients.
# (Optional. Specify if used on your network)
# DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
# option ipforwarding off;
default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address
max-lease-time 43200;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1; # Default NTP server to be used by DHCP clients
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless you understand Netbios very well
# option netbios-node-type 2;
}
[idf@localhost ~]$
编辑1
按照以下说明操作后(我在 dhcpd.conf 文件中将名称服务器更改为 google dns),我在sudo tcpdump -i enp1s0笔记本电脑上进行了操作。然后从 DHCP 客户端,我尝试了一下,ping www.yahoo.comDHCP 服务器上的转储中打印出了一些有趣的东西。"admin prohibited"很有趣,但我不知道它是什么意思或如何修复它。
22:46:31.697964 IP 192.168.1.128.42318 > google-public-dns-a.google.com.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.698068 IP localhost.localdomain > 192.168.1.128: ICMP host google-public-dns-a.google.com unreachable - admin prohibited, length 67
22:46:31.698593 IP 192.168.1.128.56805 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.698683 IP localhost.localdomain > 192.168.1.128: ICMP host alu7750testscr.xyz1.gblx.mgmt.Level3.net unreachable - admin prohibited, length 67
22:46:31.699123 IP 192.168.1.128.40441 > google-public-dns-a.google.com.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.699180 IP localhost.localdomain > 192.168.1.128: ICMP host google-public-dns-a.google.com unreachable - admin prohibited, length 67
22:46:31.699598 IP 192.168.1.128.60984 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 15883+ A? www.yahoo.com. (31)
22:46:36.706262 IP 192.168.1.128.46076 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 5928+ A? www.yahoo.com.synctrading.org. (47)
22:46:36.706356 IP localhost.localdomain > 192.168.1.128: ICMP host alu7750testscr.xyz1.gblx.mgmt.Level3.net unreachable - admin prohibited, length 83
22:46:36.707346 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1661:1729, ack 576, win 330, options [nop,nop,TS val 35236 ecr 4294953343], length 68
22:46:36.707409 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1729, win 277, options [nop,nop,TS val 4294958364 ecr 35236], length 0
22:46:36.707781 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1729:1765, ack 576, win 330, options [nop,nop,TS val 35236 ecr 4294958364], length 36
22:46:36.707823 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1765, win 277, options [nop,nop,TS val 4294958364 ecr 35236], length 0
22:46:36.710622 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1765:1833, ack 576, win 330, options [nop,nop,TS val 35237 ecr 4294958364], length 68
22:46:36.710663 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1833, win 277, options [nop,nop,TS val 4294958367 ecr 35237], length 0
22:46:46.577998 AoE length 46, Ver 1, Flags: [none]
编辑2
[idf@localhost ~]$ sudo iptables -L -n
[sudo] password for idf:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation (5 references)
target prot opt source destination
FWDI_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain FWDI_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation (5 references)
target prot opt source destination
FWDO_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain FWDO_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation (5 references)
target prot opt source destination
IN_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain IN_FedoraWorkstation_allow (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:65535 ctstate NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1025:65535 ctstate NEW
Chain IN_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[idf@localhost ~]$
编辑3
[idf@localhost ~]$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE all -- 192.168.1.0/24 0.0.0.0/0
Chain OUTPUT_direct (1 references)
target prot opt source destination
Chain POSTROUTING_ZONES (1 references)
target prot opt source destination
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain POSTROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain POSTROUTING_direct (1 references)
target prot opt source destination
Chain POST_FedoraWorkstation (5 references)
target prot opt source destination
POST_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
POST_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
POST_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain POST_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain POST_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain POST_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain PREROUTING_ZONES (1 references)
target prot opt source destination
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain PREROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain PREROUTING_direct (1 references)
target prot opt source destination
Chain PRE_FedoraWorkstation (5 references)
target prot opt source destination
PRE_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
PRE_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
PRE_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain PRE_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain PRE_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain PRE_FedoraWorkstation_log (1 references)
target prot opt source destination
答案1
代替
domain-name-servers 192.168.1.1;
通过笔记本电脑使用的dns服务器地址,或者在笔记本电脑上配置dns缓存服务器。使用nslookup或之类的命令host在客户端测试dns访问。
您需要使用 iptables 在笔记本电脑上启用伪装:
iptables -t nat -I POSTROUTING -s 192.168.1.0/24 -o <wifi_interface> -j MASQUERADE
也许你已经在使用一些 iptables 配置(这不是我的强项)。尝试使用以下命令设置 nat 表的默认策略:
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
注意,你始终可以使用以下命令查看接口上正在传递的数据包
sudo tcpdump -i <name_of_interface>
如果您同时在两个接口上执行此操作,您就可以看到数据包在哪里丢失或被笔记本电脑拒绝。
你可能有一个已经配置了 iptables 的服务,例如防火墙在 Fedora 上。最好尝试使用其配置工具进行任何更改。例如,
firewall-cmd --add-masquerade
但你还需要设置一个内部的或者值得信赖以太网区域(抱歉,我对此不太了解)。
答案2
您的 DHCP 配置看起来不错。可能是您在 192.168.1.1 处没有 DNS 解析器,或者它没有运行 dnsmasq 服务。您的网关是什么类型的设备?