我有这个清雾专业版带有 armbian 图像的路由器板。我想要做的是让 6 台 raspberryPi 通过 clearfog pro 连接到互联网。最后,我希望所有 7 台计算机都有一个 IP 地址,这样我就可以告诉每台计算机。在网上阅读后,我发现我需要设置一个网络桥来实现这一点。
我首先尝试了这些配置这里.但它们对我不起作用。
这是我的 /etc/network/interfaces 文件中的当前配置
auto lo br0 eth1 lan1
iface lo inet loopback
iface br0 inet dhcp
bridge_ports eth0 lan1
这是输出ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether fe:cc:39:e2:0e:81 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP mode DEFAULT group default qlen 532 link/ether 00:50:43:25:fb:84 brd ff:ff:ff:ff:ff:ff
4: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 532 link/ether 00:50:43:84:25:2f brd ff:ff:ff:ff:ff:ff
5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 532 link/ether 00:50:43:0d:19:18 brd ff:ff:ff:ff:ff:ff
6: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1 link/ipip 0.0.0.0 brd 0.0.0.0
7: lan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP mode DEFAULT group default qlen 1000 link/ether 00:50:43:84:25:2f brd ff:ff:ff:ff:ff:ff
13: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 00:50:43:25:fb:84 brd ff:ff:ff:ff:ff:ff
和ip route
192.168.178.0/24 dev br0 proto kernel scope link src 192.168.178.44
所以我尝试 ssh 以期192.168.178.44它能将我引导到 lan1 上的计算机,但事实并非如此。我再次连接到 clearfog。
我也尝试过桥接 eth1 和 eth0,但它返回了can't add eth1 to bridge br0: Invalid argument
所以我的问题是:正确的桥梁设置是什么?
编辑:按照我的要求brctl show
bridge name bridge id STP enabled interfaces
br0 8000.00504325fb84 no eth0
lan1
ifconfig
br0 Link encap:Ethernet HWaddr 00:50:43:25:fb:84
inet addr:192.168.178.44 Bcast:192.168.178.255 Mask:255.255.255.0
inet6 addr: fe80::250:43ff:fe25:fb84/64 Scope:Link
inet6 addr: 2001:984:6433:1:250:43ff:fe25:fb84/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:572 errors:0 dropped:0 overruns:0 frame:0
TX packets:86 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:147582 (144.1 KiB) TX bytes:11762 (11.4 KiB)
eth0 Link encap:Ethernet HWaddr 00:50:43:25:fb:84
inet addr:192.168.178.44 Bcast:192.168.178.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1225 errors:0 dropped:0 overruns:0 frame:0
TX packets:118 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:318910 (311.4 KiB) TX bytes:15514 (15.1 KiB)
Interrupt:38
eth1 Link encap:Ethernet HWaddr 00:50:43:84:25:2f
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:39
lan1 Link encap:Ethernet HWaddr 00:50:43:84:25:2f
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
和ip route show
default via 192.168.178.1 dev br0
192.168.178.0/24 dev br0 proto kernel scope link src 192.168.178.44
192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.44
答案1
为了确保我的理解正确,您有 6 个 RPi 连接到一个交换机,该交换机也连接到 clearfrog。您只是希望 RPi 能够相互通信以及通过 clearfrog 访问互联网。从现在起,我将 Clearfrog 称为 CF。
现在我们来看看你的IP链接:
1: lo <- loopback
2: bond0 <- special interface for traffic aggregation/bonding
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> <- Assuming this is your uplink
4: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> <- Assuming this is physically connected to your switch
5: eth2: <BROADCAST,MULTICAST> <- Assuming this is inactive
6: tunl0@NONE: <NOARP> <- Tunnel interface for vpn
7: lan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> <- Lan1 isn't physical, it's a VLAN inteface.
13: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> <- bridge interface you created
我不清楚的是,您的路由器是否会在 WAN 端获得公共 IP 地址,或者它是否会保留在另一个网关后面。如果它位于另一个网关后面,您需要将 RPi 放在单独的子网上,并指示 CF 为您路由流量。
例如:
*internets*
^
|modem| -> |gateway| -> | switch |
^ ^ ^ ^
192.168.178.0/25 PC1 PC2 PC3 CF Primary Network
^
| switch |
^ ^ ^ ^ ^ ^
192.168.178.128/25 Pi Pi Pi Pi Pi Pi Pi Network
我已将子网 192.168.178.0/25 分配给您的主网络,其可用范围为 .1-.126;我已将子网 192.168.178.128/25 分配给您的 Pi 网络,其可用范围为 .129-.254
我认为你之前尝试做的是将两个适配器桥接在一起。当你有两个适配器后面有多个主机并且这些主机也有 mac 地址时,你需要这样做路由,不桥接。
毕竟,这是路由器,不是吗?问题是“如何制作交换机”,但您不是使用此设备来控制两个网络之间的流量吗?否则,您可以移除 CF 并放入一个哑交换机,无需嵌入式 Linux。
要删除 br0:
brctl show | awk '{if(NR>1)print}' | awk '{print $NF}' | while read line ; do brctl delif br0 $line ; done
ifconfig br0 down
brctl delbr br0
接下来,让我们准备路由器来执行路由器的事情。
编辑 /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.178.126
network 192.168.178.0
netmask 255.255.255.128
gateway 192.168.178.1
broadcast 192.168.178.127
auto eth1
iface eth1 inet static
address 192.168.178.129
network 192.168.178.128
netmask 255.255.255.128
broadcast 192.168.178.255
然后编辑 /etc/sysctl.conf 并启用转发。你实际上只需要需要第一行,但这是我通常用于路由器的:
net.ipv4.conf.all.forwading=1
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.secure_redirects = 1
然后运行:sysctl -p
现在我们要添加路由。我建议执行 ip route flush all,但是执行此操作时您需要在控制台上,因为它会立即断开您与 ssh 的连接。
ip route flush all
ip rule flush
ip route add 192.168.178.0/25 via 192.168.178.1 dev eth0
ip route add 192.168.178.128/25 src 192.168.178.129
ip route add default via 192.168.178.1 dev eth0
现在您要转到主网络路由器并添加静态路由:192.168.178.128/25 通过 192.168.178.129 这会告诉您的主网关/路由器,当内部网络上的主机想要连接到您的 RPi 网络时,将请求转发到 CF(充当网关)以进一步路由。
回到 CF,我要做的最后一件事是在 iptables 中添加转发规则:
#Allow rpi's to connect to the outside world but not initiate new connections to hosts on your primary network
iptables -I FORWARD -i eth1 -o eth0 -s 192.168.178.128/25 ! -d 192.168.178.0/25 -m conntrack --ctstate NEW -j ACCEPT
# Allow forwarding for established connections
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Allow hosts on your primary network to initiate new connections to pi's
iptables -I FORWARD -i eth0 -o eth1 -s 192.168.178.0/25 -d 192.168.178.128/25 -m conntrack --ctstate NEW -j ACCEPT
您需要使用 iptables-save > /etc/iptables/rules.v4 保存这些规则
现在,您需要在 CF 上安装一个 dhcp 服务器来为 Pi 分配 IP,或者您需要为它们分配静态地址。无论哪种情况,您都需要将其默认网关设置为 CF 的 IP 192.168.178.129
这应该就是您所需要的。如果您有任何问题,请随时发表评论,我会尽力帮助您。
答案2
在您的网络/接口文件中:
auto lo br0 eth1 lan1
iface lo inet loopback
iface br0 inet dhcp
bridge_ports eth0 lan1
它有助于区分一些事情
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet manual
auto br0
iface br0 inet static #or dhcp
address <your address>
netmask 255.255.255.0
gateway <your gateway>
bridge_ports eth1
bridge_stp off
bridge_fd 0
希望这可以帮助