我刚刚拿到了全新的笔记本电脑,我打算将旧笔记本电脑用作家庭路由器,只是为了玩和学习一些有关网络的知识。在我学习了一些教程之后,我进行了如下配置:
-Debian Buster Lite
-isc-dhcp-服务器
-hostapd
-iptables
我的配置是:
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
subnet 192.168.11.0 netmask 255.255.255.0 {
range 192.168.11.10 192.168.11.50;
option broadcast-address 192.168.11.255;
option routers 192.168.11.1;
default-lease-time 600;
max-lease-time 7200;
option domain-name "local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
接口配置
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto eth0
iface eth0 inet dhcp
allow-hotplug wlan0
# post-up iptables-restore < /etc/iptables.up.rules
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
#LAN Port
auto iface eth1
iface eth1 inet static
address 192.168.11.1
netmask 255.255.255.0
dns-nameservers 8.8.8.8 8.8.4.4
主机配置
interface=wlan0
#driver=rtl871xdrv
ssid=SuperWifi
country_code=GB
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=$3cre7P@$$w0rd
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wme_enabled=1
IP表
# Generated by xtables-save v1.8.2 on Mon Sep 2 14:40:14 2019
*filter
:INPUT DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -i wlan0 -j ACCEPT
-A INPUT -m state -i eth1 --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state -i wlan0 --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i wlan0 -j ACCEPT
-A FORWARD -m state -i eth0 -o eth1 --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state -i eth0 -o wlan0 --state ESTABLISHED,RELATED -j ACCEPT
COMMIT
# Completed on Mon Sep 2 14:40:14 2019
# Generated by xtables-save v1.8.2 on Mon Sep 2 14:40:14 2019
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Mon Sep 2 14:40:14 2019
# Generated by xtables-save v1.8.2 on Mon Sep 2 14:40:14 2019
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Sep 2 14:40:14 2019
有趣的事实是,当我启用 IP 表时,一切都可以完美地连接到网络,但笔记本电脑本身(我托管服务器的地方)没有互联网连接。
当我禁用 iptables 时,笔记本电脑有互联网,但没有客户端。如何允许托管服务器的笔记本电脑能够连接到互联网?
基本上,我正在尝试创建一个 TOR 路由器,但在笔记本电脑上,我需要服务器能够在互联网上进行通信,然后再尝试其他操作。
ip route按要求当 IPTABLES 处于活动状态时我的输出
me@router:~ $ ip route
default via 192.168.0.1 dev eth0
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.13
192.168.11.0/24 dev eth1 proto kernel scope link src 192.168.11.1 linkdown
192.168.42.0/24 dev wlan0 proto kernel scope link src 192.168.42.1
答案1
据我所知,您似乎没有将路由选项设置为 1。您可以通过以下方式检查:cat /proc/sys/net/ipv4/ip_forward
如果结果为 0,则关闭。您可以使用以下命令将其直接更改为您正在运行的系统:echo 1 > /proc/sys/net/ipv4/ip_forward
然后,为了使其强制执行,请编辑 /etc/sysctl.conf 文件并取消注释显示的行net.ipv4.ip_forward=1