如何从第一个接口向连接到第二个接口的设备共享互联网?

如何从第一个接口向连接到第二个接口的设备共享互联网?

如何设置网络,以便连接到第二个以太网接口的本地网络中的设备可以使用第一个以太网接口上可用的互联网?

使用 iproute2 我只能在本地网络中的设备和 Linux PC 之间创建连接,而 Linux PC 仍然具有互联网连接。但是,本地网络中的设备无法使用此 Internet 连接。

[编辑2]当前配置基于本指南

我猜测我的 ip 路由地址不正确,这就是问题所在。

设置如下:

Internet
   |
   |
   |
(enp0s31f6) = Linux PC = (enx00249b233bda)
                                 |
                                 |
                                 |
                           NetworkSwitch
                                 |
                                 |
                                 |---(eth0) = Raspberry Pi 1
                                 |
                                 |
                                 |---(eth0) = Raspberry Pi 2

--     ethernet cable
|      ethernet cable
(eth0) network interface name

[编辑] 目标是让 Linux PC 和所有 Respberry Pi 连接到互联网并相互连接。

所有设备都有静态 IP 地址。

Linux PC 运行 Ubuntu 16.04

下面未列出的所有设置均应为默认设置。

Linux PC 当前设置

ifconfig

enp0s31f6 Link encap:Ethernet  HWaddr 48:4d:7e:b1:94:4d  
          inet addr:128.40.57.144  Bcast:128.40.57.255  Mask:255.255.255.0
          inet6 addr: fe80::4a4d:7eff:feb1:944d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1806664 errors:0 dropped:82518 overruns:0 frame:0
          TX packets:81807 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:601022858 (601.0 MB)  TX bytes:15652101 (15.6 MB)
          Interrupt:19 Memory:f7100000-f7120000 

enx00249b233bda Link encap:Ethernet  HWaddr 00:24:9b:23:3b:da  
          inet addr:192.168.0.10  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::224:9bff:fe23:3bda/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:300302 errors:0 dropped:0 overruns:0 frame:0
          TX packets:373077 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:26170910 (26.1 MB)  TX bytes:476407809 (476.4 MB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:193 errors:0 dropped:0 overruns:0 frame:0
          TX packets:193 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:17086 (17.0 KB)  TX bytes:17086 (17.0 KB)

/etc/network/interfaces

# Static IP for internet connection
auto lo
iface lo inet loopback
auto enp0s31f6
iface enp0s31f6 inet static
address 128.40.57.144
netmask 255.255.255.0
gateway 128.40.50.245
dns-nameservers 144.82.250.1 193.160.250.1

# Network adapter interfacing with RPis
allow-hotplug enx00249b233bda
iface enx00249b233bda inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.11
dns-nameservers 144.82.250.1 193.160.250.1
post-up ip route add 192.168.0.0/24 dev enx00249b233bda src 192.168.0.10 table rt2
post-up ip route add default via 192.168.0.11 dev enx00249b233bda table rt2
post-up ip rule add from 192.168.0.10/32 table rt2
post-up ip rule add to 192.168.0.10/32 table rt2

/etc/iproute2/rt_tables

#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
#1  inr.ruhep
1 rt2

ip route show

default via 128.40.50.245 dev enp0s31f6 onlink 
128.40.57.0/24 dev enp0s31f6  proto kernel  scope link  src 128.40.57.144 
169.254.0.0/16 dev enp0s31f6  scope link  metric 1000 
192.168.0.0/24 dev enx00249b233bda  proto kernel  scope link  src 192.168.0.10 

树莓派 1 当前设置

ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.22  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::3fa1:761c:f861:dae3  prefixlen 64  scopeid 0x20<link>
        ether dc:a6:32:2f:11:38  txqueuelen 1000  (Ethernet)
        RX packets 7489  bytes 537762 (525.1 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 7417  bytes 2128900 (2.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2270  bytes 215650 (210.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2270  bytes 215650 (210.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether dc:a6:32:2f:11:3b  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

/etc/network/interfaces

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

/etc/dhcpcd.conf

# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
#duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# Most distributions have NTP support.
#option ntp_servers

# A ServerID is required by RFC2131.
require dhcp_server_identifier

# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private

# Example static IP configuration:
#interface eth0
#static ip_address=192.168.0.10/24
#static ip6_address=fd51:42f8:caae:d92e::ff/64
#static routers=192.168.0.1
#static domain_name_servers=192.168.0.1 8.8.8.8 fd51:42f8:caae:d92e::1

# It is possible to fall back to a static IP if DHCP fails:
# define static profile
#profile static_eth0
#static ip_address=192.168.1.23/24
#static routers=192.168.1.1
#static domain_name_servers=192.168.1.1

# fallback to static profile on eth0
#interface eth0
#fallback static_eth0

# Static IP for connection to Recording PC
interface eth0
static ip_address=192.168.0.22/24
static routers=192.168.0.11
static domain_name_servers=192.168.0.11

答案1

您的RasPi当前可以与Linux PC通信,因为它位于同一网段并且IP地址为192.168.0.10。但是,当 RasPi 尝试访问互联网中的某些内容时,它会尝试将数据包发送到 192.168.0.11 以进行进一步路由。但由于Linux PC在RasPi网络侧的地址是192.168.0.10,不是.11,Linux PC 将永远不会接收 RasPi 的传出数据包,因此无法路由它们。

这是错误的:RasPi 应该将其路由器/网关地址设置为 192.168.0.10,不是 .11。

当您gateway 192.168.0.11在 Linux PC 的配置中指定 时enx00249b233bda,并不意味着 Linux PC 应该声明.11自己的地址 - 这意味着您说有一些其他RasPi 网络中的系统,.11其地址具有互联网连接。

这是错误的:Linux PC 不需要gateway配置线enx00249b233bda,因为 Linux PCRasPi 网络的网关。您应该gateway从接口配置中删除或注释掉该行enx00249b233bda

我不明白为什么您需要任何这些ip route add东西:只需配置网络接口就会自动生成到 192.168.0.0/24 网络的路由,这足以满足您的需求。注释掉所有ip route add命令,重新启动,然后继续阅读。

由于您显然只有一个公共 IP 地址,因此您必须在 Linux PC 上设置 IP 伪装。简单地说,iptables它会像这样完成:

iptables -w -t nat -A POSTROUTING -s 192.168.0.0/24 -o enp0s31f6 -j MASQUERADE

然后,您需要一些非常基本的规则来启用从 RasPi 网络到外部世界的 IP 转发,并接受返回的任何响应数据包:

iptables -w -t filter -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -w -t filter -A FORWARD -i enx00249b233bda -j ACCEPT

对于某些需要特殊连接跟踪助手的协议,您可能必须添加如下行(这曾经是自动的,直到有人找到了滥用它的方法。这就是为什么我们不能拥有美好的东西......抱怨...... ):

iptables -w -t raw -A PREROUTING -i enx00249b233bda -p tcp --dport 21 -j CT --helper ftp

这将激活从 RasPi 网络到互联网的传出 FTP 控制连接所需的特殊处理。特殊处理会监听FTP控制连接并自动允许相应的数据连接通过。还有一些其他方案可能需要类似的处理。

除了 FTP 之外,其他需要特殊处理的协议可能是:

  • SNMP(UDP 端口 161,助手名称snmp
  • SIP(TCP 和 UDP、端口 5060、助手名称sip
  • IRC 聊天(TCP、端口号可能有所不同、助手名称irc

(我知道 Ubuntu 有ufw,但我不知道如何使用它来设置等效的防火墙规则。如果其他人知道,请随时在此处编辑它。)

以上所有措施都将完全无效直到您激活IPv4路由主交换机。首先,确保该/etc/sysctl.conf文件中包含以下行:

net.ipv4.ip_forward=1

然后重新启动,或运行此命令以使设置立即生效:

sudo sysctl -p

(为什么存在这个主交换机?基本上是为了让将系统配置为路由器的人更有可能“完成他们的作业”,因此有机会不会导致网络中的路由循环或任何其他愚蠢的事情。)

相关内容