如何设置网络,以便连接到第二个以太网接口的本地网络中的设备可以使用第一个以太网接口上可用的互联网?
使用 iproute2 我只能在本地网络中的设备和 Linux PC 之间创建连接,而 Linux PC 仍然具有互联网连接。但是,本地网络中的设备无法使用此 Internet 连接。
[编辑2]当前配置基于本指南。
我猜测我的 ip 路由地址不正确,这就是问题所在。
设置如下:
Internet
|
|
|
(enp0s31f6) = Linux PC = (enx00249b233bda)
|
|
|
NetworkSwitch
|
|
|---(eth0) = Raspberry Pi 1
|
|
|---(eth0) = Raspberry Pi 2
-- ethernet cable
| ethernet cable
(eth0) network interface name
[编辑] 目标是让 Linux PC 和所有 Respberry Pi 连接到互联网并相互连接。
所有设备都有静态 IP 地址。
Linux PC 运行 Ubuntu 16.04
下面未列出的所有设置均应为默认设置。
Linux PC 当前设置
ifconfig
enp0s31f6 Link encap:Ethernet HWaddr 48:4d:7e:b1:94:4d
inet addr:128.40.57.144 Bcast:128.40.57.255 Mask:255.255.255.0
inet6 addr: fe80::4a4d:7eff:feb1:944d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1806664 errors:0 dropped:82518 overruns:0 frame:0
TX packets:81807 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:601022858 (601.0 MB) TX bytes:15652101 (15.6 MB)
Interrupt:19 Memory:f7100000-f7120000
enx00249b233bda Link encap:Ethernet HWaddr 00:24:9b:23:3b:da
inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::224:9bff:fe23:3bda/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:300302 errors:0 dropped:0 overruns:0 frame:0
TX packets:373077 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:26170910 (26.1 MB) TX bytes:476407809 (476.4 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:193 errors:0 dropped:0 overruns:0 frame:0
TX packets:193 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:17086 (17.0 KB) TX bytes:17086 (17.0 KB)
/etc/network/interfaces
# Static IP for internet connection
auto lo
iface lo inet loopback
auto enp0s31f6
iface enp0s31f6 inet static
address 128.40.57.144
netmask 255.255.255.0
gateway 128.40.50.245
dns-nameservers 144.82.250.1 193.160.250.1
# Network adapter interfacing with RPis
allow-hotplug enx00249b233bda
iface enx00249b233bda inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.11
dns-nameservers 144.82.250.1 193.160.250.1
post-up ip route add 192.168.0.0/24 dev enx00249b233bda src 192.168.0.10 table rt2
post-up ip route add default via 192.168.0.11 dev enx00249b233bda table rt2
post-up ip rule add from 192.168.0.10/32 table rt2
post-up ip rule add to 192.168.0.10/32 table rt2
/etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
1 rt2
ip route show
default via 128.40.50.245 dev enp0s31f6 onlink
128.40.57.0/24 dev enp0s31f6 proto kernel scope link src 128.40.57.144
169.254.0.0/16 dev enp0s31f6 scope link metric 1000
192.168.0.0/24 dev enx00249b233bda proto kernel scope link src 192.168.0.10
树莓派 1 当前设置
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.22 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::3fa1:761c:f861:dae3 prefixlen 64 scopeid 0x20<link>
ether dc:a6:32:2f:11:38 txqueuelen 1000 (Ethernet)
RX packets 7489 bytes 537762 (525.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7417 bytes 2128900 (2.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 2270 bytes 215650 (210.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2270 bytes 215650 (210.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether dc:a6:32:2f:11:3b txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
/etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
/etc/dhcpcd.conf
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.
# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel
# Inform the DHCP server of our hostname for DDNS.
hostname
# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
#duid
# Persist interface configuration when dhcpcd exits.
persistent
# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit
# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu
# Most distributions have NTP support.
#option ntp_servers
# A ServerID is required by RFC2131.
require dhcp_server_identifier
# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private
# Example static IP configuration:
#interface eth0
#static ip_address=192.168.0.10/24
#static ip6_address=fd51:42f8:caae:d92e::ff/64
#static routers=192.168.0.1
#static domain_name_servers=192.168.0.1 8.8.8.8 fd51:42f8:caae:d92e::1
# It is possible to fall back to a static IP if DHCP fails:
# define static profile
#profile static_eth0
#static ip_address=192.168.1.23/24
#static routers=192.168.1.1
#static domain_name_servers=192.168.1.1
# fallback to static profile on eth0
#interface eth0
#fallback static_eth0
# Static IP for connection to Recording PC
interface eth0
static ip_address=192.168.0.22/24
static routers=192.168.0.11
static domain_name_servers=192.168.0.11
答案1
您的RasPi当前可以与Linux PC通信,因为它位于同一网段并且IP地址为192.168.0.10。但是,当 RasPi 尝试访问互联网中的某些内容时,它会尝试将数据包发送到 192.168.0.11 以进行进一步路由。但由于Linux PC在RasPi网络侧的地址是192.168.0.10,不是.11,Linux PC 将永远不会接收 RasPi 的传出数据包,因此无法路由它们。
这是错误的:RasPi 应该将其路由器/网关地址设置为 192.168.0.10,不是 .11。
当您gateway 192.168.0.11在 Linux PC 的配置中指定 时enx00249b233bda,并不意味着 Linux PC 应该声明.11自己的地址 - 这意味着您说有一些其他RasPi 网络中的系统,.11其地址具有互联网连接。
这是错误的:Linux PC 不需要gateway配置线enx00249b233bda,因为 Linux PC是RasPi 网络的网关。您应该gateway从接口配置中删除或注释掉该行enx00249b233bda。
我不明白为什么您需要任何这些ip route add东西:只需配置网络接口就会自动生成到 192.168.0.0/24 网络的路由,这足以满足您的需求。注释掉所有ip route add命令,重新启动,然后继续阅读。
由于您显然只有一个公共 IP 地址,因此您必须在 Linux PC 上设置 IP 伪装。简单地说,iptables它会像这样完成:
iptables -w -t nat -A POSTROUTING -s 192.168.0.0/24 -o enp0s31f6 -j MASQUERADE
然后,您需要一些非常基本的规则来启用从 RasPi 网络到外部世界的 IP 转发,并接受返回的任何响应数据包:
iptables -w -t filter -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -w -t filter -A FORWARD -i enx00249b233bda -j ACCEPT
对于某些需要特殊连接跟踪助手的协议,您可能必须添加如下行(这曾经是自动的,直到有人找到了滥用它的方法。这就是为什么我们不能拥有美好的东西......抱怨...... ):
iptables -w -t raw -A PREROUTING -i enx00249b233bda -p tcp --dport 21 -j CT --helper ftp
这将激活从 RasPi 网络到互联网的传出 FTP 控制连接所需的特殊处理。特殊处理会监听FTP控制连接并自动允许相应的数据连接通过。还有一些其他方案可能需要类似的处理。
除了 FTP 之外,其他需要特殊处理的协议可能是:
- SNMP(UDP 端口 161,助手名称
snmp) - SIP(TCP 和 UDP、端口 5060、助手名称
sip) - IRC 聊天(TCP、端口号可能有所不同、助手名称
irc)
(我知道 Ubuntu 有ufw,但我不知道如何使用它来设置等效的防火墙规则。如果其他人知道,请随时在此处编辑它。)
以上所有措施都将完全无效直到您激活IPv4路由主交换机。首先,确保该/etc/sysctl.conf文件中包含以下行:
net.ipv4.ip_forward=1
然后重新启动,或运行此命令以使设置立即生效:
sudo sysctl -p
(为什么存在这个主交换机?基本上是为了让将系统配置为路由器的人更有可能“完成他们的作业”,因此有机会不会导致网络中的路由循环或任何其他愚蠢的事情。)