我的网络设置不起作用。FreeBSD

tag-icon tag-icon dhcp nat freebsd hostapd pf
我的网络设置不起作用。FreeBSD

这个问题是我在 提出的serverfault.com。它被关闭为题外话,建议在这里提问,在superuser。操作系统是FreeBSD 13.0

我需要建立的设置很简单。用人性化、简单的语言来描述设置如下。

  1. 我的笔记本电脑通过以太网电缆连接到 ISP。
  2. 我希望它(我的膝盖)能够传输 WiFi 信号,充当其他设备的 WiFi 路由器。所以我的笔记本电脑将成为 AP 或路由器,随便你怎么称呼。

我想要的结果是我和我的客人可以通过我的笔记本电脑使用互联网。

我按照一些论坛和 FreeBSD 手册操作过,但我的手机仍然无法上网。虽然我可以用笔记本电脑 ping 通它。

dhcpd我的想法是在网络接口上使用wlan0。之后,我被教导不要重新发明自行车,而是使用NAT。在 FreeBSDpf术语中,它将类似于(取自论坛):。nat on re0 inet from ! (re0) to any -> (re0)因此,我希望从电缆到 ISP 的所有内容都转换为。我的卑微想法是,某些设备连接到 AP,获​​取子网的 IP !re0,然后流量通过路由到电缆连接。re0re0wlan0NATre0

现在手机有 IP 了,可以 ping 手机,但是手机上不了网。

我将根据要求更新有关我的实际设置的信息。

请问,如果有人有一些可行的配置,或者分步指南,关于如何让一个简单的事情变得生动...如何让我的笔记本电脑充当典型的 WiFi 路由器?

更新

这是我的 pf 配置。如前所述,我有DHCP一个在 上运行的服务wlan0。外部接口 ,re0配置了静态地址。

# The name of our network interface as seen in `ifconfig`
ext_if="re0"
usb_if="ue0"
wlan_if="wlan0"

all_ifs = "{" $ext_if $usb_if $wlan_if "}"

# Macros to define the set of TCP and UDP ports to open.
# Add additional ports or ranges separated by commas.
# UDP 60000-60010 is mosh control http://mosh.mit.edu/
tcp_services = "{ssh, http, https}"
udp_services = "{60000:60010}"

# If you block all ICMP requests you will break things like path MTU
# discovery. These macros define allowed ICMP types. The additional
# ICMPv6 types are for neighbor discovery (RFC 4861)
icmp_types = "{echoreq, unreach}"
icmp6_types="{echoreq, unreach, 133, 134, 135, 136, 137}"

# Modulate the initial sequence number of TCP packets.
# Broken operating systems sometimes don't randomize this number,
# making it guessable.
tcp_state="flags S/SA keep state"
udp_state="keep state"

# send RST
set block-policy return

# Exempt the loopback interface to prevent services utilizing the
# local loop from being blocked accidentally.
set skip on lo0

# all incoming traffic on external interface is normalized and fragmented
# packets are reassembled.
scrub in on $all_ifs all fragment reassemble

# set a default deny policy.
block in log all

# This is a desktop so be permissive in allowing outgoing connections.
pass out quick modulate state

# Enable antispoofing on the external interface
antispoof for $all_ifs

# block packets that fail a reverse path check. we look up the routing
# table, check to make sure that the outbound is the same as the source
# it came in on. if not, it is probably source address spoofed.
block in from urpf-failed to any

# drop broadcast requests quietly.
block in quick on $all_ifs from any to 255.255.255.255

# Allow the services defined in the macros at the top of the file
pass in on $all_ifs inet proto tcp from any to any port $tcp_services $tcp_state
pass in on $all_ifs inet6 proto tcp from any to any port $tcp_services $tcp_state

pass in on $all_ifs inet proto udp from any to any port $udp_services $udp_state
pass in on $all_ifs inet6 proto udp from any to any port $udp_services $udp_state

# Allow ICMP
pass inet proto icmp all icmp-type $icmp_types keep state
pass inet6 proto icmp6 all icmp6-type $icmp6_types keep state

# forward packets from wlan0 to re0(cable)
nat on $ext_if inet from ! ($ext_if) to any -> ($ext_if)

说实话,上面的内容是我从某个 FreeBSD 论坛复制粘贴过来的。通过上述设置,我可以 ping 通我的手机,但仅此而已。

更新

我已经整理pf.conf好了

...
nat on $ext_if from $int_network to any -> $ext_if
pass out all
pass in all
...

尽管如此,接口tcpdumppflog0没有任何活动。我不知道有什么简单的方法来测试从发出的网络数据包流量$int_if。内部网络获得了分配的地址,但应该发往default网关的数据包却在某个地方丢失了。

更新

tcpdump在“内部网络”接口上显示,此接口的网关192.168.0.1正在请求到默认网关的路由。默认网关位于不同的网络上,并且没有将路由添加到路由表中。因此,手机只是继续向default(有线)网关广播。

dhcpd.conf我对DNS的网络进行了更改ISP,网关(路由器)是192.168.0.1,其余部分与文件一样。

该命令route add -net <ISP gateway> <192.168.0.1>起了作用。

为自己标记为半封闭

更新

由于我的 LAN 的特性,WI-FI 加密狗可以随时拔出,所以我不得不添加一些脚本来devd.conf动态添加/删除从内部网络默认网关到 ISP 默认网关的路由。

只需将两个脚本(rtwn0_up.shrtwn0_down.sh)放入即可/usr/local/sbin/。当网络接口处于 UP/DOWN 状态时,通知(调用这些脚本)的可能操作是:

# rtwn0.conf
# /etc/usr/local/devd/

 1 notify 100 {                                                                                                          
 2     match       "system"     "IFNET"
 3     match       "subsystem"  "rtwn0" # name of the interface for my WI-FI dongle
 4     match       "type"       "LINK_UP"
 5     media-type  "802.11"
 6     action      "/usr/local/sbin/rtwn0_up.sh"
 7 };
 8
 9 notify 100 {
10     match       "system"     "IFNET"
11     match       "subsystem"  "rtwn0" # name of the interface for my WI-FI dongle
12     match       "type"       "LINK_DOWN"
13     media-type  "802.11"
14     action      "/usr/local/sbin/rtwn0_down.sh"
15 };

我搜索了 SO 网站,没有找到类似的问题。不得不承认,阅读FreeBSD有关有用服务的文档可以节省我很多时间。我才刚刚开始熟悉devd。但即使在这一点上,我也觉得这是将所有脚本负担集中在一个地方的好方法。

答案1

设置的 NAT 部分归结为

/etc/rc.conf:

ifconfig_re0="..."
ifconfig_wlan0="..."


gateway_enable="YES"
pf_enable="YES"

/etc/pf.conf:

ext_if="re0"
int_if="wlan0"

nat on $ext_if from $int_if:network to any -> ($ext_if)
pass from { lo0, $int_if:network } to any keep state

您必须在其上添加 DHCP。

相关内容