我有一台旧的 Ubuntu 服务器,用作路由器/防火墙和家庭服务器。我最近拼凑了一个基于 20.04 的新服务器,并复制了我之前使用的配置(将其从接口移动到 netplan),但无法使其工作。目标是让它作为我的家庭网络的内部路由器和 dhcp 服务器工作,并直接连接到调制解调器以路由外部流量。话虽如此,它不起作用。外部网卡完全按预期工作,dhcp 配置正在正确分配地址。但是,流量没有从内部网卡传递到外部网卡。我觉得这是路由的问题,但这有点超出我的知识范围。任何帮助都将不胜感激。enp10s0
= 外部网卡
enp12s0 = 内部网卡
知识产权
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp12s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 3c:8c:f8:ed:6f:b3 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global enp12s0
valid_lft forever preferred_lft forever
inet6 fe80::3e8c:f8ff:feed:6fb3/64 scope link
valid_lft forever preferred_lft forever
3: enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 70:85:c2:54:18:46 brd ff:ff:ff:ff:ff:ff
inet 24.107.208.9/20 brd 24.107.223.255 scope global dynamic enp10s0
valid_lft 3581sec preferred_lft 3581sec
inet6 2600:6c40:700c:100:dd08:d359:b2cb:4825/128 scope global dynamic noprefixroute
valid_lft 600100sec preferred_lft 600100sec
inet6 fe80::7285:c2ff:fe54:1846/64 scope link
valid_lft forever preferred_lft forever
dhcp配置文件
option domain-name-servers 8.8.8.8, 8.8.4.4;
default-lease-time 4300;
max-lease-time 7200;
ddns-update-style none;
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.51 192.168.1.200;
option routers 192.168.1.1;
option broadcast-address 192.168.1.255;
option domain-name-servers 8.8.8.8, 8.8.4.4;
}
iptables(来自 iptables-save)
*nat
:PREROUTING ACCEPT [104:7022]
:INPUT ACCEPT [40:3328]
:OUTPUT ACCEPT [9:2250]
:POSTROUTING ACCEPT [71:5639]
-A POSTROUTING -o enp10s0 -j MASQUERADE
COMMIT
# Completed on Sat Oct 8 14:32:04 2022
# Generated by iptables-save v1.8.4 on Sat Oct 8 14:32:04 2022
*filter
:INPUT ACCEPT [8:1326]
:FORWARD ACCEPT [95:5648]
:OUTPUT ACCEPT [144:16603]
-A INPUT -i enp12s0 -j ACCEPT
-A FORWARD -i enp12s0 -o enp10s0 -j ACCEPT
-A FORWARD -i enp10s0 -o enp12so -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
网络计划
network:
renderer: networkd
ethernets:
enp10s0:
dhcp4: true
match:
macaddress: 70:85:c2:54:18:46
set-name: enp10s0
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
enp12s0:
addresses:
- 192.168.1.1/24
dhcp4: false
match:
macaddress: 3c:8c:f8:ed:6f:b3
set-name: enp12s0
gateway4: 192.168.1.1
version: 2
路线-n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 enp12s0
0.0.0.0 24.107.208.1 0.0.0.0 UG 100 0 0 enp10s0
24.107.208.0 0.0.0.0 255.255.240.0 U 0 0 0 enp10s0
24.107.208.1 0.0.0.0 255.255.255.255 UH 100 0 0 enp10s0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp12s0