Linux 计算机与路由器共享互联网不工作

Linux 计算机与路由器共享互联网不工作

我遵循了许多指南,了解如何将我的 Linux 桌面(使用 KDE 和网络管理器)连接到路由器的 WAN,以便共享我的 wifi 互联网连接。我有 2 张 wifi 卡。我还有一个主板以太网和一个 USB 以太网。

当前设置:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
    valid_lft forever preferred_lft forever
2: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    
    altname enp9s0
    inet 10.42.0.1/24 brd 10.42.0.255 scope global noprefixroute eth3
    valid_lft forever preferred_lft forever
    inet6 fe80::dfa0:b499:5011:7137/64 scope link noprefixroute 
    valid_lft forever preferred_lft forever
3: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    
    altname enp10s0u4
    inet 192.168.0.205/24 brd 192.168.0.255 scope global dynamic noprefixroute eth4
    valid_lft 5559sec preferred_lft 5559sec
    inet6 fe80::ca35:b706:3221:389a/64 scope link noprefixroute 
    valid_lft forever preferred_lft forever
4: wlan5: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
   
    altname wlp7s0
5: wlan3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    
    altname wlp8s0
    inet 192.168.1.130/24 brd 192.168.1.255 scope global noprefixroute wlan3
    valid_lft forever preferred_lft forever
    inet6 fe80::9b34:b8cc:c0d4:7e24/64 scope link noprefixroute 
    valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
   
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
    valid_lft forever preferred_lft forever
7: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
    valid_lft forever preferred_lft forever

因此,我的 eth3 为路由器提供 ip 地址。而 wlan3 和 wlan5 提供互联网。我已尝试为路由器 WAN 使用 DHCP 以及 STATIC,如下所示:

ip:               10.42.0.2
subnet:           255.255.255.0
default gateway:  10.42.0.1
dns:              10.42.0.1

目前,路由器上有一个绿色的互联网符号,网络界面显示互联网已连接。我通过创建一个新连接、限制到设备 eth3 和 ipv4 方法“共享给其他计算机”来实现这一点。

所以路由器似乎很顺利。但是当我从手机连接到路由器时,我得到的 IP 地址是 192.168.0.119,但没有互联网(这是一部三星 s20,它询问我是否要连接,因为没有互联网连接,我说是的,仅此一次)

当我在手机上使用 IP 工具并对 google.com 进行跟踪路由时,它显示 192.168.0.1,然后显示 10.42.0.1,然后停止。

我已经添加了 iptables 命令以及用于 ipv4 数据包转发的内核选项。我的手机无法通过路由器连接到互联网。

我不介意一步步了解如何查看数据包并查看 IP 标头是什么以及它们应该是什么。我觉得每个人都忽略了这些细节,只是告诉人们一些不容易解决的解决方案。

如果你想查看我的 iptables:

root: ~> iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  10.42.0.0/24         anywhere            
LIBVIRT_INP  all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  10.42.0.0/24         anywhere            
LIBVIRT_FWX  all  --  anywhere             anywhere            
LIBVIRT_FWI  all  --  anywhere             anywhere            
LIBVIRT_FWO  all  --  anywhere             anywhere            
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_OUT  all  --  anywhere             anywhere            

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain LIBVIRT_FWI (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain LIBVIRT_FWO (1 references)
target     prot opt source               destination         
ACCEPT     all  --  192.168.122.0/24     anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain LIBVIRT_FWX (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain LIBVIRT_INP (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootpc

编辑: @Peregrino69 我不想与“普通”路由器交互的原因是速度问题。我正在使用 VR 虚拟机(GPU 直通)设置,需要将自己的路由器直接连接到我的电脑,这样当我将 Quest 2 连接到路由器时,我将获得虚拟桌面和天空盒(电影)的适当速度。但是当我将 Quest 2 连接到我自己的路由器时,我也希望有互联网连接。此外,这可能不太受重视,我需要了解这些事情。我并不单纯想让它工作。我需要知道它为什么工作或不工作。

编辑3 这是我的最新信息:当前设置已更新

eth3 从我的计算机连接到 wan,并通过网络管理器连接“共享给其他计算机”

路由器上没有我能看到的任何 NAT 内容。这是一个 TP Link。您可以在这里看到我所拥有的内容:https://www.amazon.com/gp/product/B07N1L5HX1

它已启用 UPnP,但该页面上未显示任何内容。

路由器上的路由 wlan3 从我的 wifi 卡连接到路由器 LAN 192.168.1.0/24 我将 wlan3 设置为 /23 而不是 /24,因为我试图让它与连接到我连接的路由器的任何设备处于同一网络上。这是另一个问题。我刚刚通过 /24 连接了 wlan3 我暂时断开了 wlan5 和 eth4 的连接

系统控制:

root: ~> sysctl net.ipv4
...
net.ipv4.conf.default.forwarding = 1
...
net.ipv4.conf.eth3.forwarding = 1
...

最新的 iptables:

root: ~> iptables-save
# Generated by iptables-save v1.8.7 on Fri Mar 31 01:37:38 2023
*nat
:PREROUTING ACCEPT [145211:42812440]
:INPUT ACCEPT [8987:591413]
:OUTPUT ACCEPT [13293:5054949]
:POSTROUTING ACCEPT [12459:4884182]
:DOCKER - [0:0]
:LIBVIRT_PRT - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -o eth3 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Mar 31 01:37:38 2023
# Generated by iptables-save v1.8.7 on Fri Mar 31 01:37:38 2023
*mangle
:PREROUTING ACCEPT [1157190:19678443094]
:INPUT ACCEPT [948790:19513179556]
:FORWARD ACCEPT [162522:148255068]
:OUTPUT ACCEPT [867963:19370366770]
:POSTROUTING ACCEPT [1015528:19517495487]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Fri Mar 31 01:37:38 2023
# Generated by iptables-save v1.8.7 on Fri Mar 31 01:37:38 2023
*raw
:PREROUTING ACCEPT [1686243:20749169464]
:OUTPUT ACCEPT [1182929:19427208163]
COMMIT
# Completed on Fri Mar 31 01:37:38 2023
# Generated by iptables-save v1.8.7 on Fri Mar 31 01:37:38 2023
*security
:INPUT ACCEPT [1266254:20518815090]
:FORWARD ACCEPT [168441:148709755]
:OUTPUT ACCEPT [1182929:19427208163]
COMMIT
# Completed on Fri Mar 31 01:37:38 2023
# Generated by iptables-save v1.8.7 on Fri Mar 31 01:37:38 2023
*filter
:INPUT ACCEPT [944745:19512471228]
:FORWARD DROP [15759:1324771]
:OUTPUT ACCEPT [867947:19370361522]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:LIBVIRT_FWI - [0:0]
:LIBVIRT_FWO - [0:0]
:LIBVIRT_FWX - [0:0]
:LIBVIRT_INP - [0:0]
:LIBVIRT_OUT - [0:0]
-A INPUT -j LIBVIRT_INP
-A FORWARD -s 10.42.0.0/24 -j ACCEPT
-A FORWARD -j LIBVIRT_FWX
-A FORWARD -j LIBVIRT_FWI
-A FORWARD -j LIBVIRT_FWO
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A OUTPUT -j LIBVIRT_OUT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT
COMMIT
# Completed on Fri Mar 31 01:37:38 2023

在手机上对 13.112.187.226 (即 w3schools.org)进行跟踪路由时使用 tcpdumps。只想访问一个简单的网页:

eth3:

root: ~> tcpdump -i eth3 -n udp -w ./eth3.txt
tcpdump: listening on eth3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C35 packets captured
37 packets received by filter
0 packets dropped by kernel


root: ~> tcpdump -r ./eth3.txt 
reading from file ./eth3.txt, link-type EN10MB (Ethernet), snapshot length 262144
02:06:40.146709 IP 10.42.0.2.60589 > 10.42.0.1.domain: 2+ A? a.root-servers.net. (36)
02:06:40.146910 IP 10.42.0.1.domain > 10.42.0.2.60589: 2 1/0/0 A 198.41.0.4 (52)
02:06:40.859784 IP 10.42.0.2.canditv > 10.42.0.1.domain: 29431+ A? probes.probelytics.com. (40)
02:06:40.860235 IP 10.42.0.2.38287 > 10.42.0.1.domain: 14888+ A? probes.probelytics.com. (40)
02:06:42.219228 IP 10.42.0.2.40567 > 10.42.0.1.domain: 31+ A? time-b.nist.gov. (33)
02:06:42.219764 IP 10.42.0.2.48973 > 10.42.0.1.domain: 5494+ A? time-b.nist.gov. (33)
02:06:42.219764 IP 10.42.0.2.43738 > 10.42.0.1.domain: 31+ A? time-b.nist.gov. (33)
02:06:43.172699 IP 10.42.0.2.39751 > 10.42.0.1.domain: 58256+ A? live.com. (26)
02:06:43.172878 IP 10.42.0.1.domain > 10.42.0.2.39751: 58256 1/0/0 A 204.79.197.212 (42)
02:06:45.865474 IP 10.42.0.2.canditv > 10.42.0.1.domain: 29431+ A? probes.probelytics.com. (40)
02:06:45.897767 IP 10.42.0.1.domain > 10.42.0.2.canditv: 29431 2/2/12 A 172.67.147.19, A 104.21.10.243 (391)
02:06:45.897784 IP 10.42.0.1.domain > 10.42.0.2.38287: 14888 2/2/12 A 172.67.147.19, A 104.21.10.243 (391)
02:06:47.219375 IP 10.42.0.2.43248 > used-to-be-ntp.okstate.edu.ntp: NTPv3, Client, length 48
02:06:47.219716 IP 10.42.0.2.52038 > used-to-be-ntp.okstate.edu.ntp: NTPv3, Client, length 48
02:06:47.452265 IP 10.42.0.2.27341 > 10.42.0.1.domain: 25678+ A? mtalk.google.com. (34)
02:06:47.452819 IP 10.42.0.2.53748 > 10.42.0.1.domain: 16638+ A? mtalk.google.com. (34)
02:06:47.719848 IP 10.42.0.2.45868 > time-nw.nist.gov.ntp: NTPv3, Client, length 48
02:06:47.720384 IP 10.42.0.2.58488 > time-nw.nist.gov.ntp: NTPv3, Client, length 48
02:06:48.220686 IP 10.42.0.2.49532 > ntp.alaska.edu.ntp: NTPv3, Client, length 48
02:06:48.221193 IP 10.42.0.2.54813 > ntp.alaska.edu.ntp: NTPv3, Client, length 48
02:06:48.721475 IP 10.42.0.2.47223 > 140.142.16.34.ntp: NTPv3, Client, length 48
02:06:48.721475 IP 10.42.0.2.34965 > 140.142.16.34.ntp: NTPv3, Client, length 48
02:06:49.221840 IP 10.42.0.2.56956 > india.colorado.edu.ntp: NTPv3, Client, length 48
02:06:49.221989 IP 10.42.0.2.34474 > india.colorado.edu.ntp: NTPv3, Client, length 48
02:06:49.722792 IP 10.42.0.2.55790 > 137.146.210.250.ntp: NTPv3, Client, length 48
02:06:49.722792 IP 10.42.0.2.46281 > 137.146.210.250.ntp: NTPv3, Client, length 48
02:06:50.223511 IP 10.42.0.2.37790 > sth1.ntp.se.ntp: NTPv3, Client, length 48
02:06:50.223693 IP 10.42.0.2.56904 > sth1.ntp.se.ntp: NTPv3, Client, length 48
02:06:50.724017 IP 10.42.0.2.53096 > tick.uh.edu.ntp: NTPv3, Client, length 48
02:06:50.724017 IP 10.42.0.2.40899 > tick.uh.edu.ntp: NTPv3, Client, length 48
02:06:51.224758 IP 10.42.0.2.57519 > this.has.not.been.ntp.server.time.nist.gov.since.2012.ntp: NTPv3, Client, length 48
02:06:51.224946 IP 10.42.0.2.39152 > this.has.not.been.ntp.server.time.nist.gov.since.2012.ntp: NTPv3, Client, length 48
02:06:51.617033 IP 10.42.0.1.59824 > 239.255.255.250.ssdp: UDP, length 173
02:06:51.725581 IP 10.42.0.2.44994 > a4.cs.umb.edu.ntp: NTPv3, Client, length 48
02:06:51.725582 IP 10.42.0.2.50268 > a4.cs.umb.edu.ntp: NTPv3, Client, length 48

WLAN3:

root: ~> tcpdump -i wlan3 -n udp -w ./wlan3.txt
tcpdump: listening on wlan3, link-type EN10MB (Ethernet), snapshot length 262144 bytes
^C4 packets captured
5 packets received by filter
0 packets dropped by kernel

root: ~> tcpdump -r ./wlan3.txt 
reading from file ./wlan3.txt, link-type EN10MB (Ethernet), snapshot length 262144
02:05:32.164673 IP DESKTOP-89BBSOL.db-lsp-disc > 255.255.255.255.db-lsp-disc: UDP, length 180
02:05:34.213746 IP 192.168.1.130.54474 > DeviceDHCP.Home.domain: 48304+ A? firebaseinstallations.googleapis.com. (54)
02:05:34.226650 IP DeviceDHCP.Home.domain > 192.168.1.130.54474: 48304 9/4/8 A 172.253.124.95, A 142.250.105.95, A 142.250.9.95, A 142.250.189.106, A 74.125.138.95, A 64.233.185.95, A 64.233.177.95, A 142.250.176.74, A 142.251.45.234 (456)
02:05:35.747694 IP ESP_DCE2AA.49154 > 255.255.255.255.6667: UDP, length 188

答案1

我认为它现在已能正常工作……我的意思是我可以访问互联网。我想知道它为何能正常工作。我会自己深入研究一下并尝试更新答案。

但这对我有用:

eth3 是主板以太网链接到路由器的 wan,方法为“共享给其他计算机”

wlan3 是 192.168.1.0/24 路由​​器的 wifi 卡,为计算机提供互联网

手机正在连接到 192.168.0.1 网络内的路由器

路由器具有问题中所列出的静态 IP。

iptables -A FORWARD -i eth3 -o wlan3 -j ACCEPT
iptables -A FORWARD -i wlan3 -o eth3 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -t nat -A POSTROUTING -o wlan3 -j MASQUERADE

据我所知,我的所有 iptables 都与此连接有关,但真正需要的是第二个 iptables。我的意思是,我看过的一些教程中没有这个。

相关内容