这个问题可能之前已经有人问过了,但是我不知道这个叫什么或者要使用什么搜索词
(这答案似乎是我需要的,但我不确定)
我有一个WRT1900ACS跑步OpenWrt 23.05具有五个 LAN 子网:
lan:10.1.0.0/19net1:10.1.15.0/28net2:10.1.20.0/27net3:10.1.25.0/27net4:10.1.25.28/30
我希望net1 - 4子网能够合理编号,这就是为什么lanCIDR 是/19,正如我的理解(可能不正确)如果lan设置为包含 子网的子网掩码,net3 - 4并将net3设置为包含 的子网掩码net4,我将能够从 上的设备lan和 上的设备访问它们上的设备net3:
- PC [
lan] → Airplay 服务器 [net3] - 电脑 [
lan] → 打印机 [net4] - 电脑 [
net3] → 打印机 [net4]
我在防火墙中分别和一起尝试过的方法(在防火墙配置中注释掉):
- 允许区域间转发
- 指定单独的区域间转发规则
配置:
/etc/config/network:# ##::[[--- OpenWrt WAN Network Config ---]]::## # =========================================================== ##----- Global -----## # =========================================================== # https://jodies.de/ipcalc?host=10.0.0.1&mask1=19&mask2= # =========================================================== ##----- Active Networks w/ WAN -----## # =========================================================== # Loopback # # ----------------------------------------------------------- config interface 'loopback' option device 'lo' option proto 'static' option ipaddr 127.0.0.1 option netmask 255.0.0.0 # =========================================================== # vLAN: WAN # # ----------------------------------------------------------- config device option name 'wan' config interface 'wan' option device 'wan' option proto 'dhcp' config interface 'wan6' option ifname 'wan' option proto 'dhcpv6' # =========================================================== # vLAN: LAN # # ----------------------------------------------------------- config device option name 'br-lan' option type 'bridge' list ports 'lan1' list ports 'lan4' config interface 'lan' option device 'br-lan' option proto 'static' option dns '208.67.222.222 208.67.220.220' option force_link 1 option ip6assign 60 option broadcast 10.1.31.255 option ipaddr 10.1.0.1 option netmask 255.255.224.0 # =========================================================== # vLAN: net1 # # ----------------------------------------------------------- config interface 'net1' option ifname 'net1' option type 'bridge' option proto 'static' option dns '208.67.222.222 208.67.220.220' option broadcast 10.1.15.15 option delegate 0 option ipaddr 10.1.15.1 option netmask 255.255.255.240 # vLAN: net2 # # ----------------------------------------------------------- config device option name 'br-net2' option type 'bridge' list ports 'lan2' config interface 'net3' option device 'br-net2' option proto 'static' option dns '208.67.222.222 208.67.220.220' option broadcast 10.1.20.31 option ipaddr 10.1.20.1 option netmask 255.255.255.224 # vLAN: net3 # # ----------------------------------------------------------- config device option name 'br-net3' option type 'bridge' list ports 'lan3' config interface 'net3' option device 'br-net3' option proto 'static' option dns '208.67.222.222 208.67.220.220' option broadcast 10.1.25.31 option ipaddr 10.1.25.1 option netmask 255.255.255.224 # vLAN: net4 # # ----------------------------------------------------------- config interface 'net4' option ifname 'net4' option type 'bridge' option proto 'static' option broadcast 10.1.25.31 option delegate 0 option ipaddr 10.1.25.29 option netmask 255.255.255.252
/etc/config/firewall:# ##::[[--- OpenWrt WAN Firewall Config ---]]::## # =========================================================== ##----- Scripts -----## # =========================================================== config include option path '/etc/firewall. User' # =========================================================== ##----- Default Zone -----## # =========================================================== config defaults option input 'ACCEPT' option forward 'REJECT' option output 'ACCEPT' option log_limit '10/second' option custom_chains 1 option drop_invalid 1 option log 1 option synflood_protect 1 option tcp_syncookies 1 option tcp_window_scaling 1 # =========================================================== ##----- NAT Redirects -----## # =========================================================== # SSH # # ----------------------------------------------------------- # =========================================================== ##----- Zones -----## # =========================================================== # WAN # # ----------------------------------------------------------- config zone option name 'wan' list network 'wan' list network 'wan6' option input 'REJECT' option forward 'REJECT' option output 'ACCEPT' option masq 1 option mtu_fix 1 # =========================================================== # LAN # # ----------------------------------------------------------- config zone option name 'lan' list network 'lan' option input 'ACCEPT' option forward 'ACCEPT' option output 'ACCEPT' config rule option target 'ACCEPT' option proto 'udp' option src 'lan' option dest '*' option dest_port '67:68' option name 'Allow LAN → WRT1900ACS (DHCP Requests)' config rule option target 'ACCEPT' option proto 'udp' option src '*' option dest 'lan' option dest_port '67:68' option name 'Allow WRT1900ACS → LAN (DHCP Renew)' config rule option target 'ACCEPT' option proto 'tcp udp' option src 'lan' option dest '*' option dest_port '53' option name 'Allow LAN → WRT1900ACS (DNS)' config rule option target 'ACCEPT' option proto 'icmp' option src 'lan' option dest '*' option name 'Allow LAN → WRT1900ACS (ICMP)' config rule option target 'ACCEPT' option proto 'all' option src 'lan' option dest '*' option name 'Allow LAN → WRT1900ACS' # config rule # option target 'ACCEPT' # option proto 'all' # option src 'lan' # option dest 'net3' # option name 'Allow LAN → net3' # =========================================================== ##----- Rules -----## # =========================================================== # vLAN: net1 # # ----------------------------------------------------------- config zone option name 'net1' list network 'net1' option input 'REJECT' option forward 'REJECT' option output 'ACCEPT' config rule option target 'ACCEPT' option proto 'udp' option src 'net1' option dest '*' option dest_port '67:68' option name 'Allow net1 → WRT1900ACS (DHCP Requests)' config rule option target 'ACCEPT' option proto 'udp' option src '*' option dest 'net1' option dest_port '67:68' option name 'Allow WRT1900ACS → net1 (DHCP Renew)' config rule option target 'ACCEPT' option proto 'tcp udp' option src 'net1' option dest '*' option dest_port '53' option name 'Allow net1 → WRT1900ACS (DNS)' config rule option target 'ACCEPT' option proto 'icmp' option src 'net1' option dest '*' option name 'Allow net1 → WRT1900ACS (ICMP)' config rule option target 'DROP' option proto 'all' option src 'net1' option dest '*' option dest_ip '10.1.15.15' option name 'Drop net1 → WRT1900ACS (Broadcast)' config rule option target 'REJECT' option proto 'all' option src 'net1' option dest 'lan' option name 'Reject net1 → LAN' config rule option target 'REJECT' option proto 'all' option src 'net1' option dest 'net2' option name 'Reject net1 → net2' config rule option target 'REJECT' option proto 'all' option src 'net1' option dest 'net3' option name 'Reject net1 → net3' config rule option target 'REJECT' option proto 'all' option src 'net1' option dest 'net4' option name 'Reject net1 → net4' # =========================================================== # vLAN: net2 # # ----------------------------------------------------------- config zone option name 'net2' list network 'net2' option input 'ACCEPT' option forward 'REJECT' option output 'ACCEPT' config rule option target 'ACCEPT' option proto 'udp' option src 'net2' option dest '*' option dest_port '67:68' option name 'Allow net2 → WRT1900ACS (DHCP Requests)' config rule option target 'ACCEPT' option proto 'udp' option src '*' option dest 'net2' option dest_port '67:68' option name 'Allow WRT1900ACS → net2 (DHCP Renew)' config rule option target 'ACCEPT' option proto 'tcp udp' option src 'net2' option dest '*' option dest_port '53' option name 'Allow net2 → WRT1900ACS (DNS)' config rule option target 'ACCEPT' option proto 'icmp' option src 'net2' option dest '*' option name 'Allow net2 → WRT1900ACS (ICMP)' config rule option target 'REJECT' option proto 'all' option src 'net2' option dest 'net1' option name 'Reject net2 → net1' # =========================================================== # vLAN: net3 # # ----------------------------------------------------------- config zone option name 'net3' list network 'net3' option input 'ACCEPT' option forward 'REJECT' option output 'ACCEPT' config rule option target 'ACCEPT' option proto 'udp' option src 'net3' option dest '*' option dest_port '67:68' option name 'Allow net3 → WRT1900ACS (DHCP Requests)' config rule option target 'ACCEPT' option proto 'udp' option src '*' option dest 'net3' option dest_port '67:68' option name 'Allow WRT1900ACS → net3 (DHCP Renew)' config rule option target 'ACCEPT' option proto 'tcp udp' option src 'net3' option dest '*' option dest_port '53' option name 'Allow net3 → WRT1900ACS (DNS)' config rule option target 'ACCEPT' option proto 'icmp' option src 'net3' option dest '*' option name 'Allow net3 → WRT1900ACS (ICMP)' config rule option target 'REJECT' option proto 'all' option src 'net3' option dest 'lan' option name 'Reject net3 → LAN' config rule option target 'REJECT' option proto 'all' option src 'net3' option dest 'net1' option name 'Reject net3 → net1' # =========================================================== # vLAN: net4 # # ----------------------------------------------------------- config zone option name 'net4' list network 'net4' option input 'ACCEPT' option forward 'REJECT' option output 'ACCEPT' config rule option target 'ACCEPT' option proto 'udp' option src 'net4' option dest '*' option dest_port '67:68' option name 'Allow net4 → WRT1900ACS (DHCP Requests)' config rule option target 'ACCEPT' option proto 'udp' option src '*' option dest 'net4' option dest_port '67:68' option name 'Allow WRT1900ACS → net4 (DHCP Renew)' config rule option target 'ACCEPT' option proto 'tcp udp' option src 'net4' option dest '*' option dest_port '53' option name 'Allow net4 → WRT1900ACS (DNS)' config rule option target 'ACCEPT' option proto 'icmp' option src 'net4' option dest '*' option name 'Allow net4 → WRT1900ACS (ICMP)' # =========================================================== ##----- Interzone Forwarding -----## # =========================================================== # vLAN: LAN # # ----------------------------------------------------------- config forwarding option src 'lan' option dest 'wan' # config forwarding # option src 'lan' # option dest 'net3' # config forwarding # option src 'lan' # option dest 'net4' # =========================================================== # vLAN: net1 # # ----------------------------------------------------------- config forwarding option src 'net1' option dest 'wan' # =========================================================== # vLAN: net2 # # ----------------------------------------------------------- config forwarding option src 'net2' option dest 'wan' # =========================================================== # vLAN: net3 # # ----------------------------------------------------------- config forwarding option src 'net3' option dest 'wan' # config forwarding # option src 'net3' # option dest 'net4' # =========================================================== # vLAN: net4 # # ----------------------------------------------------------- # config forwarding # option src 'net4' # option dest 'lan' # config forwarding # option src 'net4' # option dest 'net3'
/etc/config/dhcp:# ##::[[--- OpenWrt WAN DHCP #config ---]]::## # =========================================================== ##----- IPv4 DNS Server -----## # =========================================================== # DNS Masq # # ----------------------------------------------------------- config dnsmasq option domain 'WRT' option configdir '/tmp/dnsmasq.d' option local '/lan/' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' option ednspacket_max 1232 option authoritative 1 option boguspriv 1 option domainneeded 1 option cachesize 1000 option expandhosts 1 option filter_aaaa 0 option filter_a 0 option filterwin2k 1 option localise_queries 1 option localservice 1 option logquerries 0 option nonegcache 0 option nonwildcard 1 option quietdhcp 1 option readethers 1 option rebind_localhost 1 option rebind_protection 1 option sequential_ip 1 # =========================================================== ##----- IPv6 DNS Server -----## # =========================================================== # oDHCPd # # ----------------------------------------------------------- config odhcpd 'odhcpd' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' option loglevel 4 option maindhcp 0 # =========================================================== ##----- DHCP Settings -----## # =========================================================== # WAN # # ----------------------------------------------------------- config dhcp 'wan' option interface 'wan' option ignore 1 # =========================================================== # VLAN: LAN # # ----------------------------------------------------------- config dhcp 'lan' option interface 'lan' option dhcpv4 'server' option dhcpv6 'server' option leasetime '24h' option ra 'server' list ra_flags 'managed-config' list ra_flags 'other-config' option force 1 option limit 1 option ra_management 1 option ra_slaac 1 option start 21 # Static IPs # ----------------------------------------------------------- # =========================================================== # vLAN: net1 # # ----------------------------------------------------------- config dhcp 'net1' option interface 'net1' option leasetime '24h' option force 1 option limit 12 option start 3 # =========================================================== # vLAN: net2 # # ----------------------------------------------------------- config dhcp 'net2' option interface 'net2' option leasetime '24h' option force 1 option limit 12 option start 2 # Static IPs # ----------------------------------------------------------- # =========================================================== # vLAN: net3 # # ----------------------------------------------------------- config dhcp 'net3' option interface 'net3' option leasetime '24h' option force 1 option limit 1 option start 25 # Static IPs # ----------------------------------------------------------- # =========================================================== # vLAN: net4 # # ----------------------------------------------------------- config dhcp 'net4' option interface 'net4' option leasetime '24h' option force 1 option limit 1 option start 30 # Static IPs # -----------------------------------------------------------
答案1
我希望
net1 - 4子网能够合理编号,这就是为什么lanCIDR 是/19,正如我的理解(可能不正确)如果lan设置为包含 子网的子网掩码,net3 - 4并将net3设置为包含 的子网掩码net4,我将能够从 上的设备lan和 上的设备访问它们上的设备net3:
不,这与你的期望完全相反;子网绝不应以任何方式重叠。不要将其视为lan其他子网的“父级”。(航线虽然可以重叠;但通过其他网关拥有包含所有子网的单个 /19 或 /16 路由仍然有效。)
子网仅通过路由器连接;为了使子网 A 中的主机能够访问子网 B 中的任何内容,它们必须通过路由器(即将数据包发送到路由器的 MAC 地址)。
但如果子网重叠,则子网 A 中的主机将认为目标(属于子网 B)位于相同的子网与它们一样(即看起来好像它是子网 A 的一部分)——并且根据定义,同一子网的主机通常无需通过网关即可访问。
因此,源主机将尝试直接对目标 IP 进行 ARP 查询,但不会得到任何结果 - 除非路由器启用了代理 ARP(通常不启用;我认为只有古老的 Cisco IOS 默认启用它)。
这并不重要路由器如果数据包从一开始就没有到达路由器,则知道正确的路由(10.1.15.0/28 via net1将优先于)。10.1.0.0/17 via lan
除此之外,总体而言,这看起来并不“合理”。只有五个子网,你有充足的空间,使它们全部成为漂亮的圆形/24;没有必要将它们挤压到尽可能最小的尺寸——在具有五台主机的/16 和具有五台主机的/29 之间,性能差异完全相同。
此外,我记得,AirPlay 严重依赖于基于 mDNS 的自动发现,除非路由器有专门用于此的中继器,否则它无法跨子网工作。(常规 IP 路由不会这样做,甚至多播路由也不行。)对于 OpenWrt,域名系统似乎可以做到这一点;对于一般的Linux,avahi-daemon可以充当中继。