如何连接两个本地网络?

tag-icon tag-icon linux ubuntu routing openwrt
如何连接两个本地网络?

我有一个家庭本地网络192.168.1.0/24(进一步来说 - LAN),以及一个位于 的 OpenWRT 路由器192.168.1.1。我的家庭服务器具有192.168.1.5多通道(带有 qemu 后端)和虚拟机10.57.240.0/24(进一步 - VM-LAN)网络(mpqemubr0 接口)。另外,我有一台笔记本电脑,地址为 192.168.1.137。我想从笔记本电脑访问 VM-LAN 网络。我在 OpenWRT 路由器上添加了一条静态路由,设置如下

IP - 10.57.240.0
Netmask - 255.255.255.0
Gateway - 192.168.1.5

当我从笔记本电脑 ping 10.57.240.47 时,出现错误

From 192.168.1.5 icmp_seq=1 Destination Port Unreachable

192.168.1.5 的 ipv4_forward 已启用。

家庭服务器信息:

h3xcode@h3x-homeserver:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 6c:3b:e5:17:9b:70 brd ff:ff:ff:ff:ff:ff
    altname enp0s25
    inet 192.168.1.5/24 metric 100 brd 192.168.1.255 scope global dynamic eno1
       valid_lft 42394sec preferred_lft 42394sec
    inet6 fdaa:c0de:c0de::5/128 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fdaa:c0de:c0de:0:6e3b:e5ff:fe17:9b70/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::6e3b:e5ff:fe17:9b70/64 scope link 
       valid_lft forever preferred_lft forever
5: mpqemubr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:d9:01:22 brd ff:ff:ff:ff:ff:ff
    inet 10.57.240.1/24 brd 10.57.240.255 scope global mpqemubr0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fed9:122/64 scope link 
       valid_lft forever preferred_lft forever

h3xcode@h3x-homeserver:~$ ip route
default via 192.168.1.1 dev eno1 proto dhcp src 192.168.1.5 metric 100 
10.7.0.0/24 dev wg0 proto kernel scope link src 10.7.0.1 
10.57.240.0/24 dev mpqemubr0 proto kernel scope link src 10.57.240.1 
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.5 metric 100 
192.168.1.1 dev eno1 proto dhcp scope link src 192.168.1.5 metric 100 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 

h3xcode@h3x-homeserver:~$ sudo iptables-save
# Generated by iptables-save v1.8.7 on Wed Aug  3 01:27:53 2022
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -o mpqemubr0 -p udp -m udp --dport 68 -m comment --comment "generated for Multipass network mpqemubr0" -j CHECKSUM --checksum-fill
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed Aug  3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug  3 01:27:53 2022
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Aug  3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug  3 01:27:53 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LIBVIRT_FWI - [0:0]
:LIBVIRT_FWO - [0:0]
:LIBVIRT_FWX - [0:0]
:LIBVIRT_INP - [0:0]
:LIBVIRT_OUT - [0:0]
-A INPUT -i mpqemubr0 -p tcp -m tcp --dport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -i mpqemubr0 -p udp -m udp --dport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -i mpqemubr0 -p udp -m udp --dport 67 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -j LIBVIRT_INP
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A FORWARD -i mpqemubr0 -o mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -s 10.57.240.0/24 -i mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -d 10.57.240.0/24 -o mpqemubr0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -j LIBVIRT_FWX
-A FORWARD -j LIBVIRT_FWI
-A FORWARD -j LIBVIRT_FWO
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.7.0.0/24 -j ACCEPT
-A FORWARD -i mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o mpqemubr0 -p tcp -m tcp --sport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -o mpqemubr0 -p udp -m udp --sport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -o mpqemubr0 -p udp -m udp --sport 67 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -j LIBVIRT_OUT
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT
COMMIT
# Completed on Wed Aug  3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug  3 01:27:53 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -p udp -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -p tcp -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 10.57.240.0/24 -d 255.255.255.255/32 -m comment --comment "generated for Multipass network mpqemubr0" -j RETURN
-A POSTROUTING -s 10.57.240.0/24 -d 224.0.0.0/24 -m comment --comment "generated for Multipass network mpqemubr0" -j RETURN
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to-source 192.168.1.5
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Aug  3 01:27:53 2022

更新:当我从 10.57.240.47 连接到我的笔记本电脑时,我看到来自 192.168.1.5 的连接,而不是来自 10.57.240.47 的连接

在 10.57.240.47 上:

ubuntu@primary:~$ nc -v 192.168.1.137 5000
Connection to 192.168.1.137 5000 port [tcp/*] succeeded!
test

在笔记本电脑上:

$ nc -vl 5000
Listening on [0.0.0.0] (family 2, port 5000)
Connection from h3x-homeserver 51354 received!
test

相关内容