网络配置故障

tag-icon tag-icon linux ubuntu iptables routing
网络配置故障

我正在将我的路由器从带有 Rasbian 的 Rpi 移动到另一台带有 ubuntu 服务器 14 的 PC 设备。我有: - 本地网络 10.0.0.0/16,路由器网关 10.0.0.1 - 网络 192.168.8.0/24 中的 lte usb 设备 192.168.8.1 - 网络 192.168.10.0/24 中的 lte usb 设备 192.168.10.1

我已移动所有网络设置并修改了 iptables 规则,首先我只想通过 eth2 (192.168.10.1) 转发来自本地网络的流量。使用以下设置不起作用。

首先,我注意到添加“ip route add default 192.168.10.1”会在我的本地网络启用互联网连接,但是当我将默认网关更改为 192.168.8.1 或将“-A PREROUTING -m state --state NEW -j MARK --set-xmark 0x2/0xffffffff”更改为“-A PREROUTING -m state --state NEW -j MARK --set-xmark 0x1/0xffffffff”时,它不起作用,但在我之前在 RPI 上的配置中,这些更改不会破坏互联网网络。

其次,当我尝试连接到 kern.log 中的某个服务器时,没有“ip route add default 192.168.10.1”:

Mar 24 14:16:27 ubuntu kernel: [ 1299.607243] '[POSTROUTING]'IN= OUT=eth2         SRC=10.0.0.129 DST=94.23.42.140 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=5925 DF PR                                                        OTO=TCP SPT=59745 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x2
Mar 24 14:16:27 ubuntu kernel: [ 1299.698118] '[PREROUTING]'IN=eth2 OUT= MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=192.168.10.10                                                         LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=80 DPT=59745 WINDOW=29200 RES=0x00 ACK SYN URGP=0
Mar 24 14:16:28 ubuntu kernel: [ 1300.695494] '[PREROUTING]'IN=eth2 OUT= MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=192.168.10.10                                                         LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=80 DPT=59745 WINDOW=29200 RES=0x00 ACK SYN URGP=0
Mar 24 14:16:30 ubuntu kernel: [ 1302.698119] '[PREROUTING]'IN=eth2 OUT= MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=192.168.10.10                                                         LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=80 DPT=59745 WINDOW=29200 RES=0x00 ACK SYN URGP=0
Mar 24 14:16:34 ubuntu kernel: [ 1306.698124] '[PREROUTING]'IN=eth2 OUT= MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=192.168.10.10                                                         LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=80 DPT=59745 WINDOW=29200  RES=0x00 ACK SYN URGP=0

使用‘ip route add default 192.168.10.1’我得到:

Mar 24 14:19:27 ubuntu kernel: [ 1479.922360] '[PREROUTING]'IN=eth0 OUT= MAC=00:1e:4f:4b:79:eb:e8:39:35:3a:c9:83:08:00 SRC=10.0.0.129 DST=94.23.42.140 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=8796 DF PROTO=TCP SPT=59749 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0
Mar 24 14:19:27 ubuntu kernel: [ 1479.922385] '[FORWARD]'IN=eth0 OUT=eth2 MAC=00:1e:4f:4b:79:eb:e8:39:35:3a:c9:83:08:00 SRC=10.0.0.129 DST=94.23.42.140 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=8796 DF PROTO=TCP SPT=59749 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x2
Mar 24 14:19:27 ubuntu kernel: [ 1479.922392] '[POSTROUTING]'IN= OUT=eth2 SRC=10.0.0.129 DST=94.23.42.140 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=8796 DF PROTO=TCP SPT=59749 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0 MARK=0x2
Mar 24 14:19:27 ubuntu kernel: [ 1480.006939] '[PREROUTING]'IN=eth2 OUT= MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=192.168.10.10 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=0 DF PROTO=TCP SPT=80 DPT=59749 WINDOW=29200 RES=0x00 ACK SYN URGP=0
Mar 24 14:19:27 ubuntu kernel: [ 1480.006956] '[FORWARD]'IN=eth2 OUT=eth0 MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=10.0.0.129 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=0 DF PROTO=TCP SPT=80 DPT=59749 WINDOW=29200 RES=0x00 ACK SYN URGP=0 MARK=0x2
Mar 24 14:19:27 ubuntu kernel: [ 1480.007197] '[PREROUTING]'IN=eth0 OUT= MAC=00:1e:4f:4b:79:eb:e8:39:35:3a:c9:83:08:00 SRC=10.0.0.129 DST=94.23.42.140 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=8797 DF PROTO=TCP SPT=59749 DPT=80 WINDOW=16450 RES=0x00 ACK URGP=0
Mar 24 14:19:27 ubuntu kernel: [ 1480.007211] '[FORWARD]'IN=eth0 OUT=eth2 MAC=00:1e:4f:4b:79:eb:e8:39:35:3a:c9:83:08:00 SRC=10.0.0.129 DST=94.23.42.140 LEN=40 TOS=0x00 PREC=0x00 TTL=127 ID=8797 DF PROTO=TCP SPT=59749 DPT=80 WINDOW=16450 RES=0x00 ACK URGP=0 MARK=0x2
Mar 24 14:19:27 ubuntu kernel: [ 1480.009327] '[PREROUTING]'IN=eth0 OUT= MAC=00:1e:4f:4b:79:eb:e8:39:35:3a:c9:83:08:00 SRC=10.0.0.129 DST=94.23.42.140 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=8798 DF PROTO=TCP SPT=59749 DPT=80 WINDOW=16450 RES=0x00 ACK PSH URGP=0
Mar 24 14:19:27 ubuntu kernel: [ 1480.009341] '[FORWARD]'IN=eth0 OUT=eth2 MAC=00:1e:4f:4b:79:eb:e8:39:35:3a:c9:83:08:00 SRC=10.0.0.129 DST=94.23.42.140 LEN=120 TOS=0x00 PREC=0x00 TTL=127 ID=8798 DF PROTO=TCP SPT=59749 DPT=80 WINDOW=16450 RES=0x00 ACK PSH URGP=0 MARK=0x2
Mar 24 14:19:27 ubuntu kernel: [ 1480.062812] '[PREROUTING]'IN=eth2 OUT= MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=192.168.10.10 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=39937 DF PROTO=TCP SPT=80 DPT=59749 WINDOW=229 RES=0x00 ACK URGP=0
Mar 24 14:19:27 ubuntu kernel: [ 1480.062826] '[FORWARD]'IN=eth2 OUT=eth0 MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=10.0.0.129 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=39937 DF PROTO=TCP SPT=80 DPT=59749 WINDOW=229 RES=0x00 ACK URGP=0 MARK=0x2
Mar 24 14:19:27 ubuntu kernel: [ 1480.063815] '[PREROUTING]'IN=eth2 OUT= MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=192.168.10.10 LEN=40 TOS=0x00 PREC=0x00 TTL=54 ID=39938 DF PROTO=TCP SPT=80 DPT=59749 WINDOW=229 RES=0x00 ACK URGP=0
Mar 24 14:19:27 ubuntu kernel: [ 1480.063834] '[FORWARD]'IN=eth2 OUT=eth0 MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=10.0.0.129 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=39938 DF PROTO=TCP SPT=80 DPT=59749 WINDOW=229 RES=0x00 ACK URGP=0 MARK=0x2
Mar 24 14:19:27 ubuntu kernel: [ 1480.063850] '[PREROUTING]'IN=eth2 OUT= MAC=0c:5b:8f:27:9a:64:00:0d:87:8e:4b:ac:08:00 SRC=94.23.42.140 DST=192.168.10.10 LEN=1440 TOS=0x00 PREC=0x00 TTL=54 ID=39939 DF PROTO=TCP SPT=80 DPT=59749 WINDOW=229 RES=0x00 ACK URGP=0

有人能告诉我这是 iptables 问题还是与 ubuntu 14 操作系统有关的问题,或者我忘记了一些配置?

提前致谢!

我的设置

是否配置

eth0  Link encap:Ethernet  HWaddr 00:1e:4f:4b:79:eb
      inet addr:10.0.0.100  Bcast:10.0.255.255  Mask:255.255.0.0
      inet6 addr: fe80::21e:4fff:fe4b:79eb/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:3477 errors:0 dropped:0 overruns:0 frame:0
      TX packets:5180 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:277674 (277.6 KB)  TX bytes:3262888 (3.2 MB)
      Interrupt:21 Memory:fe9e0000-fea00000

eth1  Link encap:Ethernet  HWaddr 0c:5b:8f:27:9a:64
      inet addr:192.168.8.10  Bcast:192.168.8.255  Mask:255.255.255.0
      inet6 addr: fe80::e5b:8fff:fe27:9a64/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:38 errors:0 dropped:0 overruns:0 frame:0
      TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:15975 (15.9 KB)  TX bytes:1018 (1.0 KB)

eth2  Link encap:Ethernet  HWaddr 0c:5b:8f:27:9a:64
      inet addr:192.168.10.10  Bcast:192.168.10.255  Mask:255.255.255.0
      inet6 addr: fe80::e5b:8fff:fe27:9a64/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:12 errors:0 dropped:0 overruns:0 frame:0
      TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:3616 (3.6 KB)  TX bytes:660 (660.0 B)

lo    Link encap:Local Loopback
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:68 errors:0 dropped:0 overruns:0 frame:0
      TX packets:68 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0
      RX bytes:5068 (5.0 KB)  TX bytes:5068 (5.0 KB)

路由

10.0.0.0/16 dev eth0  proto kernel  scope link  src 10.0.0.100
192.168.8.0/24 dev eth1  proto kernel  scope link  src 192.168.8.10
192.168.10.0/24 dev eth2  proto kernel  scope link  src 192.168.10.10

ip 路由显示表 upeth1

default via 192.168.8.1 dev eth1
10.0.0.0/16 dev eth0  proto kernel  scope link  src 10.0.0.100
192.168.8.0/24 dev eth1  proto kernel  scope link  src 192.168.8.10
192.168.10.0/24 dev eth2  proto kernel  scope link  src 192.168.10.10

ip 路由显示表 upeth2

default via 192.168.10.1 dev eth1
10.0.0.0/16 dev eth0  proto kernel  scope link  src 10.0.0.100
192.168.8.0/24 dev eth1  proto kernel  scope link  src 192.168.8.10
192.168.10.0/24 dev eth2  proto kernel  scope link  src 192.168.10.10

rt_tables

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
#1      inr.ruhep

201     upeth1
202     upeth2

iptables-保存

# Generated by iptables-save v1.4.21 on Thu Mar 24 14:03:06 2016
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [76:12773]
-A INPUT -j LOG --log-prefix "\'[INPUT]\'"
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j LOG --log-prefix "\'[FORWARD]\'"
-A FORWARD -i eth2 -o eth0 -p udp -j ACCEPT
-A FORWARD -i eth1 -o eth0 -p udp -j ACCEPT
-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth2 -m mark --mark 0x2 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m mark --mark 0x1 -j ACCEPT
COMMIT
# Completed on Thu Mar 24 14:03:06 2016
# Generated by iptables-save v1.4.21 on Thu Mar 24 14:03:06 2016
*nat
:PREROUTING ACCEPT [28:6364]
:INPUT ACCEPT [3:201]
:OUTPUT ACCEPT [1:136]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j LOG --log-prefix "\'[POSTROUTING]\'"
-A POSTROUTING -o eth2 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Thu Mar 24 14:03:06 2016
# Generated by iptables-save v1.4.21 on Thu Mar 24 14:03:06 2016
*mangle
:PREROUTING ACCEPT [136:17065]
:INPUT ACCEPT [82:7193]
:FORWARD ACCEPT [24:1606]
:OUTPUT ACCEPT [77:13117]
:POSTROUTING ACCEPT [101:14723]
-A PREROUTING -j LOG --log-prefix "\'[PREROUTING]\'"
-A PREROUTING -p icmp -j MARK --set-xmark 0x2/0xffffffff
-A PREROUTING -m state --state NEW -j MARK --set-xmark 0x2/0xffffffff
-A PREROUTING -d 192.168.8.1/32 -m state --state NEW -j MARK --set-xmark 0x1/0xffffffff
-A PREROUTING -d 192.168.10.1/32 -m state --state NEW -j MARK --set-xmark 0x2/0xffffffff
-A PREROUTING -p udp -j MARK --set-xmark 0x2/0xffffffff
-A PREROUTING -m mark ! --mark 0x0 -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -m connmark --mark 0x1 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -m connmark --mark 0x2 -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
COMMIT
# Completed on Thu Mar 24 14:03:06 2016
# Generated by iptables-save v1.4.21 on Thu Mar 24 14:03:06 2016
*raw
:PREROUTING ACCEPT [137:17105]
:OUTPUT ACCEPT [77:13117]
-A OUTPUT -p icmp -j TRACE
-A OUTPUT -p tcp -j TRACE
COMMIT
# Completed on Thu Mar 24 14:03:06 2016

ip 规则

0:      from all lookup local
32762:  from all fwmark 0x2 lookup upeth2
32763:  from all fwmark 0x1 lookup upeth1
32764:  from all fwmark 0x2 lookup upeth2
32765:  from all fwmark 0x1 lookup upeth1
32766:  from all lookup main
32767:  from all lookup default

cat /proc/sys/net/ipv4/ip_forward

1

答案1

在我们讨论 IP 表(您的问题的第一部分)之前,让我们来谈谈您的“路由器”。

  1. 发布您的/etc/network/interfaces文件
  2. 您正在移动的是“路由器”。 “设备”是安装了三张以太网卡的“PC,Ubuntu 14.04”吗?

  3. 的 MAC 地址

    eth1 Link encap:Ethernet HWaddr 0c:5b:8f:27:9a:64
    eth2 Link encap:Ethernet HWaddr 0c:5b:8f:27:9a:64

    是相同的。

  4. 这些以太网卡中的一个是否应该是虚拟接口?IE:eth0:1

就任何现成的以太网交换机而言,重复的 MAC 是“允许的”——它们只会导致问题,从而中断与相关每个主机的网络连接。问题是不断变化的交换表。

如果有两个主机,且都具有相同的 MAC 地址,则交换机每次从任一主机收到帧时都会更新其 MAC 表。任一主机的连接都会时断时续且不一致。

  1. 路由器的默认网关是什么?

  2. 路由器和 WAN 接口之间是否有网络设备,是否有连接到网络的管理型交换机?

  3. IP 表

    -A PREROUTING -d 192.168.8.1/32-m 状态 --state NEW -j MARK --set-xmark 0x1/0xffffffff

    -A PREROUTING -d 192.168.10.1/32-m 状态 --state NEW -j MARK --set-xmark 0x2/0xffffffff

这应该是吗192.168.8.1/24 这应该是吗192.168.10.1/24

相关内容