Linux 路由不工作

Linux 路由不工作

我有华硕 rt-n18u 路由器,我想从本地网络设置 vpn 访问

所以我在路由器上安装了 optware 和 vpnc,并在 tun0 接口上成功创建了 vpn 连接(下面的 ifconfig)。问题是我无法从本地网络 ping/连接到 VPN,但我可以从路由器本身 ping/连接到 VPN。

问题——如何将 br0 转发到 tun0?

ip_forward设置1

iptables路由下表提供了。

是否配置输出:

br0        Link encap:Ethernet  HWaddr F0:79:59:D3:7D:20
           inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:32993 errors:0 dropped:0 overruns:0 frame:0
           TX packets:40247 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:4436741 (4.2 MiB)  TX bytes:31815424 (30.3 MiB)

eth0       Link encap:Ethernet  HWaddr F0:79:59:D3:7D:20
           inet addr:212.XX.XX.XX  Bcast:212.XX.XX.XX  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:412673 errors:0 dropped:0 overruns:0 frame:0
           TX packets:431752 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:105828668 (100.9 MiB)  TX bytes:121288162 (115.6 MiB)
           Interrupt:179 Base address:0x4000

eth1       Link encap:Ethernet  HWaddr F0:79:59:D3:7D:20
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:12545 errors:0 dropped:0 overruns:0 frame:212071
           TX packets:22614 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:1000
           RX bytes:1704797 (1.6 MiB)  TX bytes:14120516 (13.4 MiB)
           Interrupt:163

lo         Link encap:Local Loopback
           inet addr:127.0.0.1  Mask:255.0.0.0
           UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
           RX packets:4023 errors:0 dropped:0 overruns:0 frame:0
           TX packets:4023 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:858801 (838.6 KiB)  TX bytes:858801 (838.6 KiB)

tun0       Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-0
0-00
           inet addr:198.XX.XX.XX  P-t-P:198.XX.XX.XX  Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1412  Metric:1
           RX packets:284 errors:0 dropped:0 overruns:0 frame:0
           TX packets:1172 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:500
           RX bytes:26331 (25.7 KiB)  TX bytes:95242 (93.0 KiB)

vlan1      Link encap:Ethernet  HWaddr F0:79:59:D3:7D:20
           UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
           RX packets:230007 errors:0 dropped:0 overruns:0 frame:0
           TX packets:205941 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:24156339 (23.0 MiB)  TX bytes:98109904 (93.5 MiB)

tun0-vpn

eth0——广域网

br0——本地接口

这是路由桌子

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
193.XX.XX.XX    1.45.XX.XX      255.255.255.255 UGH   0      0        0 eth0
147.XXX.XXX.XXX *               255.255.255.255 UH    0      0        0 tun0
212.90.XX.XX    *               255.255.255.255 UH    0      0        0 eth0
172.24.6.254    *               255.255.255.255 UH    0      0        0 tun0
147.XXX.XXX.XXX *               255.255.255.255 UH    0      0        0 tun0
147.XXX.XXX.XXX *               255.255.255.255 UH    0      0        0 tun0
198.18.1.0      *               255.255.255.0   U     0      0        0 tun0
XXX.XXX.XXX.XXX *               255.255.255.0   U     0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 br0
147.XXX.XXX.XXX *               255.255.255.0   U     0      0        0 tun0
147.XXX.XXX.XXX *               255.255.255.0   U     0      0        0 tun0
212.XXX.XXX.XXX *               255.240.0.0     U     0      0        0 tun0
10.0.0.0        *               255.0.0.0       U     0      0        0 tun0
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         1.45.XX.XX      0.0.0.0         UG    0      0        0 eth0

iptables -L

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FUPNP
-N PControls
-N SECURITY
-N logaccept
-N logdrop
-A INPUT -p udp -m udp --dport 4672 -j ACCEPT
-A INPUT -p udp -m udp --dport 4665 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4662 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT
-A INPUT -p udp -m udp --dport 51413 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD ! -i br0 -o eth0 -j DROP
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -i br0 -o br0 -j ACCEPT
-A FORWARD -m conntrack --ctstate DNAT -j ACCEPT
-A OUTPUT -p udp -m udp --dport 4672 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 4665 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 4662 -j ACCEPT
-A FUPNP -d 192.168.1.202/32 -p udp -m udp --dport 59077 -j ACCEPT
-A FUPNP -d 192.168.1.202/32 -p tcp -m tcp --dport 59077 -j ACCEPT
-A FUPNP -d 192.168.1.169/32 -p udp -m udp --dport 59077 -j ACCEPT
-A FUPNP -d 192.168.1.169/32 -p tcp -m tcp --dport 59077 -j ACCEPT
-A PControls -j ACCEPT
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec
 -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec
 -j RETURN
-A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP
-A SECURITY -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN
-A SECURITY -p icmp -m icmp --icmp-type 8 -j DROP
-A SECURITY -j RETURN
-A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequen
ce --log-tcp-options --log-ip-options
-A logaccept -j ACCEPT
-A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence -
-log-tcp-options --log-ip-options
-A logdrop -j DROP

我是网络新手,因此我很感激任何帮助!

答案1

iptables -I FORWARD -o tun0 -j ACCEPT 

iptables -I FORWARD -i tun0 -j ACCEPT 

iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE 

相关内容