Arch Linux 网关 - 无法 ping 互联网接口

tag-icon tag-icon linux routing ip gateway forwarding
Arch Linux 网关 - 无法 ping 互联网接口

我用 Arch Linux 设置了一个简单的网关:

GATEWAY# ifconfig eth0 172.27.210.221 netmask 255.255.255.0
GATEWAY# ifconfig wlan0 10.8.221.221 netmask 255.255.0.0
GATEWAY# iwconfig wlan0 essid OpenWifi
GATEWAY# echo 1 > /proc/sys/net/ipv4/ip_forward

这是网关上的实际路由表:

DESTINATION     GATEWAY GENMASK         FLAGS   METRIC  REF USE IFACE
10.8.0.0        0.0.0.0 255.255.0.0     U       0       0   0   wlan0
172.27.210.0    0.0.0.0 255.255.255.0   U       202     0   0   eth0

我在所有接口上禁用了 rp_filter。

eth0 连接到我无法访问的交换机。当一切正常时,该接口将配置为访问互联网。wlan0 连接到开放的网络基础设施。

我有一台基于 Arch Linux 的客户端电脑,连接到同一个无线网络,设置如下:

CLIENT# iwconfig wlan0 essid OpenWifi
CLIENT# ifconfig wlan0 10.8.221.222 netmask 255.255.0.0
CLIENT# route add default gw 10.8.221.221 wlan0

现在,我知道要共享 Internet 连接,我需要添加默认路由并在网关计算机上设置 NAT。但我想我应该能够从我的客户端 ping 网关的 eth0 接口,而无需任何其他配置:

CLIENT# ping 172.27.210.221

问题是,我没有收到任何回复。

网关 wlan0 接口上的 tcpdump 显示 ICMP 请求传入,并且从 172.27.210.221 到 10.8.221.222 的回复,但实际上我没有在客户端上收到任何回复(我使用客户端上的 tcpdump 确认了这一点)。

如果我将此设置复制到两台虚拟机上,仅使用以太网接口,则完全没有问题。您知道可能是什么问题吗?这可能与无线网络有关吗?

更新 1

以下是从客户端 10.8.221.222 ping 网关 172.27.210.221 时,客户端和网关上 iwconfig wlan0、iptables -nvL 和 tcpdump -npe 的输出:

网关:

iwconfig wlp2s0b1
wlp2s0b1  IEEE 802.11  ESSID:"OpenWifi"  
      Mode:Managed  Frequency:2.437 GHz  Access Point: xxxxxxxxxxxx   
      Bit Rate=54 Mb/s   Tx-Power=11 dBm   
      Retry short limit:7   RTS thr:off   Fragment thr:off
      Encryption key:off
      Power Management:off
      Link Quality=70/70  Signal level=-29 dBm  
      Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
      Tx excessive retries:79  Invalid misc:772   Missed beacon:0


iptables -nvL
Chain INPUT (policy ACCEPT 172K packets, 22M bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1132 packets, 95328 bytes)
 pkts bytes target     prot opt in     out     source               destination    


tcpdump -npe 'icmp'
03:29:23.876193 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 1, length 64
03:29:23.876277 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 1, length 64
03:29:24.893768 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 2, length 64
03:29:24.893842 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 2, length 64
03:29:25.908918 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 3, length 64
03:29:25.908999 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 3, length 64
03:29:26.920903 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 4, length 64
03:29:26.920969 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 4, length 64
03:29:27.933499 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 5, length 64
03:29:27.933618 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 5, length 64
03:29:28.944583 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 6, length 64
03:29:28.944650 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 6, length 64
03:29:29.958243 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 7, length 64
03:29:29.958323 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 7, length 64
03:29:30.971649 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 8, length 64
03:29:30.971744 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 8, length 64

客户:

iwconfig wlp1s0
wlp1s0    IEEE 802.11  ESSID:"OpenWifi"  
      Mode:Managed  Frequency:2.412 GHz  Access Point: xxxxxxxxxxxx   
      Bit Rate=1 Mb/s   Tx-Power=11 dBm   
      Retry short limit:7   RTS thr:off   Fragment thr:off
      Encryption key:off
      Power Management:on
      Link Quality=54/70  Signal level=-56 dBm  
      Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
      Tx excessive retries:1  Invalid misc:26   Missed beacon:0


iptables -nvL
Chain INPUT (policy ACCEPT 1665 packets, 149K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 765 packets, 64260 bytes)
 pkts bytes target     prot opt in     out     source               destination     


tcpdump -npe 'icmp'
12:29:30.950270 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 1, length 64
12:29:31.968238 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 2, length 64
12:29:32.981538 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 3, length 64
12:29:33.994868 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 4, length 64
12:29:35.008223 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 5, length 64
12:29:36.021575 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 6, length 64
12:29:37.034884 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 7, length 64
12:29:38.048205 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 8, length 64
12:29:39.061533 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 9, length 64
12:29:40.074884 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 10, length 64
12:29:41.088206 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 11, length 64
12:29:42.101534 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 12, length 64
12:29:43.114876 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 13, length 64
12:29:44.128193 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 14, length 64
12:29:45.141535 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 15, length 64
12:29:46.154870 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 16, length 64
12:29:47.168208 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 17, length 64
12:29:48.181573 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 18, length 64
12:29:49.194868 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 19, length 64
12:29:50.208171 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 20, length 64
12:29:51.221531 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 21, length 64
12:29:52.234870 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 22, length 64
12:29:53.248185 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 23, length 64
12:29:54.261521 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 24, length 64

答案1

您所描述的方法应该有效。
尝试禁用 iptables 并再次尝试 ping。

相关内容