无法从子网访问互联网

tag-icon tag-icon networking routing cisco linux-networking
无法从子网访问互联网

我已经设置了一个装有 dd-wrt ​​的路由器,并将其连接到我的思科交换机。如果路由器和连接到它的设备的子网是 192.168.1.0/24,则当前配置为 192.168.2.0/24。192.168.2.0/24 是用于连接路由器和交换机上的 10.0.0.0/24 子网的子网。

从交换机我可以访问我的 LAN 中的任何 IP,包括 192.168.1.1,并且在我的路由器路由表中添加以下规则后,我网络上的任何主机都可以访问 10.0.0.0...

10.0.0.0/24 dev eth1  proto kernel  scope link  src 192.168.2.1

但是,从我交换机上的 10.0.0.1 接口我无法访问 8.8.8.8,但是我可以从交换机上的 192.168.2.2 访问。

这是路由器上的完整路由表

default via [redacted] dev eth0 
10.0.0.0/24 dev eth1  proto kernel  scope link  src 192.168.2.1 
127.0.0.0/8 dev lo  scope link 
169.254.0.0/16 dev br0  proto kernel  scope link  src 169.254.255.1 
173.75.31.0/24 dev eth0  proto kernel  scope link  src 173.75.31.25 
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1 
192.168.2.0/24 dev eth1  proto kernel  scope link  src 192.168.2.1

这是路由器上的 iptables 规则。

root@DD-WRT:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps dpt:bootpc 
DROP       udp  --  anywhere             anywhere            udp dpt:route 
DROP       udp  --  anywhere             anywhere            udp dpt:route 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:route 
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     igmp --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:auth 
ACCEPT     0    --  anywhere             anywhere            state NEW 
ACCEPT     0    --  anywhere             anywhere            state NEW 
ACCEPT     0    --  anywhere             anywhere            
DROP       0    --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     gre  --  192.168.1.0/24       anywhere            
ACCEPT     tcp  --  192.168.1.0/24       anywhere            tcp dpt:1723 
ACCEPT     0    --  anywhere             anywhere            
lan2wan    0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             base-address.mcast.net/4 
TRIGGER    0    --  anywhere             anywhere            TRIGGER type:in match:0 relate:0 
trigger_out  0    --  anywhere             anywhere            
ACCEPT     0    --  anywhere             anywhere            state NEW 
DROP       0    --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     0    --  anywhere             anywhere

是否配置

ath0      Link encap:Ethernet  HWaddr 60:38:E0:DB:AD:B3  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4013297 errors:0 dropped:419 overruns:0 frame:0
          TX packets:5881012 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:291261174 (277.7 MiB)  TX bytes:8927857512 (8.3 GiB)

ath1      Link encap:Ethernet  HWaddr 60:38:E0:DB:AD:B4  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3681 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:515104 (503.0 KiB)

br0       Link encap:Ethernet  HWaddr 60:38:E0:DB:AD:B2  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4010466 errors:0 dropped:1293 overruns:0 frame:0
          TX packets:5874845 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:234596315 (223.7 MiB)  TX bytes:8809281468 (8.2 GiB)

br0:0     Link encap:Ethernet  HWaddr 60:38:E0:DB:AD:B2  
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr 60:38:E0:DB:AD:B2  
          inet addr:redacted  Bcast:redacted  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5874872 errors:0 dropped:1 overruns:0 frame:0
          TX packets:4005880 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:8809323335 (8.2 GiB)  TX bytes:290200222 (276.7 MiB)
          Interrupt:194 

eth1      Link encap:Ethernet  HWaddr 60:38:E0:DB:AD:B2  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:532 
          RX bytes:0 (0.0 B)  TX bytes:168 (168.0 B)
          Interrupt:195 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:65536  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:452 (452.0 B)  TX bytes:452 (452.0 B)

答案1

我忘记在边缘路由器上正确设置 nat 转换......

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to 173.75.6.2

运行此命令后,我能够从 10.0.0.0/24 ping 互联网。对于遇到此问题的其他人,您可以发出以下命令来查看当前的 nat 配置。

iptables -t nat -L

相关内容