(最初,我将其发布在 StackOverflow 上。我将它移至 networkengineering,然后移到这里。)
我有 TP-LINK WR841N v9 路由器并安装了 OpenWRT 固件CHAOS CALMER (15.05.1, r48532)。
我有/etc/config/network内容:
config interface 'lan' option force_link '1' option type 'bridge' option proto 'static' option ipaddr '10.15.252.3' option netmask '255.255.254.0' option gateway '10.15.252.1' option ifname 'eth0 eth1'
以下是输出ip link ls:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc fq_codel master br-lan state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:25 brd ff:ff:ff:ff:ff:ff 4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff 5: br-lan: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff
我有两台电脑,分别通过电缆连接到 4 个 LAN 端口中的 2 个。假设是一台电脑A和B。
A一直保持 ping 状态B并且运行良好。- 在路由器上,我用来
tcpdump捕获来自网桥的流量br-lan:tcpdump -i br-lan -n 'arp or icmp'。
我确实看到了arp交通情况,但没有 ICMP交通。
我尝试设置 iptables 规则来阻止和链B中的流量,但没有效果。INPUToutput
brctl以下是命令和的输出ip:
bridge name bridge id STP enabled interfaces br-lan 7fff.c46e1fb68e24 no eth0 eth1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 63107 580 0 0 0 0 TX: bytes packets errors dropped carrier collsns 63107 580 0 0 0 0 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 64256004 445450 0 6 0 0 TX: bytes packets errors dropped carrier collsns 8775980 43685 0 0 0 0 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc fq_codel master br-lan state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:25 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 5: br-lan: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 57777761 444757 0 60579 0 0 TX: bytes packets errors dropped carrier collsns 8871188 44499 0 0 0 0
接口上 肯定有大量的TX和数据包。RX
因此,我的问题是:
1. 如何使用 tcpdump 捕获通过网桥的流量br-lan?(网桥在第 2 层工作,并且应该可以工作,不是吗?)
2. 如果我想将计算机 B 的进出流量镜像到另一个端口(例如wan端口),我应该怎么做?(我尝试使用这个端口镜像工具,但它不起作用。)
(我想尝试ebtables,但由于空间不足,我无法将其安装在路由器上。另外,我找不到工具bridge来检查桥接器上的前向数据库。)
我找到了另一个相关主题:桥接接口上的 Tcpdump/Iptables 未分配 IP 地址和桥接接口 (virbr) 上的 tcpdump 未收到发往其某个地址的任何数据包,但它不起作用。
答案1
我已重新配置路由器以执行以下操作:
1.分配eth0和eth1桥接br-lan;
2. 用电缆连接计算机乙到eth1港口 (萬端口);
3. 在端口镜像配置文件中,转发来自eth1至 IPA。
现在,我可以监听所有进出乙。当然,tcpdump 也可以捕获通过 br-lan 的流量。