我有一台装有 Raspbian Buster (10) 的 Raspberry Pi 3 b+,我正在尝试构建路由器。我已设置了以下程序:
- bind9 用于本地 DNS 解析
- hostapd 用于 wifi 热点
- bridge-utils 用于桥接多个 USB RJ45 网络适配器
- 用于 DHCP 的 isc-dhcp-server
一切正常,除了一些网站https://www.blizzard.com/和https://elinux.org/RPi_VerifiedPeripherals它不适用于 LAN 计算机上的它确实适用于 tge raspberry 终端上的 wget。
dig elinux.org
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> elinux.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13532
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 83ac21300a7256c9547d18865dac8a7c05e503c74f8a2539 (good)
;; QUESTION SECTION:
;elinux.org. IN A
;; ANSWER SECTION:
elinux.org. 288 IN A 140.211.9.40
;; Query time: 5 msec
;; SERVER: 193.231.252.1#53(193.231.252.1)
;; WHEN: Sun Oct 20 17:25:32 BST 2019
;; MSG SIZE rcvd: 83
ping elinux.org
PING elinux.org (140.211.9.40) 56(84) bytes of data.
64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=1 ttl=46 time=204 ms
64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=2 ttl=46 time=234 ms
64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=3 ttl=46 time=203 ms
64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=4 ttl=46 time=203 ms
^C
--- elinux.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 203.260/211.043/234.063/13.298 ms
ping elinux.org
PING elinux.org (140.211.9.40) 56(84) bytes of data.
64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=1 ttl=46 time=204 ms
64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=2 ttl=46 time=234 ms
64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=3 ttl=46 time=203 ms
64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=4 ttl=46 time=203 ms
^C
--- elinux.org ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 6ms
rtt min/avg/max/mdev = 203.260/211.043/234.063/13.298 ms
root@raspberrypi ~ # traceroute elinux.org
traceroute to elinux.org (140.211.9.40), 30 hops max, 60 byte packets
1 10.0.0.1 (10.0.0.1) 1.565 ms 1.224 ms 1.262 ms
2 10.225.82.129 (10.225.82.129) 1.930 ms 1.918 ms 1.963 ms
3 static-10-220-142-133.rdsnet.ro (10.220.142.133) 5.718 ms static-10-220-142-135.rdsnet.ro (10.220.142.135) 5.515 ms static-10-220-142-131.rdsnet.ro (10.220.142.131) 5.406 ms
4 buca-b1-link.telia.net (62.115.165.184) 48.952 ms 48.961 ms 48.858 ms
5 win-bb2-link.telia.net (62.115.119.116) 39.329 ms 38.954 ms 39.079 ms
6 prag-b3-link.telia.net (62.115.137.41) 39.599 ms prag-b3-link.telia.net (62.115.136.219) 43.260 ms prag-b3- link.telia.net (62.115.137.41) 39.919 ms
7 be1299.ccr21.prg01.atlas.cogentco.com (130.117.14.217) 36.927 ms 37.006 ms 40.529 ms
8 be3029.ccr42.ham01.atlas.cogentco.com (154.54.59.61) 44.963 ms be3027.ccr41.ham01.atlas.cogentco.com (130.11 7.1.205) 48.916 ms 44.906 ms
9 be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209) 49.500 ms 49.530 ms be2815.ccr41.ams03.atlas.cogentco .com (154.54.38.205) 46.480 ms
10 be2183.ccr22.lpl01.atlas.cogentco.com (154.54.58.69) 150.451 ms be2182.ccr21.lpl01.atlas.cogentco.com (154.5 4.77.246) 145.172 ms 141.699 ms
11 be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162) 201.322 ms be3043.ccr22.ymq01.atlas.cogentco.com (154. 54.44.166) 143.314 ms 140.090 ms
12 be2088.ccr21.alb02.atlas.cogentco.com (154.54.43.18) 149.432 ms 149.643 ms be3260.ccr32.yyz02.atlas.cogentc o.com (154.54.42.89) 144.251 ms
13 be2878.ccr21.cle04.atlas.cogentco.com (154.54.26.129) 141.580 ms be2994.ccr22.cle04.atlas.cogentco.com (154. 54.31.233) 149.237 ms be2879.ccr22.cle04.atlas.cogentco.com (154.54.29.173) 143.909 ms
14 be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 144.485 ms be2718.ccr42.ord01.atlas.cogentco.com (154.5 4.7.129) 140.289 ms 141.324 ms
15 be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169) 168.942 ms be2831.ccr21.mci01.atlas.cogentco.com (154. 54.42.165) 161.018 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169) 160.662 ms
16 be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89) 177.900 ms 175.603 ms 177.563 ms
17 be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145) 200.108 ms be3038.ccr32.slc01.atlas.cogentco.com (154. 54.42.97) 187.487 ms 192.694 ms
18 be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110) 193.006 ms 154.54.89.101 (154.54.89.101) 196.937 ms 195.776 ms
19 be2670.ccr21.pdx01.atlas.cogentco.com (154.54.42.150) 198.230 ms be2671.ccr21.pdx01.atlas.cogentco.com (154. 54.31.78) 200.333 ms be2670.ccr21.pdx01.atlas.cogentco.com (154.54.42.150) 198.074 ms
20 cogent-pdx.nero.net (38.142.108.50) 199.346 ms 202.199 ms 202.046 ms
21 ptck-p2-gw.nero.net (207.98.64.170) 194.704 ms ptck-p1-gw.nero.net (207.98.64.168) 191.265 ms ptck-p2-gw.ne ro.net (207.98.64.170) 194.576 ms
22 corv-p1-gw.nero.net (207.98.64.25) 199.337 ms corv-p2-gw.nero.net (207.98.64.27) 198.806 ms 201.314 ms
23 corv-car1-gw.nero.net (207.98.64.17) 205.363 ms corv-car1-gw.nero.net (207.98.64.19) 211.461 ms 202.935 ms
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Windows 10:
C:\Users\xx>ping elinux.org
Pinging elinux.org [140.211.9.40] with 32 bytes of data:
Reply from 140.211.9.40: bytes=32 time=203ms TTL=45
Reply from 140.211.9.40: bytes=32 time=203ms TTL=45
Reply from 140.211.9.40: bytes=32 time=203ms TTL=45
Reply from 140.211.9.40: bytes=32 time=203ms TTL=45
C:\Users\IcyTeck>tracert elinux.org
Tracing route to elinux.org [140.211.9.40]
over a maximum of 30 hops:
1 1 ms <1 ms 1 ms 192.168.1.1
2 1 ms 1 ms 1 ms 10.0.0.1
3 2 ms 2 ms 2 ms 10.225.82.129
4 49 ms 72 ms 55 ms 10.220.142.133
5 40 ms 40 ms 40 ms buca-b1-link.telia.net [62.115.165.184]
6 37 ms 36 ms 36 ms prag-bb1-link.telia.net [62.115.119.122]
7 42 ms 42 ms 42 ms prag-b3-link.telia.net [62.115.136.219]
8 39 ms 37 ms 37 ms be1299.ccr21.prg01.atlas.cogentco.com [130.117.14.217]
9 45 ms 45 ms 45 ms be3029.ccr42.ham01.atlas.cogentco.com [154.54.59.61]
10 46 ms 46 ms 46 ms be2816.ccr42.ams03.atlas.cogentco.com [154.54.38.209]
11 147 ms 147 ms 147 ms be2183.ccr22.lpl01.atlas.cogentco.com [154.54.58.69]
12 147 ms 144 ms 142 ms be3043.ccr22.ymq01.atlas.cogentco.com [154.54.44.166]
13 141 ms 141 ms 142 ms be3260.ccr32.yyz02.atlas.cogentco.com [154.54.42.89]
14 146 ms 146 ms 146 ms be2994.ccr22.cle04.atlas.cogentco.com [154.54.31.233]
15 146 ms 146 ms 146 ms be2718.ccr42.ord01.atlas.cogentco.com [154.54.7.129]
16 172 ms 166 ms 166 ms be2832.ccr22.mci01.atlas.cogentco.com [154.54.44.169]
17 186 ms 180 ms 179 ms be3036.ccr22.den01.atlas.cogentco.com [154.54.31.89]
18 194 ms 194 ms 194 ms be3038.ccr32.slc01.atlas.cogentco.com [154.54.42.97]
19 194 ms 194 ms 194 ms 154.54.89.101
20 197 ms 197 ms 197 ms be2671.ccr21.pdx01.atlas.cogentco.com [154.54.31.78]
21 199 ms 199 ms 199 ms cogent-pdx.nero.net [38.142.108.50]
22 192 ms 193 ms 193 ms ptck-p1-gw.nero.net [207.98.64.168]
23 209 ms 204 ms 209 ms corv-p1-gw.nero.net [207.98.64.25]
24 213 ms 209 ms 209 ms corv-car1-gw.nero.net [207.98.64.19]
25 203 ms 203 ms 203 ms web3.osuosl.org [140.211.9.40]
任何想法?
提前感谢您,祝您周末愉快!
PS:这是我的防火墙脚本
#!/bin/bash
echo "Setting sysctl ..."
/sbin/sysctl net.ipv4.ip_forward=1
/sbin/sysctl net.ipv6.conf.default.forwarding=1
/sbin/sysctl net.ipv6.conf.all.forwarding=1
/sbin/sysctl -p
echo "Cleanig ..."
#Flash IPTABLES
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
echo "Creating ..."
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ppp0 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.248 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.0 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.6 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.21 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.36 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-reply -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A INPUT -m iprange --src-range 192.168.0.0-192.168.0.255 -j ACCEPT
iptables -A INPUT -m iprange --src-range 192.168.1.0-192.168.1.255 -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -A OUTPUT -j ACCEPT
#iptables -A nat -j ACCEPT
iptables -A INPUT -j LOG --log-prefix "INPUT:DROP:" --log-level 4
iptables -A OUTPUT -j LOG --log-prefix "OUTPUT:DROP:" --log-level 4
iptables -A FORWARD -j LOG --log-prefix "FORWARD:DROP:" --log-level 4
iptables -A nat -j LOG --log-prefix "nat:DROP:" --log-level 4
iptables -A INPUT -j DROP
echo "Droping ...:"
#iptables -I INPUT -s 95.90.x.x -j DRO
echo "Sysctl rules:"
/sbin/sysctl -p
echo "Iptables rules:"
iptables -v -L -n
答案1
这听起来像是 MTU 问题。由于您使用的是以太网上的 PPP,因此最大数据包大小会减小 - 这可能会导致无法转发大数据包的问题。直接从路由器发送的数据包较小,因为它们使用 PPP 接口的较小 MTU。
解决 TCP 流量问题的一种方法是 MTU 限制 - 尝试添加
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp0 -j TCPMSS --clamp-mss-to-pmtu
修改你的 iptables 配置,看看是否能解决问题。