将linux PC配置为路由器

tag-icon tag-icon networking iptables
将linux PC配置为路由器

我想将我的 Rasberry Pi 配置为路由器。我有两个网络接口 eth0 和 eth1 连接到两个网络。eth0 连接到私有网络和eth1 连接到公共网络(互联网)。

wan ----[router]--> [eth1 (Raspbery pi) eth0]<---->[router]<----> [(PC1)]

我做了以下事情来将 Raspberry Pi 配置为路由器:

Step 1:- enable forwarding in the kernel
echo 1 >> /proc/sys/net/ipv4/ip_forward

step 2:- Set rules in iptables to perform natting and forwarding
# eth0 is LAN
# eth1 is WAN
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# fowarding
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

现在我可以通过 Raspberry Pi 从 WAN 端路由器 ping 通,并且还可以从 PC1 ping 通 Google IP (8.8.8.8)。但我无法在 PC1 上浏览任何网站。 Ping 可以正常工作,但其他访问互联网的方式无法正常工作。我该如何调试这个 iptables 来解决这个问题?问题可能出在哪里?

编辑:- 这是 iptables 值。

root@raspberrypi:/home/duser# iptables -t filter -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
root@raspberrypi:/home/duser# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  anywhere             anywhere            
root@raspberrypi:/home/duser# iptables -t mangle -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

答案1

您是否正确设置了PC上的DNS服务器?您可以 ping www.google.com 而不是 8.8.8.8 吗?您的 PC 似乎无法将域名转换为 IP。

相关内容