我已成功设置了 Raspberry Pi 作为接入点。我有一个通过以太网连接到路由器的 Raspberry Pi,并且能够连接到 Raspberry Pi 的 WiFi 网络并访问该 WiFi 网络上的其他设备以及外部互联网(通过电缆连接到路由器)。我按照以下指南进行操作: https://www.raspberrypi.com/documentation/computers/configuration.html#setting-up-a-routed-wireless-access-point
但是,我无法使用 iptables 锁定此 AP wifi 网络。我想要的是针对所有内容的默认拒绝策略,但此 AP wifi 上的静态 IP 除外,该 IP 将不受限制地访问 AP 网络上的其他计算机以及互联网。
目前我有以下规则:
$ sudo iptables -L --line-numbers -v
Chain INPUT (policy DROP 579 packets, 78551 bytes)
num pkts bytes target prot opt in out source destination
1 190 14054 ACCEPT all -- lo any anywhere anywhere
2 3491 247K ACCEPT all -- any any Fruit.wlan anywhere
Chain FORWARD (policy DROP 4599 packets, 315K bytes)
num pkts bytes target prot opt in out source destination
1 7201 876K ACCEPT all -- any any Fruit.wlan anywhere
2 1 68 ACCEPT all -- any any anywhere Fruit.wlan
Chain OUTPUT (policy DROP 1437 packets, 103K bytes)
num pkts bytes target prot opt in out source destination
1 184 13544 ACCEPT all -- any lo anywhere anywhere
2 2357 231K ACCEPT all -- any any anywhere Fruit.wlan
$ sudo iptables -L --line-numbers -v -t nat
Chain PREROUTING (policy ACCEPT 3171 packets, 275K bytes)
num pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 1631 packets, 122K bytes)
num pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1726 packets, 124K bytes)
num pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 86 packets, 6578 bytes)
num pkts bytes target prot opt in out source destination
1 1069 70865 MASQUERADE all -- any eth0 anywhere anywhere
有了这些规则,我仍然可以从 Fruit.wlan 机器 ssh 到 pi(接入点),但是我无法访问互联网。我认为这是我的转发规则的问题,但我不知道是什么阻止了我。
pi 接入点 IP 为 192.168.10.1
上游路由器 IP 为 192.168.0.1
Fruit.wlan IP 为 192.168.10.123