Ubuntu 路由器 - 2 个网卡 - 无法从内部网络 ping 通互联网

2024-6-4 • tag-icon

我已经阅读了许多关于如何配置 2 个 NIC 的帖子，但如果能得到一些帮助，我将非常感激。我计划使用 Orange Pi R1 制作路由器。我已经使用 Armbian 中的图像安装了 Ubuntu Xenial Server。

我已经像这样配置了我的接口：

# Wired adapter #1 (external interface)
auto eth0
iface eth0 inet dhcp

#2nd eth interface (internal interface)
auto enxc0742bfff8b3
iface enxc0742bfff8b3 inet static
        address 192.168.2.1
        network 192.168.2.0
        netmask 255.255.255.0
        broadcast 192.168.2.255

# Local loopback
auto lo
iface lo inet loopback

在 /etc/sysctl.conf 上，我启用了 IP 转发：

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

route -n 的输出是：

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 enxc0742bfff8b3
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 enxc0742bfff8b3

我在接口 enxc0742bfff8b3 上运行 isc-dhcp-server。这是我的 /etc/default/isc-dhcp-server：

INTERFACES=enxc0742bfff8b3

这是我的 /etc/dhcp/dhcpd.conf：

ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.0 netmask 255.255.255.0 {
        range 192.168.2.100 192.168.2.200;
        }

我的防火墙完全打开，并且启用了伪装：

# Generated by iptables-save v1.6.0 on Sun Apr  1 20:22:26 2018
*mangle
:PREROUTING ACCEPT [544:42034]
:INPUT ACCEPT [544:42034]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [307:32628]
:POSTROUTING ACCEPT [307:32628]
COMMIT
# Completed on Sun Apr  1 20:22:26 2018
# Generated by iptables-save v1.6.0 on Sun Apr  1 20:22:26 2018
*nat
:PREROUTING ACCEPT [2:346]
:INPUT ACCEPT [2:346]
:OUTPUT ACCEPT [1:128]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Apr  1 20:22:26 2018
# Generated by iptables-save v1.6.0 on Sun Apr  1 20:22:26 2018
*filter
:INPUT ACCEPT [537:41562]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [303:31732]
COMMIT
# Completed on Sun Apr  1 20:22:26 2018

我的 eth0 从调制解调器获取 192.168.0.16。我将一台笔记本电脑连接到 enxc0742bfff8b3，它收到 192.168.2.100。

我的外部接口可以 ping 通互联网：

root@orangepi:~# ping -I eth0 www.google.com
PING www.google.com (172.217.19.68) from 192.168.0.16 eth0: 56(84) bytes of data.
64 bytes from ham02s17-in-f4.1e100.net (172.217.19.68): icmp_seq=1 ttl=53 time=38.4 ms
64 bytes from ham02s17-in-f4.1e100.net (172.217.19.68): icmp_seq=2 ttl=53 time=37.9 ms
64 bytes from ham02s17-in-f4.1e100.net (172.217.19.68): icmp_seq=3 ttl=53 time=37.9 ms

我可以从 192.168.0.X 网络上的任何设备连接到它。

但是连接到内部接口（192.168.2.X）的任何设备都无法访问互联网：

root@orangepi:~# ping -I enxc0742bfff8b3 192.168.0.16
PING 192.168.0.16 (192.168.0.16) from 192.168.2.1 enxc0742bfff8b3: 56(84) bytes of data.
From 192.168.2.1 icmp_seq=1 Destination Host Unreachable
From 192.168.2.1 icmp_seq=2 Destination Host Unreachable
From 192.168.2.1 icmp_seq=3 Destination Host Unreachable

root@orangepi:~# ping -I enxc0742bfff8b3 192.168.0.1
PING 192.168.0.1 (192.168.0.1) from 192.168.2.1 enxc0742bfff8b3: 56(84) bytes of data.
From 192.168.2.1 icmp_seq=1 Destination Host Unreachable
From 192.168.2.1 icmp_seq=2 Destination Host Unreachable
From 192.168.2.1 icmp_seq=3 Destination Host Unreachable

root@orangepi:~# ping -I enxc0742bfff8b3 www.google.com
PING www.google.com (172.217.19.68) from 192.168.2.1 enxc0742bfff8b3: 56(84) bytes of data.
From orangepi (192.168.2.1) icmp_seq=1 Destination Host Unreachable
From orangepi (192.168.2.1) icmp_seq=2 Destination Host Unreachable
From orangepi (192.168.2.1) icmp_seq=3 Destination Host Unreachable

有人能帮助我理解缺少了什么吗？

谢谢，

相关内容