设置附加接口

设置附加接口

我有一台装有 Ubuntu Server 18.04 的专用服务器。我需要一个额外的 IP 地址,因此我租用了一个便宜的 VDS,然后在 VDS 上设置了 pptpd,在专用服务器上设置了 pptp。然后我在两台机器上都配置了 VPN 连接。然后我为我的专用服务器设置了一个静态本地 IP 地址作为 PPTP 客户端。PPTP 服务器的本地 IP 地址是192.168.0.1,PPTP 客户端的本地 IP 地址是192.168.0.10。我还通过 iptables 将一些端口从 VDS 转发到我的 PPTP 客户端(专用服务器):

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.10
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.0.10
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.0.10

专用服务器:

root@cencored:~# pon pptp
root@cencored:~# ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.1.10  netmask 255.255.255.0  broadcast 10.0.1.255
        inet6 fe80::dabb:c1ff:fe9d:f29a  prefixlen 64  scopeid 0x20<link>
        ether d8:bb:c1:9d:f2:9a  txqueuelen 1000  (Ethernet)
        RX packets 5143110  bytes 3266730706 (3.2 GB)
        RX errors 0  dropped 420968  overruns 0  frame 0
        TX packets 5426143  bytes 3358034990 (3.3 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 24290274  bytes 4438508584 (4.4 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24290274  bytes 4438508584 (4.4 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1496
        inet 192.168.0.10  netmask 255.255.255.255  destination 192.168.0.1
        ppp  txqueuelen 3  (Point-to-Point Protocol)
        RX packets 11  bytes 322 (322.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 102 (102.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

转发端口的东西不起作用,所以我尝试添加一个网关:

ip route add default via 192.168.0.1

现在它可以工作了,但是任何应用程序(例如 web-server、ssh 等)都无法从 enp1s0 访问。

然后我删除了网关并尝试配置 netplan:

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      addresses:
      - 10.0.1.10/24
      gateway4: 10.0.1.1
      nameservers:
        addresses:
        - 8.8.8.8
        - 8.8.4.4
        search: []
      optional: true
    ppp0:
      addresses:
      - 192.168.0.10/32
      gateway4: 192.168.0.1
      nameservers:
        addresses:
        - 8.8.8.8
        - 8.8.4.4
        search: []
      optional: true

netplan apply

现在route看起来像:

root@cencored:~# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         10.0.1.1        0.0.0.0         UG    0      0        0 enp1s0
default         192.168.0.1     0.0.0.0         UG    0      0        0 ppp0
10.0.1.0        0.0.0.0         255.255.255.0   U     0      0        0 enp1s0
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

但端口 80、8080、443 仍然无法通过互联网访问

答案1

我自己找到了解决方案。正确设置 netplan 和 iproute2 就足够了。

01-netcfg.yaml (网络计划)

network:
  version: 2
  ethernets:
    ppp0: 
      addresses: 
      - 192.168.0.10/32
      gateway4: 192.168.0.1
      mtu: 1496
      nameservers: 
        addresses: 
        - 8.8.8.8 
        - 8.8.4.4 
        search: [] 
      routes: 
        - to: 0.0.0.0/0 
          via: 192.168.0.1
          metric: 50
          table: 800 
      routing-policy: 
        - from: 192.168.0.10 
          table: 800 
          priority: 100
    enp1s0:
      addresses:
      - 10.0.1.10/24
      mtu: 1500
      gateway4: 10.0.1.1
      nameservers:
        addresses:
        - 8.8.8.8
        - 8.8.4.4
        search: []
      routes:
        - to: 0.0.0.0/0
          via: 10.0.1.1
          metric: 100
          table: 801
      routing-policy:
        - from: 10.0.1.10
          table: 801
          priority: 200

rt_tables (iproute2)

#
# reserved values
#
255 local
254 main
253 default
0   unspec
#
# local
#
#1  inr.ruhep
801 801
800 800

相关内容