我有一台装有 Ubuntu Server 18.04 的专用服务器。我需要一个额外的 IP 地址,因此我租用了一个便宜的 VDS,然后在 VDS 上设置了 pptpd,在专用服务器上设置了 pptp。然后我在两台机器上都配置了 VPN 连接。然后我为我的专用服务器设置了一个静态本地 IP 地址作为 PPTP 客户端。PPTP 服务器的本地 IP 地址是192.168.0.1,PPTP 客户端的本地 IP 地址是192.168.0.10。我还通过 iptables 将一些端口从 VDS 转发到我的 PPTP 客户端(专用服务器):
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.10
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.0.10
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.0.10
专用服务器:
root@cencored:~# pon pptp
root@cencored:~# ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.10 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::dabb:c1ff:fe9d:f29a prefixlen 64 scopeid 0x20<link>
ether d8:bb:c1:9d:f2:9a txqueuelen 1000 (Ethernet)
RX packets 5143110 bytes 3266730706 (3.2 GB)
RX errors 0 dropped 420968 overruns 0 frame 0
TX packets 5426143 bytes 3358034990 (3.3 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 24290274 bytes 4438508584 (4.4 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24290274 bytes 4438508584 (4.4 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1496
inet 192.168.0.10 netmask 255.255.255.255 destination 192.168.0.1
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 11 bytes 322 (322.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 102 (102.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
转发端口的东西不起作用,所以我尝试添加一个网关:
ip route add default via 192.168.0.1
现在它可以工作了,但是任何应用程序(例如 web-server、ssh 等)都无法从 enp1s0 访问。
然后我删除了网关并尝试配置 netplan:
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
addresses:
- 10.0.1.10/24
gateway4: 10.0.1.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
optional: true
ppp0:
addresses:
- 192.168.0.10/32
gateway4: 192.168.0.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
optional: true
和netplan apply
现在route看起来像:
root@cencored:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.1.1 0.0.0.0 UG 0 0 0 enp1s0
default 192.168.0.1 0.0.0.0 UG 0 0 0 ppp0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
但端口 80、8080、443 仍然无法通过互联网访问
答案1
我自己找到了解决方案。正确设置 netplan 和 iproute2 就足够了。
01-netcfg.yaml (网络计划)
network:
version: 2
ethernets:
ppp0:
addresses:
- 192.168.0.10/32
gateway4: 192.168.0.1
mtu: 1496
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
routes:
- to: 0.0.0.0/0
via: 192.168.0.1
metric: 50
table: 800
routing-policy:
- from: 192.168.0.10
table: 800
priority: 100
enp1s0:
addresses:
- 10.0.1.10/24
mtu: 1500
gateway4: 10.0.1.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
routes:
- to: 0.0.0.0/0
via: 10.0.1.1
metric: 100
table: 801
routing-policy:
- from: 10.0.1.10
table: 801
priority: 200
rt_tables (iproute2)
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
801 801
800 800