我有一台装有 Ubuntu Server 18.04 的专用服务器。我需要一个额外的 IP 地址,因此我租用了一个便宜的 VDS,然后在 VDS 上设置了 pptpd,在专用服务器上设置了 pptp。然后我在两台机器上都配置了 VPN 连接。然后我为我的专用服务器设置了一个静态本地 IP 地址作为 PPTP 客户端。PPTP 服务器的本地 IP 地址是192.168.0.1
,PPTP 客户端的本地 IP 地址是192.168.0.10
。我还通过 iptables 将一些端口从 VDS 转发到我的 PPTP 客户端(专用服务器):
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.0.10
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.0.10
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 8080 -j DNAT --to-destination 192.168.0.10
专用服务器:
root@cencored:~# pon pptp
root@cencored:~# ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.1.10 netmask 255.255.255.0 broadcast 10.0.1.255
inet6 fe80::dabb:c1ff:fe9d:f29a prefixlen 64 scopeid 0x20<link>
ether d8:bb:c1:9d:f2:9a txqueuelen 1000 (Ethernet)
RX packets 5143110 bytes 3266730706 (3.2 GB)
RX errors 0 dropped 420968 overruns 0 frame 0
TX packets 5426143 bytes 3358034990 (3.3 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 24290274 bytes 4438508584 (4.4 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 24290274 bytes 4438508584 (4.4 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1496
inet 192.168.0.10 netmask 255.255.255.255 destination 192.168.0.1
ppp txqueuelen 3 (Point-to-Point Protocol)
RX packets 11 bytes 322 (322.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6 bytes 102 (102.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
转发端口的东西不起作用,所以我尝试添加一个网关:
ip route add default via 192.168.0.1
现在它可以工作了,但是任何应用程序(例如 web-server、ssh 等)都无法从 enp1s0 访问。
然后我删除了网关并尝试配置 netplan:
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
addresses:
- 10.0.1.10/24
gateway4: 10.0.1.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
optional: true
ppp0:
addresses:
- 192.168.0.10/32
gateway4: 192.168.0.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
optional: true
和netplan apply
现在route
看起来像:
root@cencored:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.0.1.1 0.0.0.0 UG 0 0 0 enp1s0
default 192.168.0.1 0.0.0.0 UG 0 0 0 ppp0
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 enp1s0
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
但端口 80、8080、443 仍然无法通过互联网访问
答案1
我自己找到了解决方案。正确设置 netplan 和 iproute2 就足够了。
01-netcfg.yaml (网络计划)
network:
version: 2
ethernets:
ppp0:
addresses:
- 192.168.0.10/32
gateway4: 192.168.0.1
mtu: 1496
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
routes:
- to: 0.0.0.0/0
via: 192.168.0.1
metric: 50
table: 800
routing-policy:
- from: 192.168.0.10
table: 800
priority: 100
enp1s0:
addresses:
- 10.0.1.10/24
mtu: 1500
gateway4: 10.0.1.1
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
routes:
- to: 0.0.0.0/0
via: 10.0.1.1
metric: 100
table: 801
routing-policy:
- from: 10.0.1.10
table: 801
priority: 200
rt_tables (iproute2)
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
801 801
800 800