Iptables
通過第二個介面訪問 Web 伺服器
我正在嘗試通過以下兩個介面(具有靜態 IP)訪問我的 Raspberry Pi 上的 Web 服務(埠 8080):
- 乙太網(eth0,172.22.0.99,連接到 Netgear 路由器)。
- Wi-Fi(wlan0、172.24.1.1,提供接入點)。
目前,如果我連接到 eth0 並獲得 IP 地址 172.22.0.x,我只能訪問 Web 服務。
如果我連接到 wlan0 上的 Wi-Fi 接入點,那麼我正確獲取了 IP 地址 172.24.1.x,因此 SSH 可以工作,但無法訪問 Web 服務(http://172.22.0.99:8080和http:/ /172.24.1.1:8080)。
我一直在使用 Windows 10 筆記型電腦測試上述內容。實際問題是我有許多 Arduinos 可以連接到 Pi 的 Wi-Fi 接入點 (wlan0),但無法訪問 Pi 的 Web 服務。因此,我目前不得不通過 Netgear 路由器連接它們,因此是 Pi 的 eth0。這是我試圖避免的。
另外:Pi 也在執行:
- OpenVPN,因此 eth0 被橋接(br0,tap0)。
- 一個 Wi-Fi 嗅探器(wlan1alfa,renameX)。
- 172.22.0.100/102/106/113 工作 Arduinos 的範例
各種輸出:
連接到 Pi 的 Wi-Fi 接入點時的 Windows 10 筆記型電腦:
ipconfig (on laptop 172.24.1.42):無線 LAN 適配器 Wi-Fi:
連接特定的 DNS 後綴。:
連結本地 IPv6 地址 。. . . . : fe80::7489:b292:4e73:cbfd%2
IPv4 地址。. . . . . . . . . . :172.24.1.42
子網遮罩 。. . . . . . . . . . : 255.255.255.0
預設網關 。. . . . . . . . : 172.24.1.1
http://172.22.0.99:8080/(在筆記型電腦 172.24.1.42 上)
Unable to connect Firefox can't establish a connection to the server at 172.22.0.99. The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer's network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.http://172.24.1.1:8080/(在筆記型電腦 172.24.1.42 上)
The connection has timed out The server at 172.24.1.1 is taking too long to respond. The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer's network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.圓周率:
$ ifconfig
br0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c inet addr:172.22.0.99 Bcast:172.22.255.255 Mask:255.255.0.0 inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0 TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:200587924 (191.2 MiB) TX bytes:137714386 (131.3 MiB) eth0 Link encap:Ethernet HWaddr b8:27:eb:1a:16:a3 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0 TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:200603903 (191.3 MiB) TX bytes:143711369 (137.0 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0 TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:129944607 (123.9 MiB) TX bytes:129944607 (123.9 MiB) rename7 Link encap:UNSPEC HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:328484228 (313.2 MiB) TX bytes:0 (0.0 B) tap0 Link encap:Ethernet HWaddr 82:85:54:54:e1:8c inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:135759131 (129.4 MiB) wlan0 Link encap:Ethernet HWaddr b8:27:eb:4f:43:f6 inet addr:172.24.1.1 Bcast:172.24.1.255 Mask:255.255.255.0 inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:479547 errors:0 dropped:0 overruns:0 frame:0 TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:30867423 (29.4 MiB) TX bytes:40144827 (38.2 MiB)$ ip路由
default via 172.22.0.1 dev br0 metric 205 default via 172.24.1.1 dev wlan0 metric 303 172.22.0.0/16 dev br0 proto kernel scope link src 172.22.0.99 metric 205 172.24.1.0/24 dev wlan0 proto kernel scope link src 172.24.1.1 metric 303$ ip地址顯示
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000 link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0 valid_lft forever preferred_lft forever inet6 fe80::f446:4155:5d19:860a/64 scope link valid_lft forever preferred_lft forever 4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff 5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff inet 172.22.0.99/16 brd 172.22.255.255 scope global br0 valid_lft forever preferred_lft forever inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link valid_lft forever preferred_lft forever 6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100 link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff inet6 fe80::8085:54ff:fe54:e18c/64 scope link valid_lft forever preferred_lft forever 7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000 link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ffiptables:
# Add a masquerade for outbound traffic on eth0 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE .. echo " # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)" sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0 sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0 sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0 sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0$ tail /var/log/messages 來自 iptables(無論是接受還是丟棄,都會記錄所有內容):
• Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0 • Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0 • Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0 • Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0 • Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0 • Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0 • Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0 • Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0 • Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0 • Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0 • Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0 • Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0 • Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0 • Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0 • Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0• Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0 • Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0 • Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0 • Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0 • Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0 • Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0 • Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0 • Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0 • Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0 • Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0編輯 1(但請參閱編輯 2)。Web 服務是“domoticz”:
$ sudo netstat -taupen | grep LISTEN tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 15295 1847/smbd tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1000 11927 1437/Xtightvnc tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN 1000 11924 1437/Xtightvnc tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 0 14462 1154/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 14453 1143/sshd tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN 1000 15768 716/node-red tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN 0 11708 903/mosquitto tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 15294 1847/smbd tcp6 0 0 :::139 :::* LISTEN 0 15293 1847/smbd tcp6 0 0 :::8080 :::* LISTEN 1000 4902627 25249/domoticz tcp6 0 0 :::53 :::* LISTEN 0 14464 1154/dnsmasq tcp6 0 0 :::22 :::* LISTEN 0 14455 1143/sshd tcp6 0 0 :::1883 :::* LISTEN 0 11709 903/mosquitto tcp6 0 0 :::445 :::* LISTEN 0 15292 1847/smbd tcp6 0 0 :::6144 :::* LISTEN 1000 4902635 25249/domoticz$ netstat -ntl
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:6001 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1880 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:1883 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp6 0 0 :::139 :::* LISTEN tcp6 0 0 :::8080 :::* LISTEN tcp6 0 0 :::53 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::1883 :::* LISTEN tcp6 0 0 :::445 :::* LISTEN tcp6 0 0 :::6144 :::* LISTEN編輯 2:配置更改後,Domoticz Web 伺服器現在正在偵聽 0.0.0.0:8080,但仍然如上所示失敗。
$ sudo netstat -taupen | grep domoticz
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 1000 21943078 27425/domoticz <<--- tcp 0 0 172.22.0.99:8080 172.22.0.102:52060 ESTABLISHED 1000 21949101 27425/domoticz tcp 0 0 172.22.0.99:8080 172.22.0.100:52135 ESTABLISHED 1000 21949100 27425/domoticz tcp 0 0 172.22.0.99:58528 172.22.0.99:1883 ESTABLISHED 1000 21946463 27425/domoticz tcp6 0 0 :::6144 :::* LISTEN 1000 21943086 27425/domoticz
問題解決了!我只執行以下單個刷新命令:
sudo iptables -F因此,特別是我沒有刷新所有 iptables 規則,例如。NAT。
因此,我遇到了一堆 PREROUTING 和 POSTROUTING 重複項:
$ sudo iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:192.168.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080 DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere MASQUERADE all -- anywhere anywhere一旦我在創建規則之前開始使用以下內容,它就會起作用(沒有其他更改):
sudo iptables -F sudo iptables -X sudo iptables -t nat -F sudo iptables -t nat -X sudo iptables -t mangle -F sudo iptables -t mangle -X sudo ipset flush sudo ipset destroy sudo ipset list顯然我也應該這樣做:
sudo iptables -t raw -F sudo iptables -t raw -X我現在有:
$ sudo iptables -t nat -L Chain PREROUTING (policy ACCEPT) target prot opt source destination DNAT tcp -- anywhere anywhere tcp dpt:http-alt to:172.22.0.99:8080 Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE all -- anywhere anywhere所以現在如果我在 172.24.1.1 (wlan0) 上連接到 Pi 的無線接入點並獲得 IP 地址 172.24.1.x 我可以通過http://172.24.1.1:8080訪問 Pi 上的 Domoticz Web 伺服器,即我想要的是。
以前的情況是我必須通過單獨的路由器(172.22.0.1),獲取 IP 地址 172.22.0.x,然後通過 eth0:http://172.22.0.99:8080 訪問Pi。