如何從第一個介面共享網際網路到連接到第二個介面的設備?
如何設置網路以便連接到第二個乙太網介面的本地網路中的設備可以使用第一個乙太網介面上可用的網際網路?
使用 iproute2 我只能在本地網路中的設備和 Linux PC 之間建立連接,而 Linux PC 仍然有網際網路連接。但是,本地網路中的設備無法使用此 Internet 連接。
$$ Edit 2 $$目前配置基於this guide。 我猜我的 ip 路由地址不正確,這就是問題所在。
設置如下:
Internet | | | (enp0s31f6) = Linux PC = (enx00249b233bda) | | | NetworkSwitch | | |---(eth0) = Raspberry Pi 1 | | |---(eth0) = Raspberry Pi 2 -- ethernet cable | ethernet cable (eth0) network interface name$$ Edit $$目的是讓 Linux PC 和所有 Respberry Pi 連接到網際網路並相互連接。 所有設備都有靜態 IP 地址。
Linux PC 正在執行 Ubuntu 16.04
下面未列出的所有設置都應為預設設置。
Linux PC 目前設置
ifconfigenp0s31f6 Link encap:Ethernet HWaddr 48:4d:7e:b1:94:4d inet addr:128.40.57.144 Bcast:128.40.57.255 Mask:255.255.255.0 inet6 addr: fe80::4a4d:7eff:feb1:944d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1806664 errors:0 dropped:82518 overruns:0 frame:0 TX packets:81807 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:601022858 (601.0 MB) TX bytes:15652101 (15.6 MB) Interrupt:19 Memory:f7100000-f7120000 enx00249b233bda Link encap:Ethernet HWaddr 00:24:9b:23:3b:da inet addr:192.168.0.10 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::224:9bff:fe23:3bda/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:300302 errors:0 dropped:0 overruns:0 frame:0 TX packets:373077 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:26170910 (26.1 MB) TX bytes:476407809 (476.4 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:193 errors:0 dropped:0 overruns:0 frame:0 TX packets:193 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:17086 (17.0 KB) TX bytes:17086 (17.0 KB)
/etc/network/interfaces# Static IP for internet connection auto lo iface lo inet loopback auto enp0s31f6 iface enp0s31f6 inet static address 128.40.57.144 netmask 255.255.255.0 gateway 128.40.50.245 dns-nameservers 144.82.250.1 193.160.250.1 # Network adapter interfacing with RPis allow-hotplug enx00249b233bda iface enx00249b233bda inet static address 192.168.0.10 netmask 255.255.255.0 gateway 192.168.0.11 dns-nameservers 144.82.250.1 193.160.250.1 post-up ip route add 192.168.0.0/24 dev enx00249b233bda src 192.168.0.10 table rt2 post-up ip route add default via 192.168.0.11 dev enx00249b233bda table rt2 post-up ip rule add from 192.168.0.10/32 table rt2 post-up ip rule add to 192.168.0.10/32 table rt2
/etc/iproute2/rt_tables# # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 1 rt2
ip route showdefault via 128.40.50.245 dev enp0s31f6 onlink 128.40.57.0/24 dev enp0s31f6 proto kernel scope link src 128.40.57.144 169.254.0.0/16 dev enp0s31f6 scope link metric 1000 192.168.0.0/24 dev enx00249b233bda proto kernel scope link src 192.168.0.10樹莓派 1 目前設置
ifconfigeth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.22 netmask 255.255.255.0 broadcast 192.168.0.255 inet6 fe80::3fa1:761c:f861:dae3 prefixlen 64 scopeid 0x20<link> ether dc:a6:32:2f:11:38 txqueuelen 1000 (Ethernet) RX packets 7489 bytes 537762 (525.1 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 7417 bytes 2128900 (2.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 2270 bytes 215650 (210.5 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 2270 bytes 215650 (210.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 wlan0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500 ether dc:a6:32:2f:11:3b txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
/etc/network/interfaces# interfaces(5) file used by ifup(8) and ifdown(8) # Please note that this file is written to be used with dhcpcd # For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf' # Include files from /etc/network/interfaces.d: source-directory /etc/network/interfaces.d
/etc/dhcpcd.conf# A sample configuration for dhcpcd. # See dhcpcd.conf(5) for details. # Allow users of this group to interact with dhcpcd via the control socket. #controlgroup wheel # Inform the DHCP server of our hostname for DDNS. hostname # Use the hardware address of the interface for the Client ID. clientid # or # Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361. # Some non-RFC compliant DHCP servers do not reply with this set. # In this case, comment out duid and enable clientid above. #duid # Persist interface configuration when dhcpcd exits. persistent # Rapid commit support. # Safe to enable by default because it requires the equivalent option set # on the server to actually work. option rapid_commit # A list of options to request from the DHCP server. option domain_name_servers, domain_name, domain_search, host_name option classless_static_routes # Respect the network MTU. This is applied to DHCP routes. option interface_mtu # Most distributions have NTP support. #option ntp_servers # A ServerID is required by RFC2131. require dhcp_server_identifier # Generate SLAAC address using the Hardware Address of the interface #slaac hwaddr # OR generate Stable Private IPv6 Addresses based from the DUID slaac private # Example static IP configuration: #interface eth0 #static ip_address=192.168.0.10/24 #static ip6_address=fd51:42f8:caae:d92e::ff/64 #static routers=192.168.0.1 #static domain_name_servers=192.168.0.1 8.8.8.8 fd51:42f8:caae:d92e::1 # It is possible to fall back to a static IP if DHCP fails: # define static profile #profile static_eth0 #static ip_address=192.168.1.23/24 #static routers=192.168.1.1 #static domain_name_servers=192.168.1.1 # fallback to static profile on eth0 #interface eth0 #fallback static_eth0 # Static IP for connection to Recording PC interface eth0 static ip_address=192.168.0.22/24 static routers=192.168.0.11 static domain_name_servers=192.168.0.11
您的 RasPis 目前可以與 Linux PC 通信,因為它位於同一網段且 IP 地址為 192.168.0.10。但是,當 RasPi 嘗試訪問 Internet 中的某些內容時,它會嘗試將數據包發送到 192.168.0.11 以進行進一步路由。但是因為 Linux PC 在 RasPi 網路側的地址是 192.168.0.10而不是 .11,所以 Linux PC 將永遠不會收到 RasPi 的傳出數據包,因此無法路由它們。
這是錯誤的:RasPi 的路由器/網關地址應該設置為 192.168.0 .10,而不是 .11。
當您
gateway 192.168.0.11在 Linux PC 的配置中為指定時enx00249b233bda,這並不意味著 Linux PC 應該.11為自己的地址聲明 - 這意味著您是說RasPi 網路中的某個其他.11系統的地址具有 Internet 連接。這是錯誤的:Linux PC 不需要
gateway配置行enx00249b233bda,因為 Linux PC是RasPi 網路的網關。您應該從介面的配置中刪除或註釋掉該gateway行enx00249b233bda。我不明白你為什麼需要這些
ip route add東西:只需配置網路介面就會自動生成到 192.168.0.0/24 網路的路由,這足以滿足你的需要。註釋掉所有ip route add命令,重新啟動,然後繼續閱讀。由於您顯然只有一個公共 IP 地址,因此您必須在 Linux PC 上設置 IP 偽裝。簡單
iptables來說,它會這樣做:iptables -w -t nat -A POSTROUTING -s 192.168.0.0/24 -o enp0s31f6 -j MASQUERADE然後,您需要一些非常基本的規則來啟用從 RasPi 網路到外部世界的 IP 轉發,並接受任何返回的響應數據包:
iptables -w -t filter -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT iptables -w -t filter -A FORWARD -i enx00249b233bda -j ACCEPT對於需要特殊連接跟踪助手的某些協議,您可能必須添加如下行(這曾經是自動的,直到有人找到濫用它的方法。這就是為什麼我們不能有好的東西……抱怨…… ):
iptables -w -t raw -A PREROUTING -i enx00249b233bda -p tcp --dport 21 -j CT --helper ftp這會啟動從 RasPi 網路到 Internet 的傳出 FTP 控制連接所需的特殊處理。特殊處理會監控FTP控制連接並自動允許相應的數據連接通過。還有一些其他協議可能需要類似的處理。
除了 FTP,其他需要特殊處理的協議可能是:
- SNMP(UDP 埠 161,助手名稱
snmp)- SIP(TCP 和 UDP,埠 5060,助手名稱
sip)- IRC 聊天(TCP,埠號可能不同,助手名稱
irc)(我知道 Ubuntu 有
ufw,但我不知道如何使用它來設置等效的防火牆規則。如果其他人知道,請隨時在此處進行編輯。)在您啟動IPv4 路由主交換機之前**,上述所有操作都將完全無效**。首先,確保
/etc/sysctl.conf文件中有這一行:net.ipv4.ip_forward=1然後重新啟動,或執行此命令以使設置立即生效:
sudo sysctl -p(為什麼這個主交換機存在?基本上是為了讓將系統配置為路由器的人更有可能“完成了他們的功課”,因此有可能不會在網路中造成路由環路或任何其他愚蠢的事情。)