Arch Linux网关-不能平因特网接口
Arch Linux网关-不能平因特网接口
提问于 2016-11-16 05:38:24
我用Arch建立了一个简单的网关:
GATEWAY# ifconfig eth0 172.27.210.221 netmask 255.255.255.0
GATEWAY# ifconfig wlan0 10.8.221.221 netmask 255.255.0.0
GATEWAY# iwconfig wlan0 essid OpenWifi
GATEWAY# echo 1 > /proc/sys/net/ipv4/ip_forward这是网关上的实际路由表:
DESTINATION GATEWAY GENMASK FLAGS METRIC REF USE IFACE
10.8.0.0 0.0.0.0 255.255.0.0 U 0 0 0 wlan0
172.27.210.0 0.0.0.0 255.255.255.0 U 202 0 0 eth0我在所有接口上禁用了rp_filter。
eth0连接到一个我无法访问的交换机。当一切正常时,接口将被配置为访问Internet。wlan0连接到一个开放的网络基础设施。
我有一个基于Arch Linux的客户端PC,通过以下设置连接到同一个无线网络:
CLIENT# iwconfig wlan0 essid OpenWifi
CLIENT# ifconfig wlan0 10.8.221.222 netmask 255.255.0.0
CLIENT# route add default gw 10.8.221.221 wlan0现在,我知道要共享Internet连接,我需要添加一个默认路由并在网关机器上设置NAT。但是,我想我应该能够从我的客户端平网关的eth0接口,而不需要任何额外的配置:
CLIENT# ping 172.27.210.221问题是,我没有得到任何答复。
网关wlan0接口上的tcpdump显示传入的ICMP请求和172.27.210.221到10.8.221.222之间的回复,但实际上我在客户机上没有收到任何反馈(我在客户机上使用tcpdump确认了这一点)。
如果我只使用以太网接口在两个VM上复制此设置,则完全没有问题。你知道会有什么问题吗?它是否与无线网络有关?
更新1
以下是从客户机10.8.221.222到网关172.27.210.221的ping期间iwconfig wlan0、iptables -nvL和tcpdump -npe在客户端和网关上的输出:
网关:
iwconfig wlp2s0b1
wlp2s0b1 IEEE 802.11 ESSID:"OpenWifi"
Mode:Managed Frequency:2.437 GHz Access Point: xxxxxxxxxxxx
Bit Rate=54 Mb/s Tx-Power=11 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=70/70 Signal level=-29 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:79 Invalid misc:772 Missed beacon:0
iptables -nvL
Chain INPUT (policy ACCEPT 172K packets, 22M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1132 packets, 95328 bytes)
pkts bytes target prot opt in out source destination
tcpdump -npe 'icmp'
03:29:23.876193 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 1, length 64
03:29:23.876277 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 1, length 64
03:29:24.893768 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 2, length 64
03:29:24.893842 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 2, length 64
03:29:25.908918 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 3, length 64
03:29:25.908999 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 3, length 64
03:29:26.920903 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 4, length 64
03:29:26.920969 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 4, length 64
03:29:27.933499 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 5, length 64
03:29:27.933618 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 5, length 64
03:29:28.944583 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 6, length 64
03:29:28.944650 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 6, length 64
03:29:29.958243 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 7, length 64
03:29:29.958323 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 7, length 64
03:29:30.971649 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 8, length 64
03:29:30.971744 yyyyyyyyyyyyyy > xxxxxxxxxxxxxx, ethertype IPv4 (0x0800), length 98: 172.27.210.221 > 10.8.221.222: ICMP echo reply, id 13006, seq 8, length 64客户端:
iwconfig wlp1s0
wlp1s0 IEEE 802.11 ESSID:"OpenWifi"
Mode:Managed Frequency:2.412 GHz Access Point: xxxxxxxxxxxx
Bit Rate=1 Mb/s Tx-Power=11 dBm
Retry short limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:on
Link Quality=54/70 Signal level=-56 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:1 Invalid misc:26 Missed beacon:0
iptables -nvL
Chain INPUT (policy ACCEPT 1665 packets, 149K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 765 packets, 64260 bytes)
pkts bytes target prot opt in out source destination
tcpdump -npe 'icmp'
12:29:30.950270 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 1, length 64
12:29:31.968238 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 2, length 64
12:29:32.981538 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 3, length 64
12:29:33.994868 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 4, length 64
12:29:35.008223 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 5, length 64
12:29:36.021575 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 6, length 64
12:29:37.034884 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 7, length 64
12:29:38.048205 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 8, length 64
12:29:39.061533 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 9, length 64
12:29:40.074884 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 10, length 64
12:29:41.088206 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 11, length 64
12:29:42.101534 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 12, length 64
12:29:43.114876 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 13, length 64
12:29:44.128193 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 14, length 64
12:29:45.141535 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 15, length 64
12:29:46.154870 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 16, length 64
12:29:47.168208 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 17, length 64
12:29:48.181573 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 18, length 64
12:29:49.194868 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 19, length 64
12:29:50.208171 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 20, length 64
12:29:51.221531 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 21, length 64
12:29:52.234870 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 22, length 64
12:29:53.248185 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 23, length 64
12:29:54.261521 xxxxxxxxxxxxxx > yyyyyyyyyyyyyy, ethertype IPv4 (0x0800), length 98: 10.8.221.222 > 172.27.210.221: ICMP echo request, id 13006, seq 24, length 64回答 1
Server Fault用户
发布于 2016-11-16 07:21:57
你所描述的应该是有效的。
尝试禁用iptables并再次尝试ping。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/815166
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号