我在为我的树莓派设置网桥时遇到问题。
我的设置是:
我有一台运行 fedora 27 工作站的笔记本电脑,它通过wifi. 我有一个 Raspberry Pi Zero W,它通过usb(只有usb,没有外部电源,没有以太网,什么都没有)连接到我的笔记本电脑。
我将stretch lite图像刷到我的pi,然后P4wnP1从这里安装:https
://github.com/mame82/P4wnP1
在我安装之前,P4wnP1我的pi有一个随机169.254.xxx.xxx地址,这就是为什么我将我的usb以太网接口的ip更改为正确的子网到sshpi。过了一会儿,我找到了正确的设置来让我的 pi 在线并下载 git 来克隆 repo。
在我运行install.sh并重新启动 pi 后,pi 有一个静态 IP 地址172.16.0.1。我尝试了同样的方法让它上线,改变了我的接口的 ip,ssh 到 pi,设置了我的 Fedora 机器的网关。
但我无法在线获取 pi。
我可能应该在这里提到我启用了“与其他计算机的共享连接”network manager并且还尝试了很多东西iptables,但我无法让它工作。
我花了过去 3 天试图弄清楚,但我没有成功。
这是我在 Fedora 上的 ifconfig:
$ ifconfig
enp0s20f0u6i1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.2 netmask 255.255.0.0 broadcast 172.16.255.255
inet6 fe80::f7f7:80c:8a15:5771 prefixlen 64 scopeid 0x20<link>
ether ee:98:9b:bc:37:ab txqueuelen 1000 (Ethernet)
RX packets 2687 bytes 186674 (182.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1648 bytes 176862 (172.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s31f6: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether c8:5b:76:6b:e4:90 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16 memory 0xf1200000-f1220000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 1982 bytes 177290 (173.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1982 bytes 177290 (173.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:08:e4:d3 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.2.106 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 fe80::ebcf:d3b1:5a74:185e prefixlen 64 scopeid 0x20<link>
ether e4:a7:a0:99:2e:8d txqueuelen 1000 (Ethernet)
RX packets 135496 bytes 72791497 (69.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 51579 bytes 21450089 (20.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
这里的enp0s20f06i3接口是连接到 pi 的接口。在我更改它的 IP 地址之前,它有一个10.46.0.1地址,这也是重启后的相同地址。
来自我的route -npi
pi@MAME82-P4WNP1:~ $ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.2 0.0.0.0 UG 0 0 0 usb0
172.16.0.0 0.0.0.0 255.255.255.252 U 0 0 0 usb0
172.24.0.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0
和我的 pi 的 ifconfig
pi@MAME82-P4WNP1:~ $ ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
usb0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.16.0.1 netmask 255.255.255.252 broadcast 172.16.0.3
inet6 fe80::cc4b:62ff:fe84:7df0 prefixlen 64 scopeid 0x20<link>
ether ce:4b:62:84:7d:f0 txqueuelen 1000 (Ethernet)
RX packets 1959 bytes 182340 (178.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3197 bytes 269463 (263.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.24.0.1 netmask 255.255.255.0 broadcast 172.24.0.255
inet6 fe80::ba27:ebff:fe5e:ceb7 prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:5e:ce:b7 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14 bytes 1404 (1.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
在route -n我的软呢帽上
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.2.1 0.0.0.0 UG 600 0 0 wlp4s0
172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp0s20f0u6i1
192.168.2.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp4s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
resolv.conf在我的圆周率上
pi@MAME82-P4WNP1:~ $ cat /etc/resolv.conf
# Generated by resolvconf
nameserver 10.46.0.1
nameserver 8.8.8.8
nameserver 8.8.4.4
在我的/etc/network/interfacespi 上
pi@MAME82-P4WNP1:~ $ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
dns-nameservers 8.8.8.8 8.8.4.4
auto usb0
iface usb0 inet manual
auto usb1
iface usb1 inet manual
最后我iptables在我的软呢帽上,我认为问题在于:
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 10.42.0.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 10.42.0.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_FedoraWorkstation all -- anywhere anywhere [goto]
FWDI_FedoraWorkstation all -- anywhere anywhere [goto]
FWDI_FedoraWorkstation all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_FedoraWorkstation all -- anywhere anywhere [goto]
FWDO_FedoraWorkstation all -- anywhere anywhere [goto]
FWDO_FedoraWorkstation all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation (3 references)
target prot opt source destination
FWDI_FedoraWorkstation_log all -- anywhere anywhere
FWDI_FedoraWorkstation_deny all -- anywhere anywhere
FWDI_FedoraWorkstation_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain FWDI_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation (3 references)
target prot opt source destination
FWDO_FedoraWorkstation_log all -- anywhere anywhere
FWDO_FedoraWorkstation_deny all -- anywhere anywhere
FWDO_FedoraWorkstation_allow all -- anywhere anywhere
Chain FWDO_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_FedoraWorkstation all -- anywhere anywhere [goto]
IN_FedoraWorkstation all -- anywhere anywhere [goto]
IN_FedoraWorkstation all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation (3 references)
target prot opt source destination
IN_FedoraWorkstation_log all -- anywhere anywhere
IN_FedoraWorkstation_deny all -- anywhere anywhere
IN_FedoraWorkstation_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
Chain IN_FedoraWorkstation_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpts:blackjack:65535 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpts:blackjack:65535 ctstate NEW
Chain IN_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
我想我只需要添加正确的条目,但我无法弄清楚,我搜索了很多论坛。
有没有办法更改网络的10.46.0.0/24条目172.16.0.0/24?
因为我的界面之前有那个IP,如果我可以在规则中交换IP,我会完成的,对吧?
我尝试sudo iptables -t nat -A POSTROUTING -o wlp4s0 -j MASQUERADE并且也尝试自己设置规则,但是我无法FORWARD相应地设置我的规则。
概括:
Pi 需要 Fedora 将流量转发到互联网。
圆周率
1个网卡(我们关心的)命名为:
usb0 -- 连接到 Fedora。
软呢帽:
互联网连接。
2个网卡(我们关心的)命名为:
wlp4s0 -- 无线网络
enp0s20f0u6i1 -- 连接到 pi。
为了让生活更简单,我建议停止可预测的网络接口名称。我们想使用网卡名称,不希望它们改变我们。
第 1 步: 通过在内核命令行中添加“net.ifnames=0”来停止 systemd 的可预测网络接口名称。
sudo vi /etc/default/grubGRUB_CMDLINE_LINUX="net.ifnames=0"现在更新 grub:
sudo grub-mkconfig -o /boot/grub/grub.cfg笔记:
我已经看到除了 net.ifnames=0 之外,值“biosdevname=0”被添加到内核命令行的位置。我的设置不需要它。
第2步:
通过创建新规则文件使用 udev 规则分配新名称
sudo vi /etc/udev/rules.d/10-myCustom-net.rulesSUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="08:00:27:f3:79:59", KERNEL=="eth*", NAME="test0"必须将
ATTR{address}=="08:00:27:f3:79:59"线路更改为您的MAC 地址。更改
NAME="test0"为您要为 nic 指定的名称。笔记:
ATTR{dev_id}=="0x0" and ATTR{type}=="1"从我的 Ubuntu 14 模板中删除。有人说要删除
KERNEL=="eth*"或忽略整行。在我的设置中不是这种情况。如果您像我一样因为我在此步骤之前重新启动而“丢失”了 MAC 地址,ifconfig 不显示,请在
/sys/class/net/assignedName/address.顺便说一句:这个系统重命名它
eth0,cat /sys/class/net/eth0/address第 3 步:
为新接口名称分配地址
sudo vi /etc/network/interfaces第4步:
重启(对我们大多数人来说更容易)
现在这只是为我们的 nic 提供了一个静态名称。
您只会将 iptable 规则添加到 Fedora,因此在 Pi 上不需要。
假设:
Fedora 和 Pi 都有默认路由表,没有 iptable 规则。
笔记:
我们希望保持我们的私有 IP 地址私有而不是公开。
圆周率:
将ip地址分配给usb0
sudo vi /etc/network/interfaces软呢帽:
启用 ipv4 转发
sudo vi /etc/sysctl.conf为 test0 分配 ip 地址(记住我们更改了上面的 nic 名称)
sudo vi /etc/network/interfacesIf wlp4s0 address assigned by DHCP it would look more like this
This is the internet connection
Set the iptable rules to forward the packets from test0 to wlp4s0 AND wrap the packets with a local subnet addressed... wrapper. Entering rules at the command line.
note:
No firewall rules are enabled. This is a bare minimum to get it working. Add other rules to secure your system.
Make the iptable rules persistent across reboots.
On Ubuntu16 the package name is
iptables-persistent. Fedora may be different.sudo apt-get install iptables-persistentSave the current iptable rules
iptables-save > /etc/iptables/rules.v4Reboot fedora.
Verify:
ip addresses.
iptable rules