Использование сервера Ubuntu 20.04 в качестве маршрутизатора - нет Интернета на клиентах
Я пытаюсь настроить Ubuntu как небольшой маршрутизатор. Он имеет две сетевые карты и подключен к коммутатору. Я следую этому руководству: https://medium.com/@exesse/how-to-make-a-simple-router-gateway-from-ubuntu-server-18-04-lts-fd40b7bfec9
Сервер подключен к Интернету, и DHCP-сервер работает нормально - IP-адреса присваиваются клиентским машинам (как Windows, так и Ubuntu), и я могу подключиться к серверу по SSH. Однако у клиентов нет доступа в Интернет. Позвольте мне разместить некоторую информацию ниже.
Интерфейсы:
imarques@felix-cs:~$ ip -c a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp4s2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether 00:08:a1:97:21:2e brd ff:ff:ff:ff:ff:ff
inet 192.168.215.95/24 brd 192.168.215.255 scope global dynamic enp4s2
valid_lft 63882sec preferred_lft 63882sec
inet6 fe80::208:a1ff:fe97:212e/64 scope link
valid_lft forever preferred_lft forever
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:18:8b:16:a3:41 brd ff:ff:ff:ff:ff:ff
inet 10.42.0.1/24 brd 10.42.0.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::218:8bff:fe16:a341/64 scope link
valid_lft forever preferred_lft forever
enp4s2 - это подключение к Интернету на сервере, а enp2s0 - это сетевой адаптер, подключенный к коммутатору и предназначенный для совместного использования доступа в Интернет для клиентов.
Netplan:
imarques@felix-cs:~$ cat /etc/netplan/01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
version: 2
renderer: networkd
ethernets:
enp4s2:
dhcp4: yes
enp2s0:
dhcp4: no
addresses: [10.42.0.1/24]
Сервер DCHP:
imarques@felix-cs:~$ cat /etc/default/isc-dhcp-server
# Defaults for isc-dhcp-server (sourced by /etc/init.d/isc-dhcp-server)
# Path to dhcpd's config file (default: /etc/dhcp/dhcpd.conf).
#DHCPDv4_CONF=/etc/dhcp/dhcpd.conf
#DHCPDv6_CONF=/etc/dhcp/dhcpd6.conf
# Path to dhcpd's PID file (default: /var/run/dhcpd.pid).
#DHCPDv4_PID=/var/run/dhcpd.pid
#DHCPDv6_PID=/var/run/dhcpd6.pid
# Additional options to start dhcpd with.
# Don't use options -cf or -pf here; use DHCPD_CONF/ DHCPD_PID instead
#OPTIONS=""
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACESv4="enp2s0"
INTERFACESv6=""
imarques@felix-cs:~$ cat /etc/dhcp/dhcpd.conf
default-lease-time 86400;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 10.42.0.255;
authorative;
subnet 10.42.0.0 netmask 255.255.255.0 {
range 10.42.0.20 10.42.0.100;
option routers 10.42.0.1;
option domain-name-servers 10.42.0.1;
}
Переадресация IP:
imarques@felix-cs:~$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
Правила IPtables:
imarques@felix-cs:~$ cat /etc/iptables/rules.v4
# Generated by iptables-save v1.8.4 on Fri Nov 27 16:43:56 2020
*filter
:INPUT ACCEPT [195:13486]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [166:13592]
COMMIT
# Completed on Fri Nov 27 16:43:56 2020
# Generated by iptables-save v1.8.4 on Fri Nov 27 16:43:56 2020
*nat
:PREROUTING ACCEPT [21:2246]
:INPUT ACCEPT [9:1593]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp2s0 -j MASQUERADE
COMMIT
# Completed on Fri Nov 27 16:43:56 2020
Так было несколько дней, и я осмотрелся, но все инструкции казались похожими. Есть идеи?
##################################################################### ##########
правки (2020/12/15) и спасибо Дагу Смитису:
пинг с сервера:
imarques@felix-cs:~$ ping -c 4 www.sapo.pt
PING www.sapo.pt (213.13.146.142) 56(84) bytes of data.
64 bytes from sapo.pt (213.13.146.142): icmp_seq=1 ttl=242 time=14.9 ms
64 bytes from sapo.pt (213.13.146.142): icmp_seq=2 ttl=242 time=12.9 ms
64 bytes from sapo.pt (213.13.146.142): icmp_seq=3 ttl=242 time=13.5 ms
64 bytes from sapo.pt (213.13.146.142): icmp_seq=4 ttl=242 time=13.0 ms
--- www.sapo.pt ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 12.855/13.578/14.927/0.813 ms
imarques@felix-cs:~$ ping -c 4 213.13.146.142
PING 213.13.146.142 (213.13.146.142) 56(84) bytes of data.
64 bytes from 213.13.146.142: icmp_seq=1 ttl=242 time=13.4 ms
64 bytes from 213.13.146.142: icmp_seq=2 ttl=242 time=12.9 ms
64 bytes from 213.13.146.142: icmp_seq=3 ttl=242 time=12.9 ms
64 bytes from 213.13.146.142: icmp_seq=4 ttl=242 time=12.9 ms
--- 213.13.146.142 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 12.890/13.018/13.369/0.203 ms
пинг от клиента:
imarques@client07:~$ ping -c 4 www.sapo.pt
ping: www.sapo.pt: Name or service not known
imarques@client07:~$ ping -c 4 213.13.146.142
PING 213.13.146.142 (213.13.146.142) 56(84) bytes of data.
--- 213.13.146.142 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3057ms
tcpdump генерирует много вывода ... Я пробовал это при пинге того же IP от клиента:
imarques@felix-cs:~$ sudo tcpdump -i enp4s2 | grep 10.42
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp4s2, link-type EN10MB (Ethernet), capture size 262144 bytes
10:40:31.865636 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 1, length 64
10:40:32.866201 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 2, length 64
10:40:33.890199 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 3, length 64
10:40:34.914199 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 4, length 64
10:40:35.938194 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 5, length 64
10:40:36.962194 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 6, length 64
10:40:37.986188 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 7, length 64
10:40:39.010196 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 8, length 64
10:40:40.034196 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 9, length 64
10:40:41.058192 IP 10.42.0.94 > sapo.pt: ICMP echo request, id 21362, seq 10, length 64
iptables информация:
imarques@felix-cs:~$ sudo iptables -t nat -xnvL
Chain PREROUTING (policy ACCEPT 15969 packets, 1077775 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 15501 packets, 1031506 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1166 packets, 112828 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1269 packets, 118672 bytes)
pkts bytes target prot opt in out source destination
2 120 MASQUERADE all -- * enp2s0 0.0.0.0/0 0.0.0.0/0
imarques@felix-cs:~$ sudo iptables -xnvL
Chain INPUT (policy ACCEPT 89829 packets, 4283290 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 1774 packets, 289508 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 159993 packets, 37244234 bytes)
pkts bytes target prot opt in out source destination
Извините, но я не знаю, как проверить счетчик пакетов MASQUERADE. ..
############################################################################## #############################
второе редактирование (2020/12/15). перезагрузил сервер и клиент.
при пинге 213.13.146.142 от клиента (10.42.0.94):
imarques@felix-cs:~$ sudo iptables -t nat -xnvL
Chain PREROUTING (policy ACCEPT 2375 packets, 155967 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 2292 packets, 150880 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 25 packets, 1564 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 50 packets, 3008 bytes)
pkts bytes target prot opt in out source destination
1 60 MASQUERADE all -- * enp2s0 0.0.0.0/0 0.0.0.0/0
imarques@felix-cs:~$ sudo tcpdump -tttt -n -vvv -i enp2s0 host 213.13.146.142
tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes
2020-12-15 16:02:07.170117 IP (tos 0x0, ttl 64, id 13547, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 1, length 64
2020-12-15 16:02:08.176165 IP (tos 0x0, ttl 64, id 13620, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 2, length 64
2020-12-15 16:02:09.200188 IP (tos 0x0, ttl 64, id 13856, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 3, length 64
2020-12-15 16:02:10.224214 IP (tos 0x0, ttl 64, id 13971, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 4, length 64
2020-12-15 16:02:11.248242 IP (tos 0x0, ttl 64, id 14165, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 5, length 64
2020-12-15 16:02:12.272264 IP (tos 0x0, ttl 64, id 14275, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 6, length 64
2020-12-15 16:02:13.296286 IP (tos 0x0, ttl 64, id 14530, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 7, length 64
2020-12-15 16:02:14.320323 IP (tos 0x0, ttl 64, id 14641, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 8, length 64
2020-12-15 16:02:15.344341 IP (tos 0x0, ttl 64, id 14737, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 9, length 64
2020-12-15 16:02:16.368366 IP (tos 0x0, ttl 64, id 14801, offset 0, flags [DF], proto ICMP (1), length 84)
10.42.0.94 > 213.13.146.142: ICMP echo request, id 1625, seq 10, length 64
^C
10 packets captured
10 packets received by filter
0 packets dropped by kernel
imarques@felix-cs:~$ sudo iptables -t nat -xnvL
Chain PREROUTING (policy ACCEPT 3198 packets, 210191 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 3081 packets, 203146 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 25 packets, 1564 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 58 packets, 3456 bytes)
pkts bytes target prot opt in out source destination
1 60 MASQUERADE all -- * enp2s0 0.0.0.0/0 0.0.0.0/0
0
задан imarques
15 December 2020 в 19:06
поделиться