无法从子网到达互联网

我已经安装了一个路由器,它已经连接到我的思科交换机的dd-wrt。 当前的configuration是192.168.1.0/24,如果路由器的子网和连接到它的设备。 192.168.2.0/24是用于连接路由器和交换机上的10.0.0.0/24子网的子网。

从交换机我可以达到任何IP在我的局域网包括192.168.1.1和我的networking上的任何主机可以达到10.0.0.0后,我的路由器路由表中添加以下规则…

10.0.0.0/24 dev eth1 proto kernel scope link src 192.168.2.1 

但是从我的交换机上的10.0.0.1接口,我无法达到8.8.8.8,但我可以从交换机上的192.168.2.2。

这是路由器上的整个路由表

 default via [redacted] dev eth0 10.0.0.0/24 dev eth1 proto kernel scope link src 192.168.2.1 127.0.0.0/8 dev lo scope link 169.254.0.0/16 dev br0 proto kernel scope link src 169.254.255.1 173.75.31.0/24 dev eth0 proto kernel scope link src 173.75.31.25 192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.1 192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1 

这里是路由器上的iptables规则。

 root@DD-WRT:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc DROP udp -- anywhere anywhere udp dpt:route DROP udp -- anywhere anywhere udp dpt:route ACCEPT udp -- anywhere anywhere udp dpt:route ACCEPT 0 -- anywhere anywhere ACCEPT icmp -- anywhere anywhere ACCEPT igmp -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:auth ACCEPT 0 -- anywhere anywhere state NEW ACCEPT 0 -- anywhere anywhere state NEW ACCEPT 0 -- anywhere anywhere DROP 0 -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT gre -- 192.168.1.0/24 anywhere ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:1723 ACCEPT 0 -- anywhere anywhere lan2wan 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere ACCEPT udp -- anywhere base-address.mcast.net/4 TRIGGER 0 -- anywhere anywhere TRIGGER type:in match:0 relate:0 trigger_out 0 -- anywhere anywhere ACCEPT 0 -- anywhere anywhere state NEW DROP 0 -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT 0 -- anywhere anywhere 

使用ifconfig

 ath0 Link encap:Ethernet HWaddr 60:38:E0:DB:AD:B3 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4013297 errors:0 dropped:419 overruns:0 frame:0 TX packets:5881012 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:291261174 (277.7 MiB) TX bytes:8927857512 (8.3 GiB) ath1 Link encap:Ethernet HWaddr 60:38:E0:DB:AD:B4 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3681 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:515104 (503.0 KiB) br0 Link encap:Ethernet HWaddr 60:38:E0:DB:AD:B2 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4010466 errors:0 dropped:1293 overruns:0 frame:0 TX packets:5874845 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:234596315 (223.7 MiB) TX bytes:8809281468 (8.2 GiB) br0:0 Link encap:Ethernet HWaddr 60:38:E0:DB:AD:B2 inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0 Link encap:Ethernet HWaddr 60:38:E0:DB:AD:B2 inet addr:redacted Bcast:redacted Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5874872 errors:0 dropped:1 overruns:0 frame:0 TX packets:4005880 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8809323335 (8.2 GiB) TX bytes:290200222 (276.7 MiB) Interrupt:194 eth1 Link encap:Ethernet HWaddr 60:38:E0:DB:AD:B2 inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:532 RX bytes:0 (0.0 B) TX bytes:168 (168.0 B) Interrupt:195 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MULTICAST MTU:65536 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:452 (452.0 B) TX bytes:452 (452.0 B) 

我忘了正确设置NAT翻译…

 iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to 173.75.6.2 

运行后,我能够从10.0.0.0/24 ping到互联网。 对于遇到此问题的其他人,您可以发出以下命令来查看当前的natconfiguration。

 iptables -t nat -L