服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Linux路由不起作用
Intereting Posts
VOIP,MySQL和HTTP服务器可接受的内存限制 将XML Spreadsheet从Mac Microsoft Excel 2011导出为XML数据 Tomcat – 图像目录的符号链接不显示图像 如何阻止IIS发送精细的GET请求到我的代理杂种服务器? 有没有人设法在Ubuntu 12.04上构buildphp5-xapian? 是否有可能build立多个负载均衡器与Apache? 查询root / webadministration名称空间内的各种类时出错 如何使用SFP +端口连接带有边缘/客户端交换机的核心交换机 我该如何解决Apache需要重新启动以旋转日志的事实? 为什么php函数不能在我的nginx中运行? Sendmail:DSN:服务不可用 禁用保存networking凭据Windows 8 UNIX的cron作业不能在所有的日程表上运行,就像它正在运行以前的版本一样? MTA处理过大的电子邮件 我如何在Windows 2008服务器上重新创build用户域join的configuration文件夹?

Linux路由不起作用

我得到了asus rt-n18u路由器,我想从本地networkingbuild立VPN访问

因此,我在路由器上安装了软件和vpnc,并在tun0接口上成功创build了vpn连接(下面的ifconfig)。 问题是我不能ping通/从本地networking连接到VPN,但我可以从路由器本身。

问题 – 如何将br0转发到tun0?

ip_forward设置为1

下面提供了iptables路由表。

ifconfig输出: 

br0 Link encap:Ethernet HWaddr F0:79:59:D3:7D:20 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:32993 errors:0 dropped:0 overruns:0 frame:0 TX packets:40247 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4436741 (4.2 MiB) TX bytes:31815424 (30.3 MiB) eth0 Link encap:Ethernet HWaddr F0:79:59:D3:7D:20 inet addr:212.XX.XX.XX Bcast:212.XX.XX.XX Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:412673 errors:0 dropped:0 overruns:0 frame:0 TX packets:431752 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:105828668 (100.9 MiB) TX bytes:121288162 (115.6 MiB) Interrupt:179 Base address:0x4000 eth1 Link encap:Ethernet HWaddr F0:79:59:D3:7D:20 UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:12545 errors:0 dropped:0 overruns:0 frame:212071 TX packets:22614 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1704797 (1.6 MiB) TX bytes:14120516 (13.4 MiB) Interrupt:163 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1 RX packets:4023 errors:0 dropped:0 overruns:0 frame:0 TX packets:4023 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:858801 (838.6 KiB) TX bytes:858801 (838.6 KiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-0 0-00 inet addr:198.XX.XX.XX PtP:198.XX.XX.XX Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1412 Metric:1 RX packets:284 errors:0 dropped:0 overruns:0 frame:0 TX packets:1172 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:26331 (25.7 KiB) TX bytes:95242 (93.0 KiB) vlan1 Link encap:Ethernet HWaddr F0:79:59:D3:7D:20 UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:230007 errors:0 dropped:0 overruns:0 frame:0 TX packets:205941 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:24156339 (23.0 MiB) TX bytes:98109904 (93.5 MiB)

tun0 – vpn

eth0 – WAN

br0 – 本地界面

这里是路由

 Destination Gateway Genmask Flags Metric Ref Use Iface 193.XX.XX.XX 1.45.XX.XX 255.255.255.255 UGH 0 0 0 eth0 147.XXX.XXX.XXX * 255.255.255.255 UH 0 0 0 tun0 212.90.XX.XX * 255.255.255.255 UH 0 0 0 eth0 172.24.6.254 * 255.255.255.255 UH 0 0 0 tun0 147.XXX.XXX.XXX * 255.255.255.255 UH 0 0 0 tun0 147.XXX.XXX.XXX * 255.255.255.255 UH 0 0 0 tun0 198.18.1.0 * 255.255.255.0 U 0 0 0 tun0 XXX.XXX.XXX.XXX * 255.255.255.0 U 0 0 0 tun0 192.168.1.0 * 255.255.255.0 U 0 0 0 br0 147.XXX.XXX.XXX * 255.255.255.0 U 0 0 0 tun0 147.XXX.XXX.XXX * 255.255.255.0 U 0 0 0 tun0 212.XXX.XXX.XXX * 255.240.0.0 U 0 0 0 tun0 10.0.0.0 * 255.0.0.0 U 0 0 0 tun0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default 1.45.XX.XX 0.0.0.0 UG 0 0 0 eth0

iptables -L 

 -P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -N FUPNP -N PControls -N SECURITY -N logaccept -N logdrop -A INPUT -p udp -m udp --dport 4672 -j ACCEPT -A INPUT -p udp -m udp --dport 4665 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4662 -j ACCEPT -A INPUT -p tcp -m tcp --dport 51413 -j ACCEPT -A INPUT -p udp -m udp --dport 51413 -j ACCEPT -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD ! -i br0 -o eth0 -j DROP -A FORWARD -m state --state INVALID -j DROP -A FORWARD -i br0 -o br0 -j ACCEPT -A FORWARD -m conntrack --ctstate DNAT -j ACCEPT -A OUTPUT -p udp -m udp --dport 4672 -j ACCEPT -A OUTPUT -p udp -m udp --dport 4665 -j ACCEPT -A OUTPUT -p tcp -m tcp --dport 4662 -j ACCEPT -A FUPNP -d 192.168.1.202/32 -p udp -m udp --dport 59077 -j ACCEPT -A FUPNP -d 192.168.1.202/32 -p tcp -m tcp --dport 59077 -j ACCEPT -A FUPNP -d 192.168.1.169/32 -p udp -m udp --dport 59077 -j ACCEPT -A FUPNP -d 192.168.1.169/32 -p tcp -m tcp --dport 59077 -j ACCEPT -A PControls -j ACCEPT -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/sec -j RETURN -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DROP -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -m limit --limit 1/sec -j RETURN -A SECURITY -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK RST -j DROP -A SECURITY -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j RETURN -A SECURITY -p icmp -m icmp --icmp-type 8 -j DROP -A SECURITY -j RETURN -A logaccept -m state --state NEW -j LOG --log-prefix "ACCEPT " --log-tcp-sequen ce --log-tcp-options --log-ip-options -A logaccept -j ACCEPT -A logdrop -m state --state NEW -j LOG --log-prefix "DROP " --log-tcp-sequence - -log-tcp-options --log-ip-options -A logdrop -j DROP

我是新来的networking,所以我感谢任何帮助! 

 iptables -I FORWARD -o tun0 -j ACCEPT iptables -I FORWARD -i tun0 -j ACCEPT iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE