(本来,我把它发布到StackOverflow,我把它移到networking工程,然后在这里。)
我有TP-LINK WR841N v9路由器并安装OpenWRT固件CHAOS CALMER (15.05.1, r48532) 。
我有/etc/config/network内容:
config interface 'lan' option force_link '1' option type 'bridge' option proto 'static' option ipaddr '10.15.252.3' option netmask '255.255.254.0' option gateway '10.15.252.1' option ifname 'eth0 eth1'
这里是ip link ls的输出:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc fq_codel master br-lan state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:25 brd ff:ff:ff:ff:ff:ff 4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff 5: br-lan: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff
我有两台电脑连接到4个LAN端口中的2个。 比方说电脑A和B
B ,它运作良好。 tcpdump来从网桥中获取stream量: tcpdump -i br-lan -n 'arp or icmp' -n'arp tcpdump -i br-lan -n 'arp or icmp' 。 我看到了arpstream量,但没有ICMPstream量。
我试图设置iptables规则来阻止在B INPUT和output链中的stream量,它不工作。
这里是命令brctl和ip的输出:
bridge name bridge id STP enabled interfaces br-lan 7fff.c46e1fb68e24 no eth0 eth1
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 63107 580 0 0 0 0 TX: bytes packets errors dropped carrier collsns 63107 580 0 0 0 0 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 64256004 445450 0 6 0 0 TX: bytes packets errors dropped carrier collsns 8775980 43685 0 0 0 0 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc fq_codel master br-lan state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:25 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 5: br-lan: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 57777761 444757 0 60579 0 0 TX: bytes packets errors dropped carrier collsns 8871188 44499 0 0 0 0 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 RX: bytes packets errors dropped overrun mcast 63107 580 0 0 0 0 TX: bytes packets errors dropped carrier collsns 63107 580 0 0 0 0 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 64256004 445450 0 6 0 0 TX: bytes packets errors dropped carrier collsns 8775980 43685 0 0 0 0 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc fq_codel master br-lan state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:25 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 4: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 0 0 0 0 0 0 TX: bytes packets errors dropped carrier collsns 0 0 0 0 0 0 5: br-lan: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether c4:6e:1f:b6:8e:24 brd ff:ff:ff:ff:ff:ff RX: bytes packets errors dropped overrun mcast 57777761 444757 0 60579 0 0 TX: bytes packets errors dropped carrier collsns 8871188 44499 0 0 0 0接口上肯定有大量TX和RX数据包。
所以,我的问题是:
1.如何使用tcpdump来通过网桥大stream量? (Bridge在第二层工作,假设工作,不是吗?)
2.如果我想将计算机B的stream量镜像到另一个端口(例如wan端口),我该怎么办? ( 我试图使用这个端口镜像工具 ,但它不工作。 )
(我想尝试ebtables ,但由于空间不足,无法安装到路由器上,而且我也找不到工具bridge来检查bridge上的前向数据库。)
我发现另一个相关的线程: 没有分配IP地址的 桥接口上的Tcpdump / Iptables和桥接口(virbr)上的tcpdump没有收到任何发往其地址之一的数据包 ,但是它不工作。
我已经重新configuration路由器来做以下事情:
1.分配eth0和eth1来桥接br-lan ;
2.将计算机B连接到eth1端口( wan端口);
3.在端口镜像configuration文件中,将来自eth1的stream量转发给A的 IP。
现在,我可以收听B中的所有stream量。 当然,tcpdump也可以通过br-lan捕获stream量。