Ubuntu 12.04 – 以太网和键/桥之间的路由问题

我有一个有3个以太网设备和一个WiFi设备的设备。
我使用eth0作为内部networking（192.168.1.0/24），eth1，eth2和wlan0连接到外部networking（192.168.0.0/24）。 eth1和eth2在网桥中configurationbr0，br0和wlan0configuration为绑定（主动备份，br0为主设备）。

这是一个可视化的设置：

+---------------+ +-----------+ 192.168.0.3 | | | (Router) | | +---------------+ +---------+--------+ +---------------+ +->+ External Network +--+ 192.168.0.160 | | | 192.168.0.0/24 | +---------------+ | +------------------+ | +----------------------------------------------------------------+ | My Device | | +------------------+ | +------+ +--+---+ +------+ +-------+ | | Internal Network +-------+ eth0 +------+ | eth1 | | eth2 | | wlan0 | | | 192.168.1.0/24 | | +------+ | +--+---+ +--+---+ +-------+ | +--------+---------+ | 192.168.1.1 | | | | | | | +-------+-------+ + | | | | | | +------+-------+ | | +--+--+ + | | 192.168.1.62 | | | | br0 | | +--------------+ | | +--+--+ + | | | | | | | +-----------++ + + + + + + | | | | | | | +---+---+ | | +-----------------------+ bond0 | | | +-------+ | | 192.168.0.235 | | | +----------------------------------------------------------------+

我希望设备充当从内部networking到外部networking的路由器。不幸的是我不能得到它的工作。这里是我的configuration（wlan0目前没有configuration）：

 # /etc/network/interfaces auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.1.1 network 192.168.1.0 netmask 255.255.255.0 broadcast 192.168.1.255 # Network bridge between eth1 and eth2 allow-hotplug eth1 iface eth1 inet manual pre-up ifconfig $IFACE up pre-down ifconfig $IFACE down allow-hotplug eth2 iface eth2 inet manual pre-up ifconfig $IFACE up pre-down ifconfig $IFACE down auto br0 iface br0 inet manual bridge_ports eth1 eth2 bond-master bond0 bond-primary br0 bond-mode active-backup auto bond0 iface bond0 inet static address 192.168.0.235 netmask 255.255.255.0 gateway 192.168.0.3 dns-nameservers 8.8.8.8 8.8.4.4 bond-master bond0 bond-primary br0 bond-mode active-backup bond-miimon 100 bond-slaves none

我使用以下命令设置iptables并启用转发：

 /sbin/iptables -A FORWARD -o bond0 -i eth0 -m conntrack --ctstate NEW -j ACCEPT /sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT /sbin/iptables -t nat -A POSTROUTING -o bond0 -j MASQUERADE /sbin/sysctl -w net.ipv4.ip_forward=1

这就是路由表的样子：

 Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.3 0.0.0.0 UG 100 0 0 bond0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 bond0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

现在，当我尝试在连接到eth0的设备上运行ping 192.168.0.160 （设备具有ip 192.168.1.62）时，我没有收到任何回复。这是来自该设备的tcpdump：

 07:22:44.568488 IP 192.168.1.62 > 192.168.0.160: ICMP echo request, id 27191, seq 1, length 64 07:22:45.571836 IP 192.168.1.62 > 192.168.0.160: ICMP echo request, id 27191, seq 2, length 64 07:22:46.571892 IP 192.168.1.62 > 192.168.0.160: ICMP echo request, id 27191, seq 3, length 64 07:22:47.571984 IP 192.168.1.62 > 192.168.0.160: ICMP echo request, id 27191, seq 4, length 64

这里是我的设备的tcpdump（192.168.1.1 / 192.168.0.235）

 07:22:44.566474 IP 192.168.0.235 > 192.168.0.160: ICMP echo request, id 27191, seq 1, length 64 07:22:45.569468 IP 192.168.0.235 > 192.168.0.160: ICMP echo request, id 27191, seq 2, length 64 07:22:46.569490 IP 192.168.0.235 > 192.168.0.160: ICMP echo request, id 27191, seq 3, length 64 07:22:47.569496 IP 192.168.0.235 > 192.168.0.160: ICMP echo request, id 27191, seq 4, length 64

这里是来自目标设备的tcpdump（192.168.0.160）

 01:19:10.509404 IP 192.168.0.235 > 192.168.0.160: ICMP echo request, id 27191, seq 1, length 64 01:19:10.509477 IP 192.168.0.160 > 192.168.0.235: ICMP echo reply, id 27191, seq 1, length 64 01:19:11.512402 IP 192.168.0.235 > 192.168.0.160: ICMP echo request, id 27191, seq 2, length 64 01:19:11.512450 IP 192.168.0.160 > 192.168.0.235: ICMP echo reply, id 27191, seq 2, length 64 01:19:12.512369 IP 192.168.0.235 > 192.168.0.160: ICMP echo request, id 27191, seq 3, length 64 01:19:12.512414 IP 192.168.0.160 > 192.168.0.235: ICMP echo reply, id 27191, seq 3, length 64 01:19:13.512347 IP 192.168.0.235 > 192.168.0.160: ICMP echo request, id 27191, seq 4, length 64 01:19:13.512393 IP 192.168.0.160 > 192.168.0.235: ICMP echo reply, id 27191, seq 4, length 64

所以看起来，目标确实收到了ping并发送了一个回复，但是我的设备并没有做任何事情。

这就是我在ping运行的时候在syslog中得到的东西：

 Mar 16 07:22:44 cb035 kernel: [ 4673.602509] martian source 192.168.1.64 from 192.168.0.3, on dev br0 Mar 16 07:22:44 cb035 kernel: [ 4673.602562] ll header: 00:0d:b9:3c:23:71:40:4a:03:06:ef:86:08:00 Mar 16 07:22:44 cb035 kernel: [ 4673.737283] martian source 192.168.1.62 from 192.168.0.160, on dev br0 Mar 16 07:22:44 cb035 kernel: [ 4673.737306] ll header: 00:0d:b9:3c:23:71:00:0d:b9:2b:27:8c:08:00 Mar 16 07:22:45 cb035 kernel: [ 4674.740295] martian source 192.168.1.62 from 192.168.0.160, on dev br0 Mar 16 07:22:45 cb035 kernel: [ 4674.740318] ll header: 00:0d:b9:3c:23:71:00:0d:b9:2b:27:8c:08:00 Mar 16 07:22:46 cb035 kernel: [ 4675.740317] martian source 192.168.1.62 from 192.168.0.160, on dev br0 Mar 16 07:22:46 cb035 kernel: [ 4675.740341] ll header: 00:0d:b9:3c:23:71:00:0d:b9:2b:27:8c:08:00 Mar 16 07:22:47 cb035 kernel: [ 4676.740294] martian source 192.168.1.62 from 192.168.0.160, on dev br0 Mar 16 07:22:47 cb035 kernel: [ 4676.740317] ll header: 00:0d:b9:3c:23:71:00:0d:b9:2b:27:8c:08:00