我有一个带有三个网络接口的系统。以下是我要设置的配置。wlan0(实际上是WiFi AP接口)-其他设备通过此接口连接。net1-面向Internet的接口,必须链接到wlan0才能为通过wlan0连接的设备提供Internet服务。net0-面向受限Internet访问的接口,仅对来自此子网内的请求进行回答。
缺省接口是net0及其网关。ip route show的输出如下所示:
default via 10.228.103.241 dev net0
10.228.103.240/30 dev net0 src 10.228.103.242
现在,我想系统查找表7,以查找到eth0和net1的所有请求的路由规则。所以我创建了如下的ip规则:
0: from all lookup local
32758: from all lookup main
32762: from 8.8.0.0/16 lookup iTbl
32764: from 192.168.225.1 lookup iTbl
32765: from 192.168.172.2 lookup iTbl
32767: from all lookup default
8.8.0.0适用于名称服务器。它被列为iTbl,因为我在/ etc / iproute2 / rt_tables中将7定义为iTbl。
表7的ip route show如下所示:
default via 192.168.172.3 dev net1
8.8.0.0/16 via 192.168.172.3 dev net1
192.168.172.0/24 dev net1 src 192.168.172.2
192.168.225.0/24 dev wlan0 src 192.168.225.1
最后,我的iptables看起来像这样:
iptables -nvL
Chain INPUT (policy ACCEPT 245 packets, 49904 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 180 ACCEPT all -- wlan0 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 190 packets, 19182 bytes)
pkts bytes target prot opt in out source destination
iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 22 packets, 2205 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 21 packets, 2145 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 91 packets, 7782 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 90 packets, 7226 bytes)
pkts bytes target prot opt in out source destination
2 616 MASQUERADE all -- * net1 0.0.0.0/0 0.0.0.0/0
当我将设备连接到wlan0接口并尝试浏览Internet时,tcpdump显示来自wlan0的所有请求似乎都通过了net0,而实际上实际上必须通过net1。我阅读了许多帖子和论坛。经过尝试不同的事情后,我无法解决问题。我无法理解问题出在哪里。从tcpdump并从逻辑上看它,似乎对表7的ip规则查找不起作用。请帮助检查是否必须更正任何规则。