我有這個清霧專業版帶有 armbian 圖像的路由器板。我想做的是透過clearfog pro 將 6 個 raspberryPi 連接到網路。最後,我希望所有 7 台電腦都有一個 IP 位址,這樣我就可以對它們中的每一台電腦進行查詢。在網上閱讀後,我發現我需要設置一個網橋才能實現這一點。
我首先嘗試了這些配置這裡。但它們對我不起作用。
這是我的 /etc/network/interfaces 檔案中的目前配置
auto lo br0 eth1 lan1
iface lo inet loopback
iface br0 inet dhcp
bridge_ports eth0 lan1
這是輸出ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether fe:cc:39:e2:0e:81 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP mode DEFAULT group default qlen 532 link/ether 00:50:43:25:fb:84 brd ff:ff:ff:ff:ff:ff
4: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 532 link/ether 00:50:43:84:25:2f brd ff:ff:ff:ff:ff:ff
5: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 532 link/ether 00:50:43:0d:19:18 brd ff:ff:ff:ff:ff:ff
6: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1 link/ipip 0.0.0.0 brd 0.0.0.0
7: lan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP mode DEFAULT group default qlen 1000 link/ether 00:50:43:84:25:2f brd ff:ff:ff:ff:ff:ff
13: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 00:50:43:25:fb:84 brd ff:ff:ff:ff:ff:ff
和ip route
192.168.178.0/24 dev br0 proto kernel scope link src 192.168.178.44
所以我嘗試 ssh192.168.178.44認為它會引導我到 lan1 上的計算機,但事實並非如此。我再次連接到clearfog。
我也嘗試橋接 eth1 和 eth0 但它返回can't add eth1 to bridge br0: Invalid argument
所以我的問題是:正確的橋接設定是什麼?
編輯:根據我的要求brctl show
bridge name bridge id STP enabled interfaces
br0 8000.00504325fb84 no eth0
lan1
ifconfig
br0 Link encap:Ethernet HWaddr 00:50:43:25:fb:84
inet addr:192.168.178.44 Bcast:192.168.178.255 Mask:255.255.255.0
inet6 addr: fe80::250:43ff:fe25:fb84/64 Scope:Link
inet6 addr: 2001:984:6433:1:250:43ff:fe25:fb84/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:572 errors:0 dropped:0 overruns:0 frame:0
TX packets:86 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:147582 (144.1 KiB) TX bytes:11762 (11.4 KiB)
eth0 Link encap:Ethernet HWaddr 00:50:43:25:fb:84
inet addr:192.168.178.44 Bcast:192.168.178.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1225 errors:0 dropped:0 overruns:0 frame:0
TX packets:118 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:318910 (311.4 KiB) TX bytes:15514 (15.1 KiB)
Interrupt:38
eth1 Link encap:Ethernet HWaddr 00:50:43:84:25:2f
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:532
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:39
lan1 Link encap:Ethernet HWaddr 00:50:43:84:25:2f
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
和ip route show
default via 192.168.178.1 dev br0
192.168.178.0/24 dev br0 proto kernel scope link src 192.168.178.44
192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.44
答案1
為了讓我正確理解,您有 6 個 RPi 連接到一個開關,也連接到 Clearfrog。您只希望 RPi 能夠相互溝通並透過 Clearfrog 存取網際網路。從現在起我將 Clearfrog 稱為 CF。
現在讓我們來看看您的 ip 連結:
1: lo <- loopback
2: bond0 <- special interface for traffic aggregation/bonding
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> <- Assuming this is your uplink
4: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> <- Assuming this is physically connected to your switch
5: eth2: <BROADCAST,MULTICAST> <- Assuming this is inactive
6: tunl0@NONE: <NOARP> <- Tunnel interface for vpn
7: lan1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> <- Lan1 isn't physical, it's a VLAN inteface.
13: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> <- bridge interface you created
我不清楚的是,您的路由器是否會在 WAN 端收到公用 IP 位址,或者是否會保留在另一個閘道後面。如果它位於另一個網關後面,您需要將 RPi 放在單獨的子網路上,並指示 CF 為您路由流量。
例如:
*internets*
^
|modem| -> |gateway| -> | switch |
^ ^ ^ ^
192.168.178.0/25 PC1 PC2 PC3 CF Primary Network
^
| switch |
^ ^ ^ ^ ^ ^
192.168.178.128/25 Pi Pi Pi Pi Pi Pi Pi Network
我已為您的主網路指派子網路 192.168.178.0/25 ,其可用範圍為 .1-.126 ;我已將子網 192.168.178.128/25 指派給您的 Pi 網絡,該網絡的可用範圍為 0.129-.254
我認為您之前嘗試做的是將兩個適配器橋接在一起。當兩個適配器後面有多個主機並且也有 MAC 位址時,您需要執行下列操作路由,不橋接。
畢竟,這是路由器不是嗎?問題是“如何進行交換機”,但是您不是使用此設備來控制兩個網路之間的流量嗎?否則,您可以刪除 CF 並放入一個啞開關,不需要嵌入式 Linux。
要刪除 br0:
brctl show | awk '{if(NR>1)print}' | awk '{print $NF}' | while read line ; do brctl delif br0 $line ; done
ifconfig br0 down
brctl delbr br0
接下來,讓我們準備路由器來執行路由器的操作。
編輯/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.178.126
network 192.168.178.0
netmask 255.255.255.128
gateway 192.168.178.1
broadcast 192.168.178.127
auto eth1
iface eth1 inet static
address 192.168.178.129
network 192.168.178.128
netmask 255.255.255.128
broadcast 192.168.178.255
然後編輯/etc/sysctl.conf並啟用轉送。你真的只需要第一行,但這是我通常用於路由器的行:
net.ipv4.conf.all.forwading=1
net.ipv4.conf.default.accept_source_route = 1
net.ipv4.tcp_synack_retries = 2
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.accept_source_route = 1
net.ipv4.conf.all.accept_redirects = 1
net.ipv4.conf.all.secure_redirects = 1
然後運行:sysctl -p
現在我們要新增路線。我建議執行 ip Routelushall,但是當您執行此操作時,您需要在控制台上,因為它會立即斷開您與 ssh 的連接。
ip route flush all
ip rule flush
ip route add 192.168.178.0/25 via 192.168.178.1 dev eth0
ip route add 192.168.178.128/25 src 192.168.178.129
ip route add default via 192.168.178.1 dev eth0
現在您想要前往主網路路由器並新增靜態路由:192.168.178.128/25 via 192.168.178.129 這告訴您的主網關/路由器,當內部網路上的主機想要連接到您的 RPi 網路時,轉送將請求進一步路由到CF(充當網關)。
回到 CF,我要做的最後一件事是在 iptables 中新增轉送規則:
#Allow rpi's to connect to the outside world but not initiate new connections to hosts on your primary network
iptables -I FORWARD -i eth1 -o eth0 -s 192.168.178.128/25 ! -d 192.168.178.0/25 -m conntrack --ctstate NEW -j ACCEPT
# Allow forwarding for established connections
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# Allow hosts on your primary network to initiate new connections to pi's
iptables -I FORWARD -i eth0 -o eth1 -s 192.168.178.0/25 -d 192.168.178.128/25 -m conntrack --ctstate NEW -j ACCEPT
您需要使用 iptables-save > /etc/iptables/rules.v4 來儲存這些規則
現在,您要么需要 CF 上的 dhcp 伺服器來為 Pi 分配 IP,要么需要為它們分配靜態位址。無論哪種情況,您都需要將其預設閘道設定為 CF 的 IP 192.168.178.129
這應該就是您所需要的。如果您有任何問題,請隨時發表評論,我會盡力幫助您。
答案2
在您的網路/介面檔案中:
auto lo br0 eth1 lan1
iface lo inet loopback
iface br0 inet dhcp
bridge_ports eth0 lan1
它有助於將事物分開一些
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1
iface eth1 inet manual
auto br0
iface br0 inet static #or dhcp
address <your address>
netmask 255.255.255.0
gateway <your gateway>
bridge_ports eth1
bridge_stp off
bridge_fd 0
希望這可以幫助