wangyu-
commented
5 years ago hi,我实验了一下,如果修改不了/etc/iproute2/rt_tables,可以直接用数字,例子:
[root@tplink-wdr4310:~]
$ cat /etc/iproute2/rt_tables
#
# reserved values
#
100 lanvpn
101 lanvpn2
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
#
170 LoadBalancer
171 MWAN1
172 MWAN2
173 MWAN3
174 MWAN4
[root@tplink-wdr4310:~]
$ ip ro replace table 999 default dev tun100
[root@tplink-wdr4310:~]
$ ip ro show table 999
default dev tun100 scope link
[root@tplink-wdr4310:~]
$ ip rule
0: from all lookup 128
1: from all lookup local
30001: from 192.168.202.128/25 lookup lanvpn
30001: from 192.168.200.0/25 lookup lanvpn
32766: from all lookup main
32767: from all lookup default
[root@tplink-wdr4310:~]
$ ip rule add from 192.168.254.0/25 lookup 999
[root@tplink-wdr4310:~]
$ ip rule
0: from all lookup 128
0: from 192.168.254.0/25 lookup 999
1: from all lookup local
30001: from 192.168.202.128/25 lookup lanvpn
30001: from 192.168.200.0/25 lookup lanvpn
32766: from all lookup main
32767: from all lookup default我在没修改rt_tables的情况下,直接用999这个数字当作table的名字,ip route和ip rule也操作成功了。 由此可见/etc/iproute2/rt_tables里面的东西只是起了个别名的作用(为了更易读),不添加的话也可以。
编辑文件/etc/iproute2/rt_tables,加入100 lanvpn
卡在这一步了,rt_tables只读而且没法修改权限,哪怕是root,提示Read-only file system。 看了下etc/iproute2/文件夹是指向/rom/iproute2/的,而/rom/内容完全是只读的,尽管权限是755。 请问有什么办法解决或者替代吗。。 固件自带的路由表 cat /etc/iproute2/rt_tables 100 wan0 111 ovpnc1 112 ovpnc2 113 ovpnc3 114 ovpnc4 115 ovpnc5 200 wan1
/ / / / / 目前已经完成的步骤,参考树莓派配置: Server 端:
开启ip forward:完成
echo 1 >/proc/sys/net/ipv4/ip_forward
配置SNAT:完成,因为使用10.22.0.0所以修改了原来例子里的10.222.0.0
iptables -t nat -A POSTROUTING -s 10.22.0.0/16 ! -d 10.22.0.0/16 -j MASQUERADE 命令执行后: sudo iptables -t nat -L -n -v
Chain PREROUTING (policy ACCEPT 7 packets, 6188 bytes) pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 7 packets, 6188 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 4 packets, 348 bytes) pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 4 packets, 348 bytes) pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- 10.22.0.0/16 !10.22.0.0/16
开启tinyfecvpn:(已是无限制版本)
./tinyvpn_amd64 -s -l0.0.0.0:4096 -f20:10 -k "passwd" --sub-net 10.22.22.0 [2018-08-07 04:06:52][INFO]argc=8 ./tinyvpn_amd64 -s -l0.0.0.0:4096 -f20:10 -k passwd --sub-net 10.22.22.0 [2018-08-07 04:06:52][INFO]sub_net 10.22.22.0 [2018-08-07 04:06:52][INFO]jitter_min=0 jitter_max=0 output_interval_min=0 output_interval_max=0 fec_timeout=8 fec_data_num=20 fec_redundant_num=10 fec_mtu=1250 fec_queue_len=200 fec_mode=0 [2018-08-07 04:06:52][INFO]using interface tun808
Client 端:(路由器)
把tun100设置成持久型的tun设备:路由器固件本身已占用tun100给wan0用?
cat /etc/iproute2/rt_tables 100 wan0 111 ovpnc1 112 ovpnc2 113 ovpnc3 114 ovpnc4 115 ovpnc5 200 wan1 所以自行命名tun101。 ip tuntap add tun101 mode tun 提示open: no such file or dictionary. 查询后得知梅林固件需要输入modprobe tun开启。 ifconfig tun101 up 命令执行后: ifconfig -a aux0 Link encap:Ethernet HWaddr
BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:148362 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11558675 (11.0 MiB) TX bytes:0 (0.0 B) Interrupt:179 Base address:0x4000
br0 Link encap:Ethernet HWaddr
inet addr:192.168.50.1 Bcast:192.168.50.255 Mask:255.255.255.0 UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:5143505 errors:0 dropped:0 overruns:0 frame:0 TX packets:5267609 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2316158800 (2.1 GiB) TX bytes:5243653701 (4.8 GiB)
eth0 Link encap:Ethernet HWaddr
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:62184592 errors:0 dropped:0 overruns:0 frame:0 TX packets:30470921 errors:2 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:3565074421 (3.3 GiB) TX bytes:3406593947 (3.1 GiB) Interrupt:181 Base address:0x6000
eth1 Link encap:Ethernet HWaddr
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:2200430 errors:0 dropped:0 overruns:0 frame:12640869 TX packets:2366934 errors:122 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1657014214 (1.5 GiB) TX bytes:1149781875 (1.0 GiB) Interrupt:163
eth2 Link encap:Ethernet HWaddr
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:33144412 errors:0 dropped:0 overruns:0 frame:527638 TX packets:68289780 errors:3381 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:2155596469 (2.0 GiB) TX bytes:1969783411 (1.8 GiB) Interrupt:169
ifb0 Link encap:Ethernet HWaddr
BROADCAST NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:32 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ifb1 Link encap:Ethernet HWaddr
BROADCAST NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:32 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1 RX packets:1127949 errors:0 dropped:0 overruns:0 frame:0 TX packets:1127949 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:229556872 (218.9 MiB) TX bytes:229556872 (218.9 MiB)
tun101 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
UP POINTOPOINT NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
vlan1 Link encap:Ethernet HWaddr
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1 RX packets:63113 errors:0 dropped:0 overruns:0 frame:0 TX packets:1662660 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:5496109 (5.2 MiB) TX bytes:846944698 (807.7 MiB)
vlan2 Link encap:Ethernet HWaddr
inet addr:10.96.93.148 Bcast:10.96.93.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:62269817 errors:0 dropped:0 overruns:0 frame:0 TX packets:28811299 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:89210281027 (83.0 GiB) TX bytes:2450121449 (2.2 GiB)
开启ip forward:完成
echo 1 >/proc/sys/net/ipv4/ip_forward
配置SNAT(MASQUERADE方式):完成
iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o br0 -j MASQUERADE (看了下路由器感觉应该用br0) iptables -t nat -A POSTROUTING -s 192.168.50.0/24 -o tun101 -j MASQUERADE 改完后: iptables -t nat -L -n -v Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- 0.0.0.0/0 192.168.1.1 tcp dpt:80 to:192.168.50.1:18017 122 17672 VSERVER all -- 0.0.0.0/0 10.96.93.148
Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 62 bytes) pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 62 bytes) pkts bytes target prot opt in out source destination
187K 16M PUPNP all -- vlan2 0.0.0.0/0 0.0.0.0/0
94102 9777K MASQUERADE all -- vlan2 !10.96.93.148 0.0.0.0/0
3194 537K MASQUERADE all -- br0 192.168.50.0/24 192.168.50.0/24
1 428 MASQUERADE all -- br0 192.168.50.0/24 0.0.0.0/0 (新增)
0 0 MASQUERADE all -- * tun101 192.168.50.0/24 0.0.0.0/0 (新增)
Chain DNSFILTER (0 references) pkts bytes target prot opt in out source destination
Chain LOCALSRV (0 references) pkts bytes target prot opt in out source destination
Chain PCREDIRECT (0 references) pkts bytes target prot opt in out source destination
Chain PUPNP (1 references) pkts bytes target prot opt in out source destination
Chain VSERVER (1 references) pkts bytes target prot opt in out source destination
122 17672 VUPNP all -- 0.0.0.0/0 0.0.0.0/0
Chain VUPNP (1 references) pkts bytes target prot opt in out source destination
0 0 DNAT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:9308 to:192.168.50.217:9308