web-dev-qa-db-ja.com

結合されたLANインターフェースからWAN

UbuntuサーバーのLAN側とWAN側の間でパケットをルーティングできません。私はいくつかの援助を探しています。私のサーバーには5つのイーサネットポートがあります。1つはオンボード(eth0、WANに使用)、4つはPCIカード(eth1-eth4、bond0として結合され、LANに使用)です。どんな助けでもありがたいです。前もって感謝します。

DHCP経由でIPを取得した直接接続されたWindowsマシンからのpingテスト

C:\ Users\mike> ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : servo.firewall
   Link-local IPv6 Address . . . . . : fe80::ec54:579a:a4b5:991f%9
   IPv4 Address. . . . . . . . . . . : 10.10.10.108
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.10.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.pa.comcast.net

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.servo.firewall:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : servo.firewall

C:\ Users\mike> ping 10.10.10.1 <-サーバー

Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=15ms TTL=64
Reply from 10.10.10.1: bytes=32 time<1ms TTL=64
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
Reply from 10.10.10.1: bytes=32 time<1ms TTL=64

Ping statistics for 10.10.10.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 15ms, Average = 4ms

C:\ Users\mike> ping 10.0.0.1 <-WAN上の現在のゲートウェイアドレス

Pinging 10.0.0.1 with 32 bytes of data: 
Control-C
^C

C:\ Users\mike> ping yahoo.com <-DNSテスト

Ping request could not find Host yahoo.com. Please check the name and try again.

C:\ Users\mike> ping 8.8.8.8 <-public ip test

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out. 
Request timed out.

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

以下は、これを機能させるために編集した情報です

/ etc/default/ufw

DEFAULT_FORWARD_POLICY="ACCEPT"

/etc/ufw/sysctl.conf

net.ipv4.ip_forward=1
net/ipv6/conf/default/forwarding=1
net/ipv6/conf/all/forwarding=1

/etc/ufw/before.rules

# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic through eth0 - Change to match you out-interface
-A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

/ etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet manual
bond-master bond0

auto eth2
iface eth2 inet manual
bond-master bond0

auto eth3
iface eth3 inet manual
bond-master bond0

auto eth4
iface eth4 inet manual
bond-master bond0

auto bond0
iface bond0 inet static
address 10.10.10.1
netmask 255.255.255.0
bond-mode broadcast
bond-miimon 100
bond-slaves eth1 eth2 eth3 eth4
post-up iptables-restore < /etc/iptables.up.rules
post-up ip6tables-restore < /etc/ip6tables.up.rules

ifconfig

bond0     Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          inet addr:10.10.10.1  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::226:55ff:fedc:d84f/64 Scope:Link
          UP BROADCAST MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:3209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1362 errors:0 dropped:2 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:439418 (439.4 KB)  TX bytes:148509 (148.5 KB)

docker0   Link encap:Ethernet  HWaddr 02:42:d7:46:11:85
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:d7ff:fe46:1185/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23734 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:536 (536.0 B)  TX bytes:1631564 (1.6 MB)

eth0      Link encap:Ethernet  HWaddr 44:8a:5b:cd:95:56
          inet addr:10.0.0.201  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::468a:5bff:fecd:9556/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:362525 errors:0 dropped:0 overruns:0 frame:0
          TX packets:134713 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:91216243 (91.2 MB)  TX bytes:48392528 (48.3 MB)

eth1      Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:34 Memory:fe920000-fe940000

eth2      Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:40 Memory:fe900000-fe920000

eth3      Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:42 Memory:fe720000-fe740000

eth4      Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:3209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1362 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:439418 (439.4 KB)  TX bytes:148509 (148.5 KB)
          Interrupt:44 Memory:fe700000-fe720000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48953 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48953 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:8562847 (8.5 MB)  TX bytes:8562847 (8.5 MB)

vethdcf53dc Link encap:Ethernet  HWaddr 42:f9:a6:0e:bc:7a
          inet6 addr: fe80::40f9:a6ff:fe0e:bc7a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23750 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:648 (648.0 B)  TX bytes:1634701 (1.6 MB)

Sudo iptables -t nat -L -v

Chain PREROUTING (policy ACCEPT 2629 packets, 1186K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 125 packets, 32492 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 368 packets, 32186 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 368 packets, 32186 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  any    eth0    10.10.10.0/24        anywhere

Chain DOCKER (0 references)
 pkts bytes target     prot opt in     out     source               destination
networkingiptablesrouternatnetwork-bonding
1
freshjerky

以下のコマンドでこれを動作させることができました。私はufwルールでは不十分だったと思います。

Sudo iptables -A FORWARD -i eth0 -o bond0 -j ACCEPT 
Sudo iptables -A FORWARD -i bond0 -o eth0 -j ACCEPT 
Sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
0
freshjerky