Linux-Networking
我不明白為什麼
我有一個帶有 Raspbian Buster (10) 的樹莓派 3 b+,我正在嘗試建構一個路由器。我已經設置了流動程序:
- bind9 用於本地 dns 解析
- wifi熱點的hostapd
- bridge-utils 橋接多個 USB RJ45 網路適配器
- 用於 DHCP 的 isc-dhcp-server
除了https://www.blizzard.com/和https://elinux.org/RPi_VerifiedPeripherals之類的網站在 LAN 電腦上無法正常工作外,其他所有網站都可以在 tge raspberry 終端上與 wget 一起工作。
dig elinux.org ; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> elinux.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13532 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 83ac21300a7256c9547d18865dac8a7c05e503c74f8a2539 (good) ;; QUESTION SECTION: ;elinux.org. IN A ;; ANSWER SECTION: elinux.org. 288 IN A 140.211.9.40 ;; Query time: 5 msec ;; SERVER: 193.231.252.1#53(193.231.252.1) ;; WHEN: Sun Oct 20 17:25:32 BST 2019 ;; MSG SIZE rcvd: 83ping elinux.org PING elinux.org (140.211.9.40) 56(84) bytes of data. 64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=1 ttl=46 time=204 ms 64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=2 ttl=46 time=234 ms 64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=3 ttl=46 time=203 ms 64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=4 ttl=46 time=203 ms ^C --- elinux.org ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 6ms rtt min/avg/max/mdev = 203.260/211.043/234.063/13.298 msping elinux.org PING elinux.org (140.211.9.40) 56(84) bytes of data. 64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=1 ttl=46 time=204 ms 64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=2 ttl=46 time=234 ms 64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=3 ttl=46 time=203 ms 64 bytes from web3.osuosl.org (140.211.9.40): icmp_seq=4 ttl=46 time=203 ms ^C --- elinux.org ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 6ms rtt min/avg/max/mdev = 203.260/211.043/234.063/13.298 ms root@raspberrypi ~ # traceroute elinux.org traceroute to elinux.org (140.211.9.40), 30 hops max, 60 byte packets 1 10.0.0.1 (10.0.0.1) 1.565 ms 1.224 ms 1.262 ms 2 10.225.82.129 (10.225.82.129) 1.930 ms 1.918 ms 1.963 ms 3 static-10-220-142-133.rdsnet.ro (10.220.142.133) 5.718 ms static-10-220-142-135.rdsnet.ro (10.220.142.135) 5.515 ms static-10-220-142-131.rdsnet.ro (10.220.142.131) 5.406 ms 4 buca-b1-link.telia.net (62.115.165.184) 48.952 ms 48.961 ms 48.858 ms 5 win-bb2-link.telia.net (62.115.119.116) 39.329 ms 38.954 ms 39.079 ms 6 prag-b3-link.telia.net (62.115.137.41) 39.599 ms prag-b3-link.telia.net (62.115.136.219) 43.260 ms prag-b3- link.telia.net (62.115.137.41) 39.919 ms 7 be1299.ccr21.prg01.atlas.cogentco.com (130.117.14.217) 36.927 ms 37.006 ms 40.529 ms 8 be3029.ccr42.ham01.atlas.cogentco.com (154.54.59.61) 44.963 ms be3027.ccr41.ham01.atlas.cogentco.com (130.11 7.1.205) 48.916 ms 44.906 ms 9 be2816.ccr42.ams03.atlas.cogentco.com (154.54.38.209) 49.500 ms 49.530 ms be2815.ccr41.ams03.atlas.cogentco .com (154.54.38.205) 46.480 ms 10 be2183.ccr22.lpl01.atlas.cogentco.com (154.54.58.69) 150.451 ms be2182.ccr21.lpl01.atlas.cogentco.com (154.5 4.77.246) 145.172 ms 141.699 ms 11 be3042.ccr21.ymq01.atlas.cogentco.com (154.54.44.162) 201.322 ms be3043.ccr22.ymq01.atlas.cogentco.com (154. 54.44.166) 143.314 ms 140.090 ms 12 be2088.ccr21.alb02.atlas.cogentco.com (154.54.43.18) 149.432 ms 149.643 ms be3260.ccr32.yyz02.atlas.cogentc o.com (154.54.42.89) 144.251 ms 13 be2878.ccr21.cle04.atlas.cogentco.com (154.54.26.129) 141.580 ms be2994.ccr22.cle04.atlas.cogentco.com (154. 54.31.233) 149.237 ms be2879.ccr22.cle04.atlas.cogentco.com (154.54.29.173) 143.909 ms 14 be2717.ccr41.ord01.atlas.cogentco.com (154.54.6.221) 144.485 ms be2718.ccr42.ord01.atlas.cogentco.com (154.5 4.7.129) 140.289 ms 141.324 ms 15 be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169) 168.942 ms be2831.ccr21.mci01.atlas.cogentco.com (154. 54.42.165) 161.018 ms be2832.ccr22.mci01.atlas.cogentco.com (154.54.44.169) 160.662 ms 16 be3035.ccr21.den01.atlas.cogentco.com (154.54.5.89) 177.900 ms 175.603 ms 177.563 ms 17 be3037.ccr21.slc01.atlas.cogentco.com (154.54.41.145) 200.108 ms be3038.ccr32.slc01.atlas.cogentco.com (154. 54.42.97) 187.487 ms 192.694 ms 18 be2029.ccr22.sea02.atlas.cogentco.com (154.54.86.110) 193.006 ms 154.54.89.101 (154.54.89.101) 196.937 ms 195.776 ms 19 be2670.ccr21.pdx01.atlas.cogentco.com (154.54.42.150) 198.230 ms be2671.ccr21.pdx01.atlas.cogentco.com (154. 54.31.78) 200.333 ms be2670.ccr21.pdx01.atlas.cogentco.com (154.54.42.150) 198.074 ms 20 cogent-pdx.nero.net (38.142.108.50) 199.346 ms 202.199 ms 202.046 ms 21 ptck-p2-gw.nero.net (207.98.64.170) 194.704 ms ptck-p1-gw.nero.net (207.98.64.168) 191.265 ms ptck-p2-gw.ne ro.net (207.98.64.170) 194.576 ms 22 corv-p1-gw.nero.net (207.98.64.25) 199.337 ms corv-p2-gw.nero.net (207.98.64.27) 198.806 ms 201.314 ms 23 corv-car1-gw.nero.net (207.98.64.17) 205.363 ms corv-car1-gw.nero.net (207.98.64.19) 211.461 ms 202.935 ms 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * *視窗 10:
C:\Users\xx>ping elinux.org Pinging elinux.org [140.211.9.40] with 32 bytes of data: Reply from 140.211.9.40: bytes=32 time=203ms TTL=45 Reply from 140.211.9.40: bytes=32 time=203ms TTL=45 Reply from 140.211.9.40: bytes=32 time=203ms TTL=45 Reply from 140.211.9.40: bytes=32 time=203ms TTL=45C:\Users\IcyTeck>tracert elinux.org Tracing route to elinux.org [140.211.9.40] over a maximum of 30 hops: 1 1 ms <1 ms 1 ms 192.168.1.1 2 1 ms 1 ms 1 ms 10.0.0.1 3 2 ms 2 ms 2 ms 10.225.82.129 4 49 ms 72 ms 55 ms 10.220.142.133 5 40 ms 40 ms 40 ms buca-b1-link.telia.net [62.115.165.184] 6 37 ms 36 ms 36 ms prag-bb1-link.telia.net [62.115.119.122] 7 42 ms 42 ms 42 ms prag-b3-link.telia.net [62.115.136.219] 8 39 ms 37 ms 37 ms be1299.ccr21.prg01.atlas.cogentco.com [130.117.14.217] 9 45 ms 45 ms 45 ms be3029.ccr42.ham01.atlas.cogentco.com [154.54.59.61] 10 46 ms 46 ms 46 ms be2816.ccr42.ams03.atlas.cogentco.com [154.54.38.209] 11 147 ms 147 ms 147 ms be2183.ccr22.lpl01.atlas.cogentco.com [154.54.58.69] 12 147 ms 144 ms 142 ms be3043.ccr22.ymq01.atlas.cogentco.com [154.54.44.166] 13 141 ms 141 ms 142 ms be3260.ccr32.yyz02.atlas.cogentco.com [154.54.42.89] 14 146 ms 146 ms 146 ms be2994.ccr22.cle04.atlas.cogentco.com [154.54.31.233] 15 146 ms 146 ms 146 ms be2718.ccr42.ord01.atlas.cogentco.com [154.54.7.129] 16 172 ms 166 ms 166 ms be2832.ccr22.mci01.atlas.cogentco.com [154.54.44.169] 17 186 ms 180 ms 179 ms be3036.ccr22.den01.atlas.cogentco.com [154.54.31.89] 18 194 ms 194 ms 194 ms be3038.ccr32.slc01.atlas.cogentco.com [154.54.42.97] 19 194 ms 194 ms 194 ms 154.54.89.101 20 197 ms 197 ms 197 ms be2671.ccr21.pdx01.atlas.cogentco.com [154.54.31.78] 21 199 ms 199 ms 199 ms cogent-pdx.nero.net [38.142.108.50] 22 192 ms 193 ms 193 ms ptck-p1-gw.nero.net [207.98.64.168] 23 209 ms 204 ms 209 ms corv-p1-gw.nero.net [207.98.64.25] 24 213 ms 209 ms 209 ms corv-car1-gw.nero.net [207.98.64.19] 25 203 ms 203 ms 203 ms web3.osuosl.org [140.211.9.40]任何的想法?
非常感謝您,祝您週末愉快!
PS:這是我的防火牆腳本
#!/bin/bash echo "Setting sysctl ..." /sbin/sysctl net.ipv4.ip_forward=1 /sbin/sysctl net.ipv6.conf.default.forwarding=1 /sbin/sysctl net.ipv6.conf.all.forwarding=1 /sbin/sysctl -p echo "Cleanig ..." #Flash IPTABLES iptables -F iptables -t nat -F iptables -t mangle -F iptables -X echo "Creating ..." iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i ppp0 -j ACCEPT iptables -A INPUT -s 8x.1x.x.248 -j ACCEPT iptables -A INPUT -s 8x.1x.x.0 -j ACCEPT iptables -A INPUT -s 8x.1x.x.6 -j ACCEPT iptables -A INPUT -s 8x.1x.x.21 -j ACCEPT iptables -A INPUT -s 8x.1x.x.36 -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT iptables -A FORWARD -p icmp --icmp-type echo-reply -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE iptables -A INPUT -m iprange --src-range 192.168.0.0-192.168.0.255 -j ACCEPT iptables -A INPUT -m iprange --src-range 192.168.1.0-192.168.1.255 -j ACCEPT iptables -A FORWARD -j ACCEPT iptables -A OUTPUT -j ACCEPT #iptables -A nat -j ACCEPT iptables -A INPUT -j LOG --log-prefix "INPUT:DROP:" --log-level 4 iptables -A OUTPUT -j LOG --log-prefix "OUTPUT:DROP:" --log-level 4 iptables -A FORWARD -j LOG --log-prefix "FORWARD:DROP:" --log-level 4 iptables -A nat -j LOG --log-prefix "nat:DROP:" --log-level 4 iptables -A INPUT -j DROP echo "Droping ...:" #iptables -I INPUT -s 95.90.x.x -j DRO echo "Sysctl rules:" /sbin/sysctl -p echo "Iptables rules:" iptables -v -L -n
這聽起來像是 MTU 問題。因為您在乙太網上使用 PPP,所以最大數據包大小會減小 - 這可能會導致無法轉發大數據包的問題。直接從路由器發送的數據包更小,因為它們使用更小的 PPP 介面 MTU。
為 TCP 流量解決此問題的一種方法是 MTU 箝位 - 嘗試添加
iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp0 -j TCPMSS --clamp-mss-to-pmtu到您的 iptables 配置,看看是否可以解決問題。