家里网络是猫 -> 路由(拨号) -> lan
公司内网 centos 机器,IP 10.0.65.190 ,zerotier 分配 IP 172.27.102.1
家里内网 macbook,IP 192.168.1.172 ,zerotier 分配 IP 172.27.101.1
路由策略如下
10.0.65.1/32 via 172.27.102.1
10.0.65.190/32 via 172.27.102.1
172.27.0.0/16 (LAN)
192.168.1.1/24 via 172.27.101.1
member 之间可以互相 ping 通 zerotier 分配的 ip
172.27.102.1 <-> 172.27.101.1
家里,192.168.1.172 可以直接 ping 通 10.0.65.190 并且能 ssh
ping 不通 10.0.65.1
公司,无法 ping 通,192.168.1.x 的设备
我也在 zerotier 里把两个 member 的 bridging 允许了
问题处在什么地方。。。
1
renothing 2020-03-10 13:16:48 +08:00 1
检查下公司内网机器是否开启 net.ipv4.ip_forward ?
|
3
Blacate 2020-03-10 14:09:10 +08:00 1
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
|
4
Blacate 2020-03-10 14:09:41 +08:00
#3 iptables 没配好吧
|
5
hambut OP @Blacate #3
# Generated by iptables-save v1.4.21 on Tue Mar 10 14:08:05 2020 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o ens192 -j MASQUERADE -A POSTROUTING -o ztklhwpcku -j MASQUERADE COMMIT # Completed on Tue Mar 10 14:08:05 2020 # Generated by iptables-save v1.4.21 on Tue Mar 10 14:08:05 2020 *filter :INPUT ACCEPT [911:130499] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [873:114822] -A FORWARD -i ztklhwpcku -j ACCEPT -A FORWARD -o ztklhwpcku -j ACCEPT COMMIT # Completed on Tue Mar 10 14:08:05 2020 目前 192.168.1.172 可以 ping 通 10.0.65.1 但是 10.0.65.190 还 ping 不回来,192.168.1.172 ,是因为 mac 某些配置的问题么(如果配置在路由层,加一条规则可能就对了) |
8
tia 2020-03-10 17:14:27 +08:00
iptables -I FORWARD -i zttg7qymqg -j ACCEPT
iptables -I FORWARD -o zttg7qymqg -j ACCEPT iptables -t nat -I POSTROUTING -o zttg7qymqg -j MASQUERADE |
10
laoyur 2020-03-10 20:30:31 +08:00
1. net.ipv4.ip_forward = 1
2. ``` iptables -t nat -A POSTROUTING -o ens192 -j MASQUERADE iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ztwhatthefvck -o ens192 -j ACCEPT ``` 这样肯定是可以的,我治好过好几台机器 |
12
VKLER 2020-03-15 14:51:39 +08:00
是否开启了 SELinux
|