Eu li muitos posts sobre como configurar 2 NICs, mas alguma ajuda seria muito apreciada. Estou planejando fazer um roteador usando um Orange Pi R1. Eu instalei o Ubuntu Xenial Server usando uma imagem do Armbian.
Eu configurei minhas interfaces assim:
# Wired adapter #1 (external interface)
auto eth0
iface eth0 inet dhcp
#2nd eth interface (internal interface)
auto enxc0742bfff8b3
iface enxc0742bfff8b3 inet static
address 192.168.2.1
network 192.168.2.0
netmask 255.255.255.0
broadcast 192.168.2.255
# Local loopback
auto lo
iface lo inet loopback
Em /etc/sysctl.conf, habilitei o encaminhamento de IP:
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
A saída da rota -n é:
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enxc0742bfff8b3
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enxc0742bfff8b3
Estou executando o isc-dhcp-server na interface enxc0742bfff8b3. Este é o meu / etc / default / isc-dhcp-server:
INTERFACES=enxc0742bfff8b3
e este é o meu /etc/dhcp/dhcpd.conf:
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.100 192.168.2.200;
}
Meu firewall está completamente aberto com o mascaramento ativado:
# Generated by iptables-save v1.6.0 on Sun Apr 1 20:22:26 2018
*mangle
:PREROUTING ACCEPT [544:42034]
:INPUT ACCEPT [544:42034]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [307:32628]
:POSTROUTING ACCEPT [307:32628]
COMMIT
# Completed on Sun Apr 1 20:22:26 2018
# Generated by iptables-save v1.6.0 on Sun Apr 1 20:22:26 2018
*nat
:PREROUTING ACCEPT [2:346]
:INPUT ACCEPT [2:346]
:OUTPUT ACCEPT [1:128]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Apr 1 20:22:26 2018
# Generated by iptables-save v1.6.0 on Sun Apr 1 20:22:26 2018
*filter
:INPUT ACCEPT [537:41562]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [303:31732]
COMMIT
# Completed on Sun Apr 1 20:22:26 2018
Minha eth0 recebe 192.168.0.16 do meu modem. Eu conectei um laptop ao enxc0742bfff8b3 e ele recebeu 192.168.2.100.
Minha interface externa pode fazer ping na internet:
root@orangepi:~# ping -I eth0 www.google.com
PING www.google.com (172.217.19.68) from 192.168.0.16 eth0: 56(84) bytes of data.
64 bytes from ham02s17-in-f4.1e100.net (172.217.19.68): icmp_seq=1 ttl=53 time=38.4 ms
64 bytes from ham02s17-in-f4.1e100.net (172.217.19.68): icmp_seq=2 ttl=53 time=37.9 ms
64 bytes from ham02s17-in-f4.1e100.net (172.217.19.68): icmp_seq=3 ttl=53 time=37.9 ms
E eu posso conectar-me a partir de qualquer dispositivo na rede 192.168.0.X.
Mas nenhum dispositivo conectado à interface interna (192.168.2.X) pode acessar a Internet:
root@orangepi:~# ping -I enxc0742bfff8b3 192.168.0.16
PING 192.168.0.16 (192.168.0.16) from 192.168.2.1 enxc0742bfff8b3: 56(84) bytes of data.
From 192.168.2.1 icmp_seq=1 Destination Host Unreachable
From 192.168.2.1 icmp_seq=2 Destination Host Unreachable
From 192.168.2.1 icmp_seq=3 Destination Host Unreachable
root@orangepi:~# ping -I enxc0742bfff8b3 192.168.0.1
PING 192.168.0.1 (192.168.0.1) from 192.168.2.1 enxc0742bfff8b3: 56(84) bytes of data.
From 192.168.2.1 icmp_seq=1 Destination Host Unreachable
From 192.168.2.1 icmp_seq=2 Destination Host Unreachable
From 192.168.2.1 icmp_seq=3 Destination Host Unreachable
root@orangepi:~# ping -I enxc0742bfff8b3 www.google.com
PING www.google.com (172.217.19.68) from 192.168.2.1 enxc0742bfff8b3: 56(84) bytes of data.
From orangepi (192.168.2.1) icmp_seq=1 Destination Host Unreachable
From orangepi (192.168.2.1) icmp_seq=2 Destination Host Unreachable
From orangepi (192.168.2.1) icmp_seq=3 Destination Host Unreachable
Alguém poderia me ajudar a entender o que está faltando?
Obrigado,
RG