Em casa, tenho a seguinte rede: esquema
Basicamente, quero ter acesso à Internet na TV com a possibilidade de bloquear tráfego indesejado, como anúncios segmentados, etc.
Aqui estão as perguntas: 1. Como obtenho acesso da TV (ou PC), conectado a uma rede 192.168.101.x, à rede 192.168.100.x? 2. Como obtenho acesso da tv (ou pc), conectado a uma rede 192.168.101.x, à internet?
Eu posso pingar rede 192.168.101.x, graças ao
192.168.101.0 hp 255.255.255.0 UG 0 0 0 wlan0
rota no debian PC, mas não consigo pingar a rede 192.168.100.x da rede 192.168.101.x.
Aqui está a configuração que tentei:
root@HP:/home/dzmitry# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 1c:c1:de:a9:22:9c brd ff:ff:ff:ff:ff:ff
inet 192.168.101.1/24 brd 192.168.101.255 scope global enp2s0
valid_lft forever preferred_lft forever
inet6 fe80::1bbf:cdd:8b1b:939a/64 scope link
valid_lft forever preferred_lft forever
3: wlp6s0b1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 70:f3:95:ab:d8:4b brd ff:ff:ff:ff:ff:ff
inet 192.168.100.7/24 brd 192.168.100.255 scope global dynamic wlp6s0b1
valid_lft 79554sec preferred_lft 79554sec
inet6 fe80::75a8:3e65:f354:6f6/64 scope link
valid_lft forever preferred_lft forever
root@HP:/home/dzmitry# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.100.1 0.0.0.0 UG 0 0 0 wlp6s0b1
default 192.168.100.1 0.0.0.0 UG 600 0 0 wlp6s0b1
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 enp2s0
192.168.100.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp6s0b1
192.168.101.0 0.0.0.0 255.255.255.0 U 100 0 0 enp2s0
na interface enp2s0 (lan) tenho servidor dhcp. /etc/dhcp/dhcpd.conf na HP:
option domain-name-servers 192.168.100.1;
default-lease-time 600;
max-lease-time 7200;
subnet 192.168.101.0 netmask 255.255.255.0 {
range 192.168.101.2 192.168.101.255;
option routers 192.168.101.1;
Configuração de nftables na HP:
# firewall
table ip filter {
# allow all packets sent by the firewall machine itself
chain output {
type filter hook output priority 100; policy accept;
}
# allow LAN all
chain input {
type filter hook input priority 0; policy accept;
iifname "enp2s0" accept
iifname "wlp6s0b1" accept
}
# allow packets from LAN to WAN, and WAN to LAN if LAN initiated the connection
chain forward {
type filter hook forward priority 0; policy accept;
iifname "enp2s0" oifname "wlp6s0b1" accept
iifname "wlp6s0b1" oifname "enp2s0" accept
}
}
configuração do debian:
root@debian:/media/virtualization/home/dzmitry# ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:26:22:d7:a8:88 brd ff:ff:ff:ff:ff:ff
inet 169.254.9.56/16 brd 169.254.255.255 scope link eth0:avahi
valid_lft forever preferred_lft forever
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:26:82:a5:19:77 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.9/24 brd 192.168.100.255 scope global dynamic wlan0
valid_lft 82069sec preferred_lft 82069sec
inet6 fe80::226:82ff:fea5:1977/64 scope link
valid_lft forever preferred_lft forever
root@debian:/media/virtualization/home/dzmitry# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.100.1 0.0.0.0 UG 600 0 0 wlan0
default 0.0.0.0 0.0.0.0 U 1002 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 0 0 0 eth0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 wlan0
192.168.100.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan0
192.168.101.0 hp 255.255.255.0 UG 0 0 0 wlan0
PS. O encaminhamento de ipv4 está ativado no kernel da HP.