У меня есть ноутбук, который подключается к Wi-Fi для доступа в Интернет. Этот компьютер работает под управлением Linux (Fedora) и выступает в роли DHCP-сервера для другого компьютера (ubuntu linaro), у которого нет адаптера Wi-Fi. Ноутбук и другой компьютер подключаются через перекрестный кабель через соответствующие порты Ethernet. Таким образом, ноутбук - это сервер DHCP, а другой компьютер - клиент DHCP.
Я проверил, что другой компьютер правильно получает адрес DHCP от ноутбука. Тем не менее, ping www.yahoo.com
не работает. Я также вижу в /etc/resolv.conf
клиентского компьютера DHCP, что правильные настройки находятся на сервере DHCP.
Я не внес никаких изменений в iptables
.
У меня вопрос, как я могу сказать ноутбуку для передачи DNS-запросов и доступа в Интернет от клиента DHCP в сеть Wi-Fi? Нужно ли запускать демон DNS тоже?
[idf@localhost ~]$ cat /proc/sys/net/ipv4/ip_forward
1
[idf@localhost ~]$
Вот вывод ifconfig -a на ноутбуке (DHCP-сервер)
[idf@localhost ~]$ ifconfig -a
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::28c:faff:feac:2de0 prefixlen 64 scopeid 0x20<link>
ether 00:8c:fa:ac:2d:e0 txqueuelen 1000 (Ethernet)
RX packets 899 bytes 123800 (120.8 KiB)
RX errors 0 dropped 8 overruns 0 frame 0
TX packets 1338 bytes 131506 (128.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 16
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 6557 bytes 1142539 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6557 bytes 1142539 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
inet6 fe80::5054:ff:fe0c:77c4 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:0c:77:c4 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1174 (1.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0-nic: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 52:54:00:0c:77:c4 txqueuelen 500 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.128.231.168 netmask 255.255.255.128 broadcast 10.128.231.255
inet6 fe80::2ae3:47ff:febd:bc4a prefixlen 64 scopeid 0x20<link>
ether 28:e3:47:bd:bc:4a txqueuelen 1000 (Ethernet)
RX packets 10004803 bytes 10357195255 (9.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7473957 bytes 1022964388 (975.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[idf@localhost ~]$
Вот мой файл dhcpd.conf
[idf@localhost ~]$ more /etc/dhcp/dhcpd.conf
ddns-update-style interim; # Required for dhcp 3.0+ / Red Hat 8.0+
ignore client-updates;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.128 192.168.1.254; # Range of IP addresses to be issued to DHCP clients
option subnet-mask 255.255.255.0; # Default subnet mask to be used by DHCP clients
option broadcast-address 192.168.1.255; # Default broadcastaddress to be used by DHCP clients
option routers 192.168.1.1; # Default gateway to be used by DHCP clients
option domain-name "synctrading.org";
option domain-name-servers 192.168.1.1; # Default DNS to be used by DHCP clients
option netbios-name-servers 192.168.1.100; # Specify a WINS server for MS/Windows clients.
# (Optional. Specify if used on your network)
# DHCP requests are not forwarded. Applies when there is more than one ethernet device and forwarding is configured.
# option ipforwarding off;
default-lease-time 21600; # Amount of time in seconds that a client may keep the IP address
max-lease-time 43200;
option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1; # Default NTP server to be used by DHCP clients
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless you understand Netbios very well
# option netbios-node-type 2;
}
[idf@localhost ~]$
РЕДАКТИРОВАТЬ 1
Следуя приведенным ниже инструкциям (я изменил серверы имен на google dns в файле dhcpd.conf), я сделал sudo tcpdump -i enp1s0
на ноутбуке. Затем из DHCP-клиента я попытался ping www.yahoo.com
и в дампе на DHCP-сервере распечатал некоторые интересные вещи. Интересно, что "admin prohibited"
, но я не знаю, что это значит или как это исправить.
22:46:31.697964 IP 192.168.1.128.42318 > google-public-dns-a.google.com.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.698068 IP localhost.localdomain > 192.168.1.128: ICMP host google-public-dns-a.google.com unreachable - admin prohibited, length 67
22:46:31.698593 IP 192.168.1.128.56805 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.698683 IP localhost.localdomain > 192.168.1.128: ICMP host alu7750testscr.xyz1.gblx.mgmt.Level3.net unreachable - admin prohibited, length 67
22:46:31.699123 IP 192.168.1.128.40441 > google-public-dns-a.google.com.domain: 15883+ A? www.yahoo.com. (31)
22:46:31.699180 IP localhost.localdomain > 192.168.1.128: ICMP host google-public-dns-a.google.com unreachable - admin prohibited, length 67
22:46:31.699598 IP 192.168.1.128.60984 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 15883+ A? www.yahoo.com. (31)
22:46:36.706262 IP 192.168.1.128.46076 > alu7750testscr.xyz1.gblx.mgmt.Level3.net.domain: 5928+ A? www.yahoo.com.synctrading.org. (47)
22:46:36.706356 IP localhost.localdomain > 192.168.1.128: ICMP host alu7750testscr.xyz1.gblx.mgmt.Level3.net unreachable - admin prohibited, length 83
22:46:36.707346 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1661:1729, ack 576, win 330, options [nop,nop,TS val 35236 ecr 4294953343], length 68
22:46:36.707409 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1729, win 277, options [nop,nop,TS val 4294958364 ecr 35236], length 0
22:46:36.707781 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1729:1765, ack 576, win 330, options [nop,nop,TS val 35236 ecr 4294958364], length 36
22:46:36.707823 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1765, win 277, options [nop,nop,TS val 4294958364 ecr 35236], length 0
22:46:36.710622 IP 192.168.1.128.ssh > localhost.localdomain.41245: Flags [P.], seq 1765:1833, ack 576, win 330, options [nop,nop,TS val 35237 ecr 4294958364], length 68
22:46:36.710663 IP localhost.localdomain.41245 > 192.168.1.128.ssh: Flags [.], ack 1833, win 277, options [nop,nop,TS val 4294958367 ecr 35237], length 0
22:46:46.577998 AoE length 46, Ver 1, Flags: [none]
РЕДАКТИРОВАТЬ 2
[idf@localhost ~]$ sudo iptables -L -n
[sudo] password for idf:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDI_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
FWDO_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation (5 references)
target prot opt source destination
FWDI_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
FWDI_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain FWDI_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDI_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation (5 references)
target prot opt source destination
FWDO_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
FWDO_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain FWDO_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain FWDO_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
IN_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation (5 references)
target prot opt source destination
IN_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
IN_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain IN_FedoraWorkstation_allow (1 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:137 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:138 ctstate NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:1025:65535 ctstate NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1025:65535 ctstate NEW
Chain IN_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain IN_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[idf@localhost ~]$
РЕДАКТИРОВАТЬ 3
[idf@localhost ~]$ sudo iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
PREROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
PREROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
POSTROUTING_direct all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0
POSTROUTING_ZONES all -- 0.0.0.0/0 0.0.0.0/0
MASQUERADE all -- 192.168.1.0/24 0.0.0.0/0
Chain OUTPUT_direct (1 references)
target prot opt source destination
Chain POSTROUTING_ZONES (1 references)
target prot opt source destination
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
POST_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain POSTROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain POSTROUTING_direct (1 references)
target prot opt source destination
Chain POST_FedoraWorkstation (5 references)
target prot opt source destination
POST_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
POST_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
POST_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain POST_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain POST_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain POST_FedoraWorkstation_log (1 references)
target prot opt source destination
Chain PREROUTING_ZONES (1 references)
target prot opt source destination
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
PRE_FedoraWorkstation all -- 0.0.0.0/0 0.0.0.0/0 [goto]
Chain PREROUTING_ZONES_SOURCE (1 references)
target prot opt source destination
Chain PREROUTING_direct (1 references)
target prot opt source destination
Chain PRE_FedoraWorkstation (5 references)
target prot opt source destination
PRE_FedoraWorkstation_log all -- 0.0.0.0/0 0.0.0.0/0
PRE_FedoraWorkstation_deny all -- 0.0.0.0/0 0.0.0.0/0
PRE_FedoraWorkstation_allow all -- 0.0.0.0/0 0.0.0.0/0
Chain PRE_FedoraWorkstation_allow (1 references)
target prot opt source destination
Chain PRE_FedoraWorkstation_deny (1 references)
target prot opt source destination
Chain PRE_FedoraWorkstation_log (1 references)
target prot opt source destination