root@raspberrypi:/home/pi# apt-get install vim vlan dnsmasq iptables-persistent
pi@raspberrypi:~ $ cat /etc/network/interfaces
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
auto eth0.101
iface eth0.101 inet dhcp
auto eth0.102
iface eth0.102 inet static
address 192.168.102.1
netmask 255.255.255.0
network 192.168.102.0
broadcast 192.168.102.255
pi@raspberrypi:~ $ cat /etc/dnsmasq.conf
resolv-file=/etc/dnsmasq-resolv.conf
interface=eth0.102
listen-address=127.0.0.1
dhcp-range=192.168.102.1,192.168.102.254,12h
pi@raspberrypi:~ $ cat /etc/dnsmasq-resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
pi@raspberrypi:~ $ cat /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
printf "My IP address is %s\n" "$_IP"
fi
#/sbin/iptables -P FORWARD ACCEPT
#/sbin/iptables --table nat -A POSTROUTING -o eth0.101 -j MASQUERADE
WAN=eth0.101
LAN=eth0.102
LANIP=192.168.102.0
/sbin/iptables --flush
/sbin/iptables -A FORWARD -o $WAN -i $LAN -s $LANIP/24 -m conntrack --ctstate NEW -j ACCEPT
/sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
LAN=eth0.102
LANIP=192.168.102.0
/sbin/iptables --flush
/sbin/iptables -A FORWARD -o $WAN -i $LAN -s $LANIP/24 -m conntrack --ctstate NEW -j ACCEPT
/sbin/iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -t nat -F POSTROUTING
/sbin/iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
################################################
happycpu@happycpu:~$ cat internet_share.sh
#!/bin/bash
#set -x
if [ $# -ne 2 ];
then
echo "Usage: $ ./internet_share.sh [eth name connected to internet] [eth name connected to another device]"
exit
fi
# $1 : the name of ethernet for connecting to the interneet
# $2 : the name of ethernet for connecting to another client
sudo ip addr add 192.168.77.1/24 dev $2
sudo iptables --flush
sudo iptables -A FORWARD -o "$1" -i "$2" -s 192.168.77.0/24 -m conntrack --ctstate NEW -j ACCEPT
sudo iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
sudo iptables -t nat -F POSTROUTING
sudo iptables -t nat -A POSTROUTING -o "$1" -j MASQUERADE
sudo sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
댓글 없음:
댓글 쓰기