Skip to main content

Network Config

· 3 min read
warning

文章中可能会存在不严谨内容/小白理解/低级错误,若发现存在问题,请联系我,我会第一时间修改文章

转发配置#

打开 Kernel 中的数据包 Forward 功能,关闭 Kernel 中的 rp_filter 严格模式

echo "net.ipv4.ip_forward=1" >> /etc/sysctl.confecho "net.ipv6.conf.default.forwarding=1" >> /etc/sysctl.confecho "net.ipv6.conf.all.forwarding=1" >> /etc/sysctl.confecho "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.confecho "net.ipv4.conf.all.rp_filter=0" >> /etc/sysctl.confsysctl -p

添加dummy网卡#

ip link add dn42 type dummy  #添加ip addr add <你给这这台机器分配的DN42 IPv4> dev dn42  #添加地址ip addr add <你给这这台机器分配的DN42 IPv6> dev dn42  #添加地址ip link set dev dn42 up  #启动

上述方式添加的网卡重启后会失效,需要重新添加,如果需要持久化配置,可以参考以下三种方式

  • systemd-networkd
tee /etc/systemd/network/10-dn42.netdev > /dev/null <<EOF[NetDev]Name=dn42Kind=dummyEOF
tee /etc/systemd/network/20-dn42.network > /dev/null <<EOF[Match]Name=dn42
[Network]Address=<你给这台机器分配的DN42 IPv4>/32Address=<你给这台机器分配的DN42 IPv6>/128EOF
systemctl enable systemd-networkdsystemctl restart systemd-networkd
  • netplan
tee /etc/netplan/99-dn42.yaml > /dev/null <<EOFnetwork:  version: 2  renderer: networkd  ethernets:    dn42:      match:        name: dn42      addresses:        - <你给这台机器分配的DN42 IPv4>/32        - "<你给这台机器分配的DN42 IPv6>/128"      accept-ra: noEOF
netplan apply
  • /etc/network/interface
tee -a /etc/network/interfaces > /dev/null <<EOFauto dn42iface dn42 inet static    address <你给这台机器分配的DN42 IPv4>    netmask 255.255.255.255
iface dn42 inet6 static    address <你给这台机器分配的DN42 IPv6>/128EOF
ifup dn42

防火墙、转发#

如果遇到了奇怪的错误,检查防火墙的FORWARD链

iptables -P FORWARD ACCEPT

单臂路由相关#

使用nft转发

清除nft规则:nft flush ruleset

创建nat表:nft add table ip nat

添加postrouting链:nft add chain ip nat postrouting { type nat hook postrouting priority 100 \; }

添加masquerade:nft add rule ip nat postrouting ip saddr 192.168.1.0/24 masquerade

添加IPV6 NAT表:nft add table ip6 nat

添加postrouting链:nft add chain ip6 nat postrouting { type nat hook postrouting priority srcnat\; }

添加masquerade:nft add rule ip6 nat postrouting ip6 saddr fd2b:e043:7d32::/64 masquerade

保存配置:nft list ruleset > /etc/nftables.conf

windows中添加dn42的NRPT规则#

将dn42域的解析请求发给172.20.0.53

#添加dn42,NRPT规则Add-DnsClientNrptRule -Namespace ".dn42" -NameServers "172.20.0.53"#删除Get-DnsClientNrptRule | Where-Object {$_.NameServers -contains "172.20.0.53"} | Remove-DnsClientNrptRule -Force