Network

OpenWrt v2

2025-05-10

最近更新了家中 OpenWrt 的网络, 在宿主机增加一个 USB 网卡连通互联网, 拓扑图如下:

穷人版家庭网络拓扑图

准备 qcow2 镜像 #

首先下载最新的镜像, 截止目前最新版为23.05.3, 我这里下载的是x86-64的镜像 text

wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-generic-ext4-combined.img.gz
gunzip openwrt-23.05.3-x86-64-generic-ext4-combined.img.gz
qemu-img convert -f raw openwrt-23.05.3-x86-64-generic-ext4-combined.img -O qcow2 /var/lib/libvirt/images/openwrt.qcow2

配置宿主机桥接网络 #

/etc/netplan/ 目录只放 01-all.yaml 配置文件并执行 netplan apply 应用配置。

因为 USB 网卡重启后名称会变, 所以我这里通过 mac match 作了一个别名

network:
  version: 2
  renderer: NetworkManager

  ethernets:
    enp1s0:
      dhcp4: false
      dhcp6: false
    usb-nic:
      match:
        macaddress: "68:da:73:a1:c7:13"
      dhcp4: false
      dhcp6: false

  bridges:
    br0:
      dhcp4: false
      dhcp6: false
      addresses:
        - 192.168.1.100/24
      routes:
        - to: default
          via: 192.168.1.99
      nameservers:
        addresses:
          - 192.168.1.99
        search:
          - lan
      interfaces:
        - enp1s0
      parameters:
        stp: false
    br1:
      dhcp4: false
      dhcp6: false
      addresses:
        - 192.168.31.100/24
      interfaces:
        - usb-nic
      parameters:
        stp: false

启动 OpenWrt 虚拟机 #

我是用 libvirt 来管理qemu/kvm虚拟机, 如果没安装要先安装

...

Linux iptables

2025-03-02

持续更新…

iptables 介绍 #

四表五链

五链 #

为什么称为 链，因为每个 链 会有很多规则串在一起，每个经过的报文都要将这条链上的规则匹配一遍，如果有符合条件的规则，则执行规则对应的动作。

每个链会包含多个表的规则，如果包含对应的表，则表之间的执行顺序为：

# 具体每个表的作用看后面的 "四表" 介绍, 不是每个 "链" 都能包含全部的四个表
raw -> mangle -> nat -> filter

PREROUTING 链 #

数据包抵达系统内核空间时，由 PREROUTING 链负责

INPUT 链 #

进入内核空间后，如果检测到目的地址是本机，则由 INPUT 链负责

FORWARD 链 #

数据包如果不是要到本机，只是经过本机路由，就由 FORWARD 链负责

OUTPUT 链 #

数据包如果从本机出去，就由 OUTPUT 链负责

POSTROUTING 链 #

从内核空间出到网卡硬件设备之前做处理

数据包如果要离开本机，或者路由后，还有个 POSTROUTING 链负责

四表 #

具有相同功能的规则的集合叫做 表，iptables 定义了四种表。

...

Linux Bridge

2024-12-29

关于 Linux Bridge FDB

无线转有线网络

2024-04-09

通过无线网卡连接网络A(192.168.31.0/24), 无线网卡相当于WAN口，通过有线网卡接入网络B(192.168.1.0/24), 有线网卡相当于LAN口

准备一个ubuntu虚拟机`router` #

# 准备qcow2基础镜像
wget https://down.idc.wiki/Image/realServer-Template/current/qcow2/ubuntu22.qcow2 -O /var/lib/libvirt/images/ubuntu.qcow2
# 创建虚拟机以基础镜像为backing file的增量盘
qemu-img create -f qcow2 -F qcow2 -b /var/lib/libvirt/images/ubuntu.qcow2 /var/lib/libvirt/disks/router.qcow2 20G
# 创建并启动虚拟机
virt-install --name router --memory 512 --vcpus 1 --disk /var/lib/libvirt/disks/router.qcow2,bus=sata --import --os-variant ubuntu22.10 --network bridge=br0 --noautoconsole
# 设置自动启动
virsh autostart router

配置网络 #

将无线网卡透传进虚拟机 #

打开 virt-manager -> 双击 router domain -> 点击 Show virtual hardware details -> 点击 Add Hardware -> 点击 PCI Host Device -> 选择 Intel Corporation Wi-Fi 6 AX200 -> 点击 Finish

...

OpenWrt

2024-01-06

很久没折腾OpenWrt了, 囊中羞涩, 没有其他合适的设备, 这次是在KVM虚机中运行使用(ALL IN BOOM!)

先亮个当前的穷人版家庭网络拓扑图

穷人版家庭网络拓扑图

准备`qcow2`镜像 #

首先下载最新的镜像, 截止目前最新版为23.05.3, 我这里下载的是x86-64的镜像

wget https://mirror-03.infra.openwrt.org/releases/23.05.3/targets/x86/64/openwrt-23.05.3-x86-64-generic-ext4-combined.img.gz
# 解压
gunzip openwrt-23.05.3-x86-64-generic-ext4-combined.img.gz
# 这里因为我要作为KVM虚拟机的镜像, 所以转换为qcow2格式. 如果是在物理机上部署, 可以直接直接刷到U盘上.
qemu-img convert -f raw openwrt-23.05.3-x86-64-generic-ext4-combined.img -O qcow2 /var/lib/libvirt/images/openwrt.qcow2

运行虚机 #

我是用libvirt来管理qemu/kvm虚拟机, 如果没安装要先安装

apt install virt-manager qemu bridge-utils -y

我这里将镜像复制到了/var/lib/libvirt/disks/目录下

qemu-img create -f qcow2 -F qcow2 -b /var/lib/libvirt/images/openwrt.qcow2 /var/lib/libvirt/disks/openwrt.qcow2 1G

使用virt-install运行虚拟机, 这里网卡使用virtio类型并桥接到之前文档里创建的br0上, 选择virtio是因为性能最好, 可以达到10Gbps以上

# 运行, 这里网络指定的之前文章中创建的网桥网络br0
virt-install \
  --name openwrt \
  --memory 256 \
  --vcpus 1 \
  --network bridge=br0,model=virtio \
  --disk path=/var/lib/libvirt/disks/openwrt.qcow2,bus=ide \
  --import \
  --autostart \
  --osinfo detect=on,require=off \
  --noautoconsole

配置网络 #

连接console配置网络

...

dhclient 问题

2023-10-09

在机器上使用netplan+NetworkManager配置bridged network之后

最近经常电脑用着用着就不能联网了，发现enp1s0总是偶尔冒出一个ipv4地址，并且路由表会多出一个从enp1s0出去的default路由。后来看journalctl日志发现是dhclient搞的事情(学艺不精, 没第一时间联系起来)。

下面是部分日志：

➜  ~ journalctl -n 1000000 | grep '192.168.1.22\|enp1s0'
...
10月 09 20:14:25 gobai-SER dhclient[107299]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x4745a8ce)
10月 09 20:14:26 gobai-SER dhclient[73666]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x2cfc74b3)
10月 09 20:14:26 gobai-SER dhclient[157839]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x453b8549)
10月 09 20:14:28 gobai-SER dhclient[170251]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x334a15e8)
10月 09 20:14:28 gobai-SER dhclient[237127]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x7fd24947)
10月 09 20:14:32 gobai-SER avahi-autoipd(enp1s0)[307826]: Found user 'avahi-autoipd' (UID 110) and group 'avahi-autoipd' (GID 119).
10月 09 20:14:32 gobai-SER avahi-autoipd(enp1s0)[307826]: Successfully called chroot().
10月 09 20:14:32 gobai-SER avahi-autoipd(enp1s0)[307826]: Successfully dropped root privileges.
10月 09 20:14:32 gobai-SER avahi-autoipd(enp1s0)[307826]: Starting with address 169.254.4.220
10月 09 20:14:32 gobai-SER avahi-autoipd(enp1s0)[307826]: Got SIGTERM, quitting.
10月 09 20:14:32 gobai-SER dhclient[170251]: DHCPDISCOVER on enp1s0 to 255.255.255.255 port 67 interval 3 (xid=0x1f69d35f)
10月 09 20:14:32 gobai-SER dhclient[170251]: DHCPOFFER of 192.168.1.22 from 192.168.1.1
10月 09 20:14:32 gobai-SER dhclient[170251]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x5fd3691f)
10月 09 20:14:32 gobai-SER dhclient[170251]: DHCPACK of 192.168.1.22 from 192.168.1.1 (xid=0x1f69d35f)
10月 09 20:14:32 gobai-SER avahi-daemon[588]: Joining mDNS multicast group on interface enp1s0.IPv4 with address 192.168.1.22.
10月 09 20:14:32 gobai-SER avahi-daemon[588]: New relevant interface enp1s0.IPv4 for mDNS.
10月 09 20:14:32 gobai-SER avahi-daemon[588]: Registering new address record for 192.168.1.22 on enp1s0.IPv4.
10月 09 20:14:32 gobai-SER systemd-resolved[237121]: enp1s0: Bus client set search domain list to: home
10月 09 20:14:32 gobai-SER dhclient[157839]: DHCPDISCOVER on enp1s0 to 255.255.255.255 port 67 interval 3 (xid=0x41cc913f)
10月 09 20:14:32 gobai-SER systemd-resolved[237121]: enp1s0: Bus client set DNS server list to: 192.168.1.1, 223.5.5.5
10月 09 20:14:32 gobai-SER dhclient[157839]: DHCPOFFER of 192.168.1.22 from 192.168.1.1
10月 09 20:14:32 gobai-SER dhclient[157839]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x3f91cc41)
10月 09 20:14:32 gobai-SER dhclient[157839]: DHCPACK of 192.168.1.22 from 192.168.1.1 (xid=0x41cc913f)
10月 09 20:14:32 gobai-SER dhclient[170251]: bound to 192.168.1.22 -- renewal in 32921 seconds.
10月 09 20:14:32 gobai-SER dhclient[157839]: bound to 192.168.1.22 -- renewal in 36989 seconds.
10月 09 20:14:35 gobai-SER avahi-daemon[588]: Withdrawing address record for 192.168.1.22 on enp1s0.
10月 09 20:14:35 gobai-SER avahi-daemon[588]: Leaving mDNS multicast group on interface enp1s0.IPv4 with address 192.168.1.22.
10月 09 20:14:35 gobai-SER avahi-daemon[588]: Interface enp1s0.IPv4 no longer relevant for mDNS.
10月 09 20:14:35 gobai-SER avahi-autoipd(enp1s0)[307982]: Found user 'avahi-autoipd' (UID 110) and group 'avahi-autoipd' (GID 119).
10月 09 20:14:35 gobai-SER avahi-autoipd(enp1s0)[307982]: Successfully called chroot().
10月 09 20:14:35 gobai-SER avahi-autoipd(enp1s0)[307982]: Successfully dropped root privileges.
10月 09 20:14:35 gobai-SER avahi-autoipd(enp1s0)[307982]: Starting with address 169.254.4.220
10月 09 20:14:35 gobai-SER avahi-autoipd(enp1s0)[307982]: Got SIGTERM, quitting.
10月 09 20:14:36 gobai-SER dhclient[73666]: DHCPDISCOVER on enp1s0 to 255.255.255.255 port 67 interval 3 (xid=0x50a89e0e)
10月 09 20:14:36 gobai-SER dhclient[73666]: DHCPOFFER of 192.168.1.22 from 192.168.1.1
10月 09 20:14:36 gobai-SER dhclient[73666]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0xe9ea850)
10月 09 20:14:36 gobai-SER dhclient[73666]: DHCPACK of 192.168.1.22 from 192.168.1.1 (xid=0x50a89e0e)
10月 09 20:14:36 gobai-SER avahi-daemon[588]: Joining mDNS multicast group on interface enp1s0.IPv4 with address 192.168.1.22.
10月 09 20:14:36 gobai-SER avahi-daemon[588]: New relevant interface enp1s0.IPv4 for mDNS.
10月 09 20:14:36 gobai-SER avahi-daemon[588]: Registering new address record for 192.168.1.22 on enp1s0.IPv4.
10月 09 20:14:36 gobai-SER systemd-resolved[237121]: enp1s0: Bus client set search domain list to: home
10月 09 20:14:36 gobai-SER systemd-resolved[237121]: enp1s0: Bus client set DNS server list to: 192.168.1.1, 223.5.5.5
10月 09 20:14:36 gobai-SER dhclient[73666]: bound to 192.168.1.22 -- renewal in 34351 seconds.
10月 09 20:14:36 gobai-SER dhclient[107299]: DHCPDISCOVER on enp1s0 to 255.255.255.255 port 67 interval 3 (xid=0x27725347)
10月 09 20:14:36 gobai-SER dhclient[107299]: DHCPOFFER of 192.168.1.22 from 192.168.1.1
10月 09 20:14:36 gobai-SER dhclient[107299]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x47537227)
10月 09 20:14:36 gobai-SER dhclient[107299]: DHCPACK of 192.168.1.22 from 192.168.1.1 (xid=0x27725347)
10月 09 20:14:36 gobai-SER dhclient[107299]: bound to 192.168.1.22 -- renewal in 40122 seconds.
10月 09 20:14:36 gobai-SER avahi-daemon[588]: Withdrawing address record for 192.168.1.22 on enp1s0.
10月 09 20:14:36 gobai-SER avahi-daemon[588]: Leaving mDNS multicast group on interface enp1s0.IPv4 with address 192.168.1.22.
10月 09 20:14:36 gobai-SER avahi-daemon[588]: Interface enp1s0.IPv4 no longer relevant for mDNS.
10月 09 20:14:36 gobai-SER avahi-autoipd(enp1s0)[308110]: Found user 'avahi-autoipd' (UID 110) and group 'avahi-autoipd' (GID 119).
10月 09 20:14:36 gobai-SER avahi-autoipd(enp1s0)[308110]: Successfully called chroot().
10月 09 20:14:36 gobai-SER avahi-autoipd(enp1s0)[308110]: Successfully dropped root privileges.
10月 09 20:14:36 gobai-SER avahi-autoipd(enp1s0)[308110]: Starting with address 169.254.4.220
10月 09 20:14:42 gobai-SER avahi-autoipd(enp1s0)[308110]: Callout BIND, address 169.254.4.220 on interface enp1s0
10月 09 20:14:42 gobai-SER avahi-daemon[588]: Joining mDNS multicast group on interface enp1s0.IPv4 with address 169.254.4.220.
10月 09 20:14:42 gobai-SER avahi-daemon[588]: New relevant interface enp1s0.IPv4 for mDNS.
10月 09 20:14:42 gobai-SER avahi-daemon[588]: Registering new address record for 169.254.4.220 on enp1s0.IPv4.
10月 09 20:14:46 gobai-SER avahi-autoipd(enp1s0)[308110]: Successfully claimed IP address 169.254.4.220
10月 09 20:14:46 gobai-SER avahi-autoipd(enp1s0)[308110]: Got SIGTERM, quitting.
10月 09 20:14:46 gobai-SER avahi-autoipd(enp1s0)[308110]: Callout STOP, address 169.254.4.220 on interface enp1s0
10月 09 20:14:46 gobai-SER avahi-daemon[588]: Withdrawing address record for 169.254.4.220 on enp1s0.
10月 09 20:14:46 gobai-SER avahi-daemon[588]: Leaving mDNS multicast group on interface enp1s0.IPv4 with address 169.254.4.220.
10月 09 20:14:46 gobai-SER avahi-daemon[588]: Interface enp1s0.IPv4 no longer relevant for mDNS.
10月 09 20:14:46 gobai-SER dhclient[237127]: DHCPDISCOVER on enp1s0 to 255.255.255.255 port 67 interval 3 (xid=0x389e944d)
10月 09 20:14:46 gobai-SER dhclient[237127]: DHCPOFFER of 192.168.1.22 from 192.168.1.1
10月 09 20:14:46 gobai-SER dhclient[237127]: DHCPREQUEST for 192.168.1.22 on enp1s0 to 255.255.255.255 port 67 (xid=0x4d949e38)
10月 09 20:14:46 gobai-SER dhclient[237127]: DHCPACK of 192.168.1.22 from 192.168.1.1 (xid=0x389e944d)
10月 09 20:14:46 gobai-SER avahi-daemon[588]: Joining mDNS multicast group on interface enp1s0.IPv4 with address 192.168.1.22.
10月 09 20:14:46 gobai-SER avahi-daemon[588]: New relevant interface enp1s0.IPv4 for mDNS.
10月 09 20:14:46 gobai-SER avahi-daemon[588]: Registering new address record for 192.168.1.22 on enp1s0.IPv4.
10月 09 20:14:47 gobai-SER systemd-resolved[237121]: enp1s0: Bus client set search domain list to: home
10月 09 20:14:47 gobai-SER systemd-resolved[237121]: enp1s0: Bus client set DNS server list to: 192.168.1.1, 223.5.5.5
10月 09 20:14:47 gobai-SER dhclient[237127]: bound to 192.168.1.22 -- renewal in 40782 seconds.

➜  ~ ps -aux | grep dhclient
root       73666  0.0  0.0 101232  6228 ?        Ssl  9月28   0:15 dhclient
root      107299  0.0  0.0 101232  6228 ?        Ssl  10月04   0:09 dhclient
root      157839  0.0  0.0 101232  6112 ?        Ssl  10月06   0:06 dhclient
root      170251  0.0  0.0 101232  6184 ?        Ssl  10月06   0:08 dhclient
root      237127  0.0  0.0 101232  6012 ?        Ssl  10月07   0:06 dhclient
gobai     322905  0.0  0.0  12308  2816 pts/5    S+   21:49   0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn --exclude-dir=.idea --exclude-dir=.tox dhclient

对比上面五个进程(DHCP Client)和日志发现，五个进程都干了同样的事：

...

在 Ubuntu 22.04 使用 netplan 创建桥接网络

2023-10-04

本地LAN环境

LAN网关 192.168.1.1
子网掩码 255.255.255.0
DHCP范围 192.168.1.2-192.168.32

创建一个`bridged network` #

创建一个网桥br0给虚机使用，使得虚机和其他设备都在一个LAN下

总配置(netplan get)如下:

network:
  version: 2
  renderer: NetworkManager
  ethernets:
    enp1s0:
      dhcp4: false
      dhcp6: false
  bridges:
    br0:
      addresses:
      - "192.168.1.100/24"
      nameservers:
        addresses:
        - 192.168.1.1
      dhcp4: false
      dhcp6: false
      interfaces:
      - enp1s0
      parameters:
        stp: false
      routes:
      - to: "default"
        via: "192.168.1.1"

由三个文件组成:

/etc/netplan/01-network-manager-all.yaml

# Let NetworkManager manage all devices on this system
network:
  version: 2
  renderer: NetworkManager

/etc/netplan/10-ethernet-enp1s0.yaml

network:
  ethernets:
    enp1s0:
      dhcp4: false
      dhcp6: false

/etc/netplan/99-bridged-network-br0.yaml

network:
  bridges:
    br0:
      dhcp4: false
      dhcp6: false
      addresses:
        - 192.168.1.100/24
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: 
          - 192.168.1.1
          - 223.5.5.5
      interfaces:
        - enp1s0
      parameters:
        stp: false

应用网络配置 #

容易失联，如果是ssh远程操作请谨慎操作

...

准备 qcow2 镜像 #

配置宿主机桥接网络 #

启动 OpenWrt 虚拟机 #

iptables 介绍 #

五链 #

PREROUTING 链 #

INPUT 链 #

FORWARD 链 #

OUTPUT 链 #

POSTROUTING 链 #

四表 #

准备一个ubuntu虚拟机router #

配置网络 #

将无线网卡透传进虚拟机 #

准备qcow2镜像 #

运行虚机 #

配置网络 #

创建一个bridged network #

应用网络配置 #

准备一个ubuntu虚拟机`router` #

准备`qcow2`镜像 #

创建一个`bridged network` #