192.168.1.0/24
ホームローカルネットワーク(LAN)とOpenWRTルーターがあります192.168.1.1
。私のホームサーバーには、192.168.1.5
マルチチャネル(qemuバックエンドを含む)と仮想マシン10.57.240.0/24
(追加 - VM-LAN)ネットワーク(mpqemubr0インターフェイス)があります。また、アドレスが192.168.1.137のノートブックもあります。私のラップトップからVM-LANネットワークにアクセスしたいです。次の設定でOpenWRTルータに固定パスを追加しました。
IP - 10.57.240.0
Netmask - 255.255.255.0
Gateway - 192.168.1.5
ノートブックで10.57.240.47にpingするとエラーが発生します。
From 192.168.1.5 icmp_seq=1 Destination Port Unreachable
192.168.1.5のipv4_forwardが有効になっています。
ホームサーバー情報:
h3xcode@h3x-homeserver:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 6c:3b:e5:17:9b:70 brd ff:ff:ff:ff:ff:ff
altname enp0s25
inet 192.168.1.5/24 metric 100 brd 192.168.1.255 scope global dynamic eno1
valid_lft 42394sec preferred_lft 42394sec
inet6 fdaa:c0de:c0de::5/128 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fdaa:c0de:c0de:0:6e3b:e5ff:fe17:9b70/64 scope global mngtmpaddr noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::6e3b:e5ff:fe17:9b70/64 scope link
valid_lft forever preferred_lft forever
5: mpqemubr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:d9:01:22 brd ff:ff:ff:ff:ff:ff
inet 10.57.240.1/24 brd 10.57.240.255 scope global mpqemubr0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fed9:122/64 scope link
valid_lft forever preferred_lft forever
h3xcode@h3x-homeserver:~$ ip route
default via 192.168.1.1 dev eno1 proto dhcp src 192.168.1.5 metric 100
10.7.0.0/24 dev wg0 proto kernel scope link src 10.7.0.1
10.57.240.0/24 dev mpqemubr0 proto kernel scope link src 10.57.240.1
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.5 metric 100
192.168.1.1 dev eno1 proto dhcp scope link src 192.168.1.5 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
h3xcode@h3x-homeserver:~$ sudo iptables-save
# Generated by iptables-save v1.8.7 on Wed Aug 3 01:27:53 2022
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -o mpqemubr0 -p udp -m udp --dport 68 -m comment --comment "generated for Multipass network mpqemubr0" -j CHECKSUM --checksum-fill
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed Aug 3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug 3 01:27:53 2022
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Aug 3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug 3 01:27:53 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LIBVIRT_FWI - [0:0]
:LIBVIRT_FWO - [0:0]
:LIBVIRT_FWX - [0:0]
:LIBVIRT_INP - [0:0]
:LIBVIRT_OUT - [0:0]
-A INPUT -i mpqemubr0 -p tcp -m tcp --dport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -i mpqemubr0 -p udp -m udp --dport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -i mpqemubr0 -p udp -m udp --dport 67 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -j LIBVIRT_INP
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A FORWARD -i mpqemubr0 -o mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -s 10.57.240.0/24 -i mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -d 10.57.240.0/24 -o mpqemubr0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -j LIBVIRT_FWX
-A FORWARD -j LIBVIRT_FWI
-A FORWARD -j LIBVIRT_FWO
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.7.0.0/24 -j ACCEPT
-A FORWARD -i mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o mpqemubr0 -p tcp -m tcp --sport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -o mpqemubr0 -p udp -m udp --sport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -o mpqemubr0 -p udp -m udp --sport 67 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -j LIBVIRT_OUT
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT
COMMIT
# Completed on Wed Aug 3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug 3 01:27:53 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -p udp -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -p tcp -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 10.57.240.0/24 -d 255.255.255.255/32 -m comment --comment "generated for Multipass network mpqemubr0" -j RETURN
-A POSTROUTING -s 10.57.240.0/24 -d 224.0.0.0/24 -m comment --comment "generated for Multipass network mpqemubr0" -j RETURN
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to-source 192.168.1.5
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Aug 3 01:27:53 2022
更新:10.57.240.47でノートブックに接続すると、10.57.240.47ではなく192.168.1.5で接続が表示されます。
10.57.240.47へ:
ubuntu@primary:~$ nc -v 192.168.1.137 5000
Connection to 192.168.1.137 5000 port [tcp/*] succeeded!
test
ノートブックの場合:
$ nc -vl 5000
Listening on [0.0.0.0] (family 2, port 5000)
Connection from h3x-homeserver 51354 received!
test