我有一个带有Raspbian Buster(10)的raspberry pi 3 b +,我正在尝试构建一个路由器。我已经设置了正在运行的程序:
[一切正常,除了https://www.blizzard.com/和https://elinux.org/RPi_VerifiedPeripherals之类的某些站点在LAN计算机上不起作用,它在树莓派端确实起作用。挖掘输出:
dig https://elinux.org/RPi_VerifiedPeripherals
; <<>> DiG 9.11.5-P4-5.1-Raspbian <<>> https://elinux.org/RPi_VerifiedPeripherals
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37276
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 0d6425f2b8e87c5dc87196165dac4eca3c572ad51447b5b3 (good)
;; QUESTION SECTION:
;https://elinux.org/RPi_VerifiedPeripherals. IN A
;; AUTHORITY SECTION:
. 10800 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2019102000 1800 900 604800 86400
;; Query time: 6 msec
;; SERVER: 193.231.252.1#53(193.231.252.1)
;; WHEN: Sun Oct 20 13:10:50 BST 2019
;; MSG SIZE rcvd: 174
任何想法?
非常感谢您,祝您周末愉快!
PS:这是我的防火墙脚本
#!/bin/bash
echo "Setting sysctl ..."
/sbin/sysctl net.ipv4.ip_forward=1
/sbin/sysctl net.ipv6.conf.default.forwarding=1
/sbin/sysctl net.ipv6.conf.all.forwarding=1
/sbin/sysctl -p
echo "Cleanig ..."
#Flash IPTABLES
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
echo "Creating ..."
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i ppp0 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.248 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.0 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.6 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.21 -j ACCEPT
iptables -A INPUT -s 8x.1x.x.36 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A FORWARD -p icmp --icmp-type echo-reply -j ACCEPT
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A INPUT -m iprange --src-range 192.168.0.0-192.168.0.255 -j ACCEPT
iptables -A INPUT -m iprange --src-range 192.168.1.0-192.168.1.255 -j ACCEPT
iptables -A FORWARD -j ACCEPT
iptables -A OUTPUT -j ACCEPT
#iptables -A nat -j ACCEPT
iptables -A INPUT -j LOG --log-prefix "INPUT:DROP:" --log-level 4
iptables -A OUTPUT -j LOG --log-prefix "OUTPUT:DROP:" --log-level 4
iptables -A FORWARD -j LOG --log-prefix "FORWARD:DROP:" --log-level 4
iptables -A nat -j LOG --log-prefix "nat:DROP:" --log-level 4
iptables -A INPUT -j DROP
echo "Droping ...:"
#iptables -I INPUT -s 95.90.x.x -j DRO
echo "Sysctl rules:"
/sbin/sysctl -p
echo "Iptables rules:"
iptables -v -L -n
dig elinux.org
尝试从PC和Pi运行它并提供输出另外,请从PC和Pi尝试以下命令:
ping elinux.org
traceroute elinux.org
它应该有助于确定问题的根源