두 번째 인터페이스를 통해 웹 서버에 액세스

tag-icon tag-icon iptables network-interface routing webserver nat
두 번째 인터페이스를 통해 웹 서버에 액세스

다음 두 인터페이스(고정 IP 사용)를 통해 Raspberry Pi의 웹 서비스(포트 8080)에 액세스하려고 합니다.

  • 이더넷(eth0, 172.22.0.99, Netgear 라우터에 연결됨).
  • Wi-Fi(wlan0, 172.24.1.1, 액세스 포인트 제공).

현재 웹 서비스는 eth0에 연결하고 IP 주소 172.22.0.x를 얻어야 접근할 수 있습니다.

wlan0의 Wi-Fi 액세스 포인트에 연결하면 IP 주소 172.24.1.x를 올바르게 가져오므로 SSH는 작동하지만 웹 서비스에 액세스할 수 없습니다(둘 다).http://172.22.0.99:8080그리고http://172.24.1.1:8080).

저는 Windows 10 노트북을 사용하여 위의 내용을 테스트해 왔습니다. 실제 문제는 Pi의 Wi-Fi 액세스 포인트(wlan0)에 연결할 수 있지만 Pi의 웹 서비스에 액세스할 수 없는 Arduino가 여러 개 있다는 것입니다. 따라서 현재 Netgear 라우터(예: Pi의 eth0)를 통해 연결해야 합니다. 그것이 내가 피하려고 하는 것입니다.

또한: Pi도 실행 중입니다.

  • OpenVPN이므로 eth0이 브리지됩니다(br0, tap0).
  • Wi-Fi 스니퍼(wlan1alfa, renameX).
  • 172.22.0.100/102/106/113 Arduino 작업 예

다양한 출력:

Windows 10 노트북이 Pi의 Wi-Fi 액세스 포인트에 연결된 경우:

ipconfig (on laptop 172.24.1.42):

무선 LAN 어댑터 Wi-Fi:

연결별 DNS 접미사. :

링크-로컬 IPv6 주소. . . . . : fe80::7489:b292:4e73:cbfd%2

IPv4 주소. . . . . . . . . . . :172.24.1.42

서브넷 마스크. . . . . . . . . . . : 255.255.255.0

기본 게이트웨이. . . . . . . . . :172.24.1.1

http://172.22.0.99:8080/(노트북의 경우 172.24.1.42)

Unable to connect

Firefox can't establish a connection to the server at 172.22.0.99.

The site could be temporarily unavailable or too busy. Try again in a few moments.

If you are unable to load any pages, check your computer's network connection.

If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

http://172.24.1.1:8080/(노트북의 경우 172.24.1.42)

The connection has timed out

The server at 172.24.1.1 is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.

If you are unable to load any pages, check your computer's network connection.

If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.

PI:

$ifconfig

br0       Link encap:Ethernet  HWaddr 82:85:54:54:e1:8c
          inet addr:172.22.0.99  Bcast:172.22.255.255  Mask:255.255.0.0
          inet6 addr: fe80::ba27:ebff:fe1a:16a3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1150213 errors:0 dropped:0 overruns:0 frame:0
          TX packets:431995 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:200587924 (191.2 MiB)  TX bytes:137714386 (131.3 MiB)

eth0      Link encap:Ethernet  HWaddr b8:27:eb:1a:16:a3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1150375 errors:0 dropped:0 overruns:0 frame:0
          TX packets:449400 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:200603903 (191.3 MiB)  TX bytes:143711369 (137.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:1128130 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1128130 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:129944607 (123.9 MiB)  TX bytes:129944607 (123.9 MiB)

rename7   Link encap:UNSPEC  HWaddr 00-C0-CA-8F-F8-1D-30-30-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2753461 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:328484228 (313.2 MiB)  TX bytes:0 (0.0 B)

tap0      Link encap:Ethernet  HWaddr 82:85:54:54:e1:8c
          inet6 addr: fe80::8085:54ff:fe54:e18c/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:644390 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:135759131 (129.4 MiB)

wlan0     Link encap:Ethernet  HWaddr b8:27:eb:4f:43:f6
          inet addr:172.24.1.1  Bcast:172.24.1.255  Mask:255.255.255.0
          inet6 addr: fe80::f446:4155:5d19:860a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:479547 errors:0 dropped:0 overruns:0 frame:0
          TX packets:488461 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:30867423 (29.4 MiB)  TX bytes:40144827 (38.2 MiB)

$ip 라우팅

default via 172.22.0.1 dev br0  metric 205
default via 172.24.1.1 dev wlan0  metric 303
172.22.0.0/16 dev br0  proto kernel  scope link  src 172.22.0.99  metric 205
172.24.1.0/24 dev wlan0  proto kernel  scope link  src 172.24.1.1  metric 303

$ IP 주소 표시

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether b8:27:eb:1a:16:a3 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether b8:27:eb:4f:43:f6 brd ff:ff:ff:ff:ff:ff
    inet 172.24.1.1/24 brd 172.24.1.255 scope global wlan0
       valid_lft forever preferred_lft forever
    inet6 fe80::f446:4155:5d19:860a/64 scope link
       valid_lft forever preferred_lft forever
4: wlan1alfa: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
    inet 172.22.0.99/16 brd 172.22.255.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::ba27:ebff:fe1a:16a3/64 scope link
       valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 100
    link/ether 82:85:54:54:e1:8c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::8085:54ff:fe54:e18c/64 scope link
       valid_lft forever preferred_lft forever
7: rename7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN group default qlen 1000
    link/ieee802.11/radiotap 00:c0:ca:8f:f8:1d brd ff:ff:ff:ff:ff:ff

IP테이블:

# Add a masquerade for outbound traffic on eth0
iptables -t nat -A  POSTROUTING -o eth0 -j MASQUERADE

..
echo "  # Forward WLAN to Eth, and back (note: incoming initiated on WLAN do not get to LAN)"

sudo iptables -A FORWARD -i wlan0 -o eth0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_WLAN0_to_Eth0 

sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_Eth0_backTo_WLAN0

sudo iptables -A FORWARD -i eth0 -o wlan0 -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_eth0_to_wlan0

sudo iptables -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j FORWARD_LOG_ACCEPT -m comment --comment Accept_FORWARD_wlan0_to_eth0

$ tail /var/log/messages from iptables (수신이든 삭제든 모든 것이 기록됩니다):

노력하다http://172.22.0.99:8080:

•   Feb 18 13:23:25 shep kernel: [1630978.112563] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=128 ID=26841 PROTO=TCP SPT=51634 DPT=22 WINDOW=66 RES=0x00 ACK URGP=0
•   Feb 18 13:23:37 shep kernel: [1630990.317785] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=26843 PROTO=TCP SPT=51634 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
•   Feb 18 13:23:37 shep kernel: [1630990.318185] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=104 TOS=0x10 PREC=0x00 TTL=64 ID=54479 DF PROTO=TCP SPT=22 DPT=51634 WINDOW=424 RES=0x00 ACK PSH URGP=0
•   Feb 18 13:23:49 shep kernel: [1631002.193203] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26851 DF PROTO=TCP SPT=51642 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
•   Feb 18 13:23:49 shep kernel: [1631002.193337] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=51503 DF PROTO=TCP SPT=80 DPT=51642 WINDOW=0 RES=0x00 ACK RST URGP=0
•   Feb 18 13:24:01 shep kernel: [1631014.835337] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
•   Feb 18 13:24:01 shep kernel: [1631014.835409] IPTables-Accepted-I: IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=172.22.0.99 DST=172.22.0.99 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23677 DF PROTO=TCP SPT=60692 DPT=8080 WINDOW=43690 RES=0x00 SYN URGP=0
•   Feb 18 13:24:27 shep kernel: [1631039.962078] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=26874 DF PROTO=TCP SPT=51648 DPT=80 WINDOW=17520 RES=0x00 SYN URGP=0
•   Feb 18 13:24:27 shep kernel: [1631039.962176] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=53485 DF PROTO=TCP SPT=80 DPT=51648 WINDOW=0 RES=0x00 ACK RST URGP=0
•   Feb 18 13:24:37 shep kernel: [1631050.042812] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=55862 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
•   Feb 18 13:24:37 shep kernel: [1631050.065256] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=31426 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1200 RES=0x00 ACK URGP=0
•   Feb 18 13:24:49 shep kernel: [1631062.130744] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=31430 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1672 RES=0x00 ACK PSH URGP=0
•   Feb 18 13:24:49 shep kernel: [1631062.131706] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 LEN=519 TOS=0x00 PREC=0x00 TTL=64 ID=55865 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK PSH URGP=0
•   Feb 18 13:25:01 shep kernel: [1631074.255485] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:ec:fa:bc:14:3f:6e:08:00 SRC=172.22.0.113 (Arduino) DST=172.22.0.99 LEN=165 TOS=0x00 PREC=0x00 TTL=255 ID=31435 PROTO=TCP SPT=50211 DPT=8080 WINDOW=1645 RES=0x00 ACK PSH URGP=0
•   Feb 18 13:25:01 shep kernel: [1631074.301286] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.113 (Arduino) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=55867 DF PROTO=TCP SPT=8080 DPT=50211 WINDOW=29200 RES=0x00 ACK URGP=0

노력하다http://172.24.1.1:8080:

•   Feb 18 15:14:15 shep kernel: [1637627.961592] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:92:d6:08:00 SRC=172.22.0.102 (Arduino 2) DST=172.22.0.99 LEN=40 TOS=0x00 PREC=0x00 TTL=255 ID=72 PROTO=TCP SPT=52001 DPT=8080 WINDOW=1875 RES=0x00 ACK FIN URGP=0
•   Feb 18 15:14:15 shep kernel: [1637627.961831] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.102 (Arduino 2) LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=11122 DF PROTO=TCP SPT=8080 DPT=52001 WINDOW=29200 RES=0x00 ACK FIN URGP=0
•   Feb 18 15:14:25 shep kernel: [1637638.193698] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:5c:cf:7f:3c:59:86:08:00 SRC=172.24.1.106 (Arduino 3) DST=172.22.0.99 LEN=81 TOS=0x00 PREC=0x00 TTL=255 ID=16314 PROTO=TCP SPT=49154 DPT=1883 WINDOW=1884 RES=0x00 ACK PSH URGP=0
•   Feb 18 15:14:25 shep kernel: [1637638.194012] IPTables-Accepted-O: IN= OUT=lo SRC=172.22.0.99 DST=172.22.0.99 LEN=93 TOS=0x00 PREC=0x00 TTL=64 ID=3867 DF PROTO=TCP SPT=1883 DPT=50392 WINDOW=6231 RES=0x00 ACK PSH URGP=0
•   Feb 18 15:14:35 shep kernel: [1637648.508430] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=104 TOS=0x00 PREC=0x00 TTL=128 ID=27282 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=64 RES=0x00 ACK PSH URGP=0
•   Feb 18 15:14:35 shep kernel: [1637648.508521] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 (laptop) LEN=40 TOS=0x10 PREC=0x00 TTL=64 ID=31818 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
•   Feb 18 15:14:48 shep kernel: [1637661.183931] IPTables-Accepted-I: IN=wlan0 OUT= MAC=b8:27:eb:4f:43:f6:60:14:b3:74:61:cf:08:00 SRC=172.24.1.42 (laptop) DST=172.22.0.99 LEN=120 TOS=0x00 PREC=0x00 TTL=128 ID=27329 DF PROTO=TCP SPT=52149 DPT=22 WINDOW=68 RES=0x00 ACK PSH URGP=0
•   Feb 18 15:14:48 shep kernel: [1637661.187210] IPTables-Accepted-O: IN= OUT=wlan0 SRC=172.22.0.99 DST=172.24.1.42 LEN=1500 TOS=0x10 PREC=0x00 TTL=64 ID=31852 DF PROTO=TCP SPT=22 DPT=52149 WINDOW=269 RES=0x00 ACK URGP=0
•   Feb 18 15:14:58 shep kernel: [1637671.438928] IPTables-Accepted-I: IN=br0 OUT= MAC=82:85:54:54:e1:8c:18:fe:34:d2:96:51:08:00 SRC=172.22.0.100 (Arduino 4) DST=172.22.0.99 LEN=150 TOS=0x00 PREC=0x00 TTL=255 ID=1463 PROTO=TCP SPT=52080 DPT=8080 WINDOW=1680 RES=0x00 ACK PSH URGP=0
•   Feb 18 15:14:58 shep kernel: [1637671.440119] IPTables-Accepted-O: IN= OUT=br0 SRC=172.22.0.99 DST=172.22.0.100 (Arduino 4) LEN=520 TOS=0x00 PREC=0x00 TTL=64 ID=60505 DF PROTO=TCP SPT=8080 DPT=52080 WINDOW=29200 RES=0x00 ACK PSH URGP=0

편집 1(그러나 편집 2 참조). 웹 서비스는 "domoticz"입니다.

$ sudo netstat -taupen | grep LISTEN

tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      0          15295       1847/smbd
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN      1000       11927       1437/Xtightvnc
tcp        0      0 0.0.0.0:6001            0.0.0.0:*               LISTEN      1000       11924       1437/Xtightvnc
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      0          14462       1154/dnsmasq
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          14453       1143/sshd
tcp        0      0 0.0.0.0:1880            0.0.0.0:*               LISTEN      1000       15768       716/node-red
tcp        0      0 0.0.0.0:1883            0.0.0.0:*               LISTEN      0          11708       903/mosquitto
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          15294       1847/smbd
tcp6       0      0 :::139                  :::*                    LISTEN      0          15293       1847/smbd
tcp6       0      0 :::8080                 :::*                    LISTEN      1000       4902627     25249/domoticz
tcp6       0      0 :::53                   :::*                    LISTEN      0          14464       1154/dnsmasq
tcp6       0      0 :::22                   :::*                    LISTEN      0          14455       1143/sshd
tcp6       0      0 :::1883                 :::*                    LISTEN      0          11709       903/mosquitto
tcp6       0      0 :::445                  :::*                    LISTEN      0          15292       1847/smbd
tcp6       0      0 :::6144                 :::*                    LISTEN      1000       4902635     25249/domoticz

$ netstat -ntl

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:5901            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:6001            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:1880            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:1883            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp6       0      0 :::139                  :::*                    LISTEN
tcp6       0      0 :::8080                 :::*                    LISTEN
tcp6       0      0 :::53                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 :::1883                 :::*                    LISTEN
tcp6       0      0 :::445                  :::*                    LISTEN
tcp6       0      0 :::6144                 :::*                    LISTEN

편집 2: 구성 변경 후 Domoticz 웹 서버는 이제 0.0.0.0:8080에서 수신 대기하지만 위에 표시된 대로 여전히 실패합니다.

$ sudo netstat -taupen | sudo netstat -taupen grep 도모티즈

tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      1000       21943078    27425/domoticz   <<---
tcp        0      0 172.22.0.99:8080        172.22.0.102:52060      ESTABLISHED 1000       21949101    27425/domoticz
tcp        0      0 172.22.0.99:8080        172.22.0.100:52135      ESTABLISHED 1000       21949100    27425/domoticz
tcp        0      0 172.22.0.99:58528       172.22.0.99:1883        ESTABLISHED 1000       21946463    27425/domoticz
tcp6       0      0 :::6144                 :::*                    LISTEN      1000       21943086    27425/domoticz

답변1

문제가 해결되었습니다! 방금 다음 단일 새로 고침 명령을 실행했습니다.

sudo iptables -F

예를 들어, 구체적으로 모든 iptables 규칙을 플러시하지는 않습니다. NAT.

따라서 PREROUTING 및 POSTROUTING 중복 항목이 많이 있습니다.

$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:192.168.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:172.22.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:172.22.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:172.22.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:172.22.0.99:8080
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:172.22.0.99:8080

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere
MASQUERADE  all  --  anywhere             anywhere

규칙을 만들기 전에 다음을 사용하기 시작하면 제대로 작동했습니다(다른 변경 사항 없음).

sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X

sudo ipset flush
sudo ipset destroy
sudo ipset list

분명히 나도 이 작업을 수행해야 합니다.

sudo iptables -t raw -F 
sudo iptables -t raw -X

나는 현재 다음을 가지고 있습니다:

$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DNAT       tcp  --  anywhere             anywhere             tcp dpt:http-alt to:172.22.0.99:8080

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

이제 Pi의 무선 액세스 포인트 172.24.1.1(wlan0)에 연결하고 IP 주소 172.24.1.x를 얻으면 다음을 통해 Pi의 Domoticz 웹 서버에 액세스할 수 있습니다.http://172.24.1.1:8080, 그것이 내가 원하는 것입니다.

이전 상황에서는 별도의 라우터(172.22.0.1)를 거쳐 IP 주소 172.22.0.x를 얻고 eth0을 통해 Pi에 액세스해야 했습니다.http://172.22.0.99:8080.

관련 정보