두 개의 로컬 네트워크를 연결하는 방법은 무엇입니까?

tag-icon tag-icon linux ubuntu routing openwrt
두 개의 로컬 네트워크를 연결하는 방법은 무엇입니까?

192.168.1.0/24홈 로컬 네트워크 (LAN)과 OpenWRT 라우터가 있습니다 192.168.1.1. 내 홈 서버에는 192.168.1.5다중 채널(qemu 백엔드 포함)과 가상 머신 10.57.240.0/24(추가 - VM-LAN) 네트워크(mpqemubr0 인터페이스)가 있습니다. 또한 주소가 192.168.1.137인 노트북이 있습니다. 내 노트북에서 VM-LAN 네트워크에 액세스하고 싶습니다. 다음 설정으로 OpenWRT 라우터에 고정 경로를 추가했습니다.

IP - 10.57.240.0
Netmask - 255.255.255.0
Gateway - 192.168.1.5

노트북에서 10.57.240.47에 ping을 하면 오류가 발생합니다.

From 192.168.1.5 icmp_seq=1 Destination Port Unreachable

192.168.1.5에 대한 ipv4_forward가 활성화되었습니다.

홈 서버 정보:

h3xcode@h3x-homeserver:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 6c:3b:e5:17:9b:70 brd ff:ff:ff:ff:ff:ff
    altname enp0s25
    inet 192.168.1.5/24 metric 100 brd 192.168.1.255 scope global dynamic eno1
       valid_lft 42394sec preferred_lft 42394sec
    inet6 fdaa:c0de:c0de::5/128 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fdaa:c0de:c0de:0:6e3b:e5ff:fe17:9b70/64 scope global mngtmpaddr noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::6e3b:e5ff:fe17:9b70/64 scope link 
       valid_lft forever preferred_lft forever
5: mpqemubr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:d9:01:22 brd ff:ff:ff:ff:ff:ff
    inet 10.57.240.1/24 brd 10.57.240.255 scope global mpqemubr0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fed9:122/64 scope link 
       valid_lft forever preferred_lft forever

h3xcode@h3x-homeserver:~$ ip route
default via 192.168.1.1 dev eno1 proto dhcp src 192.168.1.5 metric 100 
10.7.0.0/24 dev wg0 proto kernel scope link src 10.7.0.1 
10.57.240.0/24 dev mpqemubr0 proto kernel scope link src 10.57.240.1 
192.168.1.0/24 dev eno1 proto kernel scope link src 192.168.1.5 metric 100 
192.168.1.1 dev eno1 proto dhcp scope link src 192.168.1.5 metric 100 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown 

h3xcode@h3x-homeserver:~$ sudo iptables-save
# Generated by iptables-save v1.8.7 on Wed Aug  3 01:27:53 2022
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -o mpqemubr0 -p udp -m udp --dport 68 -m comment --comment "generated for Multipass network mpqemubr0" -j CHECKSUM --checksum-fill
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed Aug  3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug  3 01:27:53 2022
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Wed Aug  3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug  3 01:27:53 2022
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:LIBVIRT_FWI - [0:0]
:LIBVIRT_FWO - [0:0]
:LIBVIRT_FWX - [0:0]
:LIBVIRT_INP - [0:0]
:LIBVIRT_OUT - [0:0]
-A INPUT -i mpqemubr0 -p tcp -m tcp --dport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -i mpqemubr0 -p udp -m udp --dport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -i mpqemubr0 -p udp -m udp --dport 67 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A INPUT -j LIBVIRT_INP
-A INPUT -p udp -m udp --dport 51820 -j ACCEPT
-A FORWARD -i mpqemubr0 -o mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -s 10.57.240.0/24 -i mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -d 10.57.240.0/24 -o mpqemubr0 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A FORWARD -j LIBVIRT_FWX
-A FORWARD -j LIBVIRT_FWI
-A FORWARD -j LIBVIRT_FWO
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.7.0.0/24 -j ACCEPT
-A FORWARD -i mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -o mpqemubr0 -m comment --comment "generated for Multipass network mpqemubr0" -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o mpqemubr0 -p tcp -m tcp --sport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -o mpqemubr0 -p udp -m udp --sport 53 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -o mpqemubr0 -p udp -m udp --sport 67 -m comment --comment "generated for Multipass network mpqemubr0" -j ACCEPT
-A OUTPUT -j LIBVIRT_OUT
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT
COMMIT
# Completed on Wed Aug  3 01:27:53 2022
# Generated by iptables-save v1.8.7 on Wed Aug  3 01:27:53 2022
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:LIBVIRT_PRT - [0:0]
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -p udp -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 10.57.240.0/24 ! -d 10.57.240.0/24 -p tcp -m comment --comment "generated for Multipass network mpqemubr0" -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 10.57.240.0/24 -d 255.255.255.255/32 -m comment --comment "generated for Multipass network mpqemubr0" -j RETURN
-A POSTROUTING -s 10.57.240.0/24 -d 224.0.0.0/24 -m comment --comment "generated for Multipass network mpqemubr0" -j RETURN
-A POSTROUTING -j LIBVIRT_PRT
-A POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to-source 192.168.1.5
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Aug  3 01:27:53 2022

업데이트: 10.57.240.47에서 노트북에 연결하면 10.57.240.47이 아닌 192.168.1.5에서 연결이 표시됩니다.

10.57.240.47에:

ubuntu@primary:~$ nc -v 192.168.1.137 5000
Connection to 192.168.1.137 5000 port [tcp/*] succeeded!
test

노트북의 경우:

$ nc -vl 5000
Listening on [0.0.0.0] (family 2, port 5000)
Connection from h3x-homeserver 51354 received!
test

관련 정보