旁路的N1要加入以下防火墙转发规则
主路由是ROS,旁路由是Armbian (N1)或者安装好Zerotier的Linux
ROS暂时不改任何设定,旁路由加入以下规则:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ztxxxxxxk -m state –state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ztxxxxxk -o eth0 -j ACCEPT
其中eth0是物理网卡的名称,ztxxxxxxk是ZT生成的虚拟网卡,请按自己的实际情况修改。
方案二:
N1的Armbian开启内核转发
#echo “net.ipv4.ip_forward = 1” >> /etc/sysctl.conf
#sysctl -p
防火墙设置:
iptables -I FORWARD -i ztxxxxxk -j ACCEPT
iptables -I FORWARD -o ztxxxxxxk -j ACCEPT
iptables -t nat -I POSTROUTING -o ztxxxxxk -j MASQUERADE
H2-OP主路由表参考:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 172.45.0.1 0.0.0.0 UG 0 0 0 pppoe-wan 113.xxx.xxx.248 172.45.0.1 255.255.255.255 UGH 0 0 0 pppoe-wan 113.xxx.xxx.248 * 255.255.255.255 UH 0 0 0 l2tp-L2TP_AM 172.45.0.1 * 255.255.255.255 UH 0 0 0 pppoe-wan 192.168.0.0 * 255.255.255.0 U 0 0 0 l2tp-L2TP_AM 192.168.2.0 * 255.255.255.0 U 0 0 0 l2tp-L2TP_AM 192.168.3.0 * 255.255.255.0 U 0 0 0 l2tp-L2TP_AM 192.168.5.0 * 255.255.255.0 U 0 0 0 l2tp-L2TP_AM 192.168.10.0 192.168.192.91 255.255.255.0 UG 5000 0 0 ztxxxxxxc 192.168.12.0 * 255.255.255.0 U 0 0 0 br-lan 192.168.13.0 192.168.192.13 255.255.255.0 UG 5000 0 0 ztxxxxxc 192.168.20.0 192.168.192.20 255.255.255.0 UG 5000 0 0 ztxxxxxc 192.168.192.0 * 255.255.255.0 U 0 0 0 ztxxxxxc