物好き者

物好き者が行ったことを載せています。

スポンサーサイト

上記の広告は1ヶ月以上更新のないブログに表示されています。
新しい記事を書く事で広告が消せます。

PageTop

LaFonera+のネットワーク構成:補足2

LaFonera+のネットワーク構成:補足1 で、LaFonera+のネットワークは、VLANでなくエイリアスで設定されていると書きました。

しかし、調べたところVLANで構成されていることがわかりました。
ネットワークインターフェースのエイリアスは、eth0:1のように : で区切られます。
しかし、VLANの場合は、eth0.1のように . で区切られます。
LaFoneraPlusのインターフェースは、eth0.0 と eth0.1 なので、VLANにより構成されてました。

WANとブリッジ(ath0とeth0.0)との制御は、VLAN間をルーティングとiptableで行われています。

root@OpenWrt:/# netstat -rn
Kernel IP routing table
Destination   Gateway     Genmask     Flags  MSS  Window  irtt  Iface
192.168.10.0  0.0.0.0      255.255.255.0  U    0    0      0   br-lan
WANIP      0.0.0.0     255.255.255.0  U    0    0      0   eth0.1
169.254.0.0   0.0.0.0     255.255.0.0    U    0    0      0   br-lan
0.0.0.0      WAN G/W  0.0.0.0       UG   0    0      0   eth0.1


root@OpenWrt:/dev# iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP tcp -- tun0 any anywhere anywhere tcp dpt:80
179 23472 INPUT_CFG all -- br-lan any anywhere anywhere
0 0 NET_ACCESS all -- tun0 any anywhere anywhere
0 0 DROP all -- any any anywhere anywhere state INVALID
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 DROP tcp -- any any anywhere anywhere tcp option=!2 flags:SYN/SYN
0 0 input_rule all -- any any anywhere anywhere
0 0 input_wan all -- eth0.1 any anywhere anywhere
0 0 LAN_ACCEPT all -- any any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere
0 0 ACCEPT gre -- any any anywhere anywhere
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
0 0 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 forwarding_rule all -- any any anywhere anywhere
0 0 forwarding_wan all -- eth0.1 any anywhere anywhere
0 0 ACCEPT all -- br-lan br-lan anywhere anywhere
0 0 ACCEPT all -- br-lan eth0.1 anywhere anywhere

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any any anywhere anywhere state INVALID
86 55340 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
5 1392 output_rule all -- any any anywhere anywhere
5 1392 ACCEPT all -- any any anywhere anywhere
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable

Chain INPUT_CFG (3 references)
pkts bytes target prot opt in out source destination
179 23472 ACCEPT all -- any any anywhere anywhere

Chain LAN_ACCEPT (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- eth0.1 any anywhere anywhere
0 0 ACCEPT all -- any any anywhere anywhere

Chain NET_ACCESS (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:3990
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:53
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:53
0 0 WAN_HOOK all -- any any anywhere anywhere
0 0 DROP all -- any br-lan anywhere anywhere
: Sending discover...

0 0 ACCEPT all -- any eth0.1 anywhere anywhere
0 0 ACCEPT all -- eth0.1 any anywhere anywhere
0 0 ACCEPT all -- any br-lan anywhere anywhere
0 0 ACCEPT all -- br-lan any anywhere anywhere
0 0 DROP all -- any any anywhere anywhere

Chain WAN_HOOK (1 references)
pkts bytes target prot opt in out source destination

Chain forwarding_rule (1 references)
pkts bytes target prot opt in out source destination
0 0 INPUT_CFG all -- br-lan any anywhere anywhere
0 0 INPUT_CFG all -- any br-lan anywhere anywhere
0 0 NET_ACCESS all -- tun0 any anywhere anywhere
0 0 NET_ACCESS all -- any tun0 anywhere anywhere

Chain forwarding_wan (1 references)
pkts bytes target prot opt in out source destination

Chain input_rule (1 references)
pkts bytes target prot opt in out source destination

Chain input_wan (1 references)
pkts bytes target prot opt in out source destination

Chain output_rule (1 references)
pkts bytes target prot opt in out source destination


root@OpenWrt:/dev# iptables -L -v -t nat
Chain PREROUTING (policy ACCEPT 51 packets, 5869 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- any any 192.168.10.0/24 !192.168.10.0/24 tcp dpt:80 redir ports 8080
16 768 NEW tcp -- any any anywhere anywhere state NEW
51 5869 prerouting_rule all -- any any anywhere anywhere
0 0 prerouting_wan all -- eth0.1 any anywhere anywhere
0 0 DROP all -- ath0 any anywhere anywhere

Chain POSTROUTING (policy ACCEPT 3 packets, 704 bytes)
pkts bytes target prot opt in out source destination
3 704 postrouting_rule all -- any any anywhere anywhere
0 0 MASQUERADE all -- any eth0.1 anywhere anywhere

Chain OUTPUT (policy ACCEPT 3 packets, 704 bytes)
pkts bytes target prot opt in out source destination

Chain NEW (1 references)
pkts bytes target prot opt in out source destination
16 768 RETURN all -- any any anywhere anywhere limit: avg 50/sec burst 100
0 0 DROP all -- any any anywhere anywhere

Chain postrouting_rule (1 references)
pkts bytes target prot opt in out source destination

Chain prerouting_rule (1 references)
pkts bytes target prot opt in out source destination

Chain prerouting_wan (1 references)
pkts bytes target prot opt in out source destination


スポンサーサイト

PageTop

コメント


管理者にだけ表示を許可する
 

承認待ちコメント

このコメントは管理者の承認待ちです

| | 2014年07月25日(Fri)05:55 [EDIT]


上記広告は1ヶ月以上更新のないブログに表示されています。新しい記事を書くことで広告を消せます。