Temat: Problem z n2n i widocznością podsieci
Witam
Na komputerze z windowsem mam zainstalowanego klienta n2n v1.0 o interfejsie i adresie 10.1.2.1
Na routerze z openwrt mam zainstalowanego klienta n2n v2 o interfejsie i adresie 10.1.2.8
Zarówno z routera jak i z mojego komputera można bez problemu wzajemnie siebie zpingować.
Na routerze w pliku startowym mam dopisane
root@OpenWrt:/# cat /etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
sysctl -w net.ipv4.ip_forward=1
iptables -t nat -I POSTROUTING -s 10.1.2.1 -o edge0 -j MASQUERADE
exit 0
root@OpenWrt:/#A na komputerze z windowsem z kolei wpisuję
route add 192.168.100.0 mask 255.255.255.0 10.1.2.8
W routerze mam odpowiednią (tak mi się wydaje) konfigurację
cat /etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
option network 'lan'
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option network 'wan'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config zone
option name 'n2n'
option network 'n2n'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
config 'forwarding'
option 'src' 'lan'
option 'dest' 'n2n'
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fe80::/10
option src_port 547
option dest_ip fe80::/10
option dest_port 546
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
root@OpenWrt:/#root@OpenWrt:/# cat /etc/config/network
# Copyright (C) 2006 OpenWrt.org
config interface loopback
option ifname lo
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
config interface lan
option type bridge
option ifname "eth0 eth1"
option proto static
option ipaddr 192.168.100.203
option netmask 255.255.255.0
option gateway 192.168.100.1
option dns 8.8.8.8 208.67.220.220
option nat 1
#config alias
# option interface lan
# option proto static
# option ipaddr 192.168.10.254
# option netmask 255.255.255.0
# option gateway 192.168.1.100
# option dns 8.8.8.8 208.67.220.220
# option nat 1
config interface 'n2n'
option ifname 'edge0'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '10.1.2.8'
## Example for ATM bridging.
## Useful for PPPoE or IP over ATM. Will create 'nas${unit}'
#
# config atm-bridge
# option unit 0
# option encaps llc
# option vpi 8
# option vci 35
# option payload bridged # some ISPs need this set to 'routed'
# config interface wan
## PPPoE:
# option ifname nas0
# option proto pppoe
## PPPoA:
# option ifname atm0
# option proto pppoa
# option encaps llc
# option vpi 8
# option vci 35
## Both:
# option username "my_username"
# option password "my_password"
root@OpenWrt:/#Niestety nie mogę zpingować przykładowo urządzenia za interfejsem 10.1.2.8 o adresie 192.168.100.240
Zawsze mi takie rozwiązanie działało, co może być przyczyną ?