Welcome to Yumao′s Blog.
OpenWRT雙WAN網分網段NAT
, 2019年08月13日 , Linux , 评论 0 ,

環境:
設備WRT1200AC
使用WAN口連接PPPoE走電信出口
然後使用VLAN劃出LAN1口做WAN2口連接PPPoE走移動出口
LAN網段爲172.20.20.192/26 GW254
爲了能正常的使用miniupnp進行端口映射
所以采用打標+策略路由方式進行策略路由

規劃內容如下
1.默認走電信出口 DHCP下發網段172.20.20.220-172.20.20.250
2.手動DHCP分配172.20.20.195-172.20.20.219 走移動出口
3.劫持移動出口UDP解析轉發至移動服務器

操作如下
1.添加兩個PPPoE接口 去掉WAN2的默認路由以及默認DNS開關

>vi /etc/config/network
config interface 'wan'
        option ifname 'eth1.2'
        option proto 'pppoe'
        option username 'ct_user'
        option password 'ct_pass'
        option ipv6 'auto'
        option keepalive '0'
config interface 'wan2'
        option proto 'pppoe'
        option ifname 'eth0.3'
        option username 'cm_user'
        option password 'cm_pass'
        option defaultroute '0'
        option keepalive '0'
        option peerdns '0'
        option delegate '0'
        option ipv6 '0'

設置DNS的下發範圍

>vi /etc/config/dhcp
config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option force '1'
        option ra 'server'
        option dhcpv6 'server'
        option ra_management '1'
        option start '220'
        option limit '30'

重啓network服務之後 默認電信出口即可使用

2.使用opkg安裝ipset套件
然後建立腳本如下

>vi /root/cmcc.sh
#!/bin/sh
#預留網段
ipset -! -R <<-EOF || return 1
	create LOCAL_RULES hash:net hashsize 64 maxelem 25
	add LOCAL_RULES 0.0.0.0/8
	add LOCAL_RULES 10.0.0.0/8
	add LOCAL_RULES 100.64.0.0/10
	add LOCAL_RULES 127.0.0.0/8
	add LOCAL_RULES 169.254.0.0/16
	add LOCAL_RULES 172.16.0.0/12
	add LOCAL_RULES 192.0.0.0/24
	add LOCAL_RULES 192.0.2.0/24
	add LOCAL_RULES 192.31.196.0/24
	add LOCAL_RULES 192.52.193.0/24
	add LOCAL_RULES 192.88.99.0/24
	add LOCAL_RULES 192.168.0.0/16
	add LOCAL_RULES 192.175.48.0/24
	add LOCAL_RULES 198.18.0.0/15
	add LOCAL_RULES 198.51.100.0/24
	add LOCAL_RULES 203.0.113.0/24
	add LOCAL_RULES 224.0.0.0/4
	add LOCAL_RULES 240.0.0.0/4
	add LOCAL_RULES 255.255.255.255
EOF
#CMCC出口本地網段
ipset -! -R <<-EOF || return 1
	create CMCC_RULES hash:net hashsize 64 maxelem 30
	add CMCC_RULES 172.20.20.195
	add CMCC_RULES 172.20.20.196
	add CMCC_RULES 172.20.20.197
	add CMCC_RULES 172.20.20.198
	add CMCC_RULES 172.20.20.199
	add CMCC_RULES 172.20.20.200
	add CMCC_RULES 172.20.20.201
	add CMCC_RULES 172.20.20.202
	add CMCC_RULES 172.20.20.203
	add CMCC_RULES 172.20.20.204
	add CMCC_RULES 172.20.20.205
	add CMCC_RULES 172.20.20.206
	add CMCC_RULES 172.20.20.207
	add CMCC_RULES 172.20.20.208
	add CMCC_RULES 172.20.20.209
	add CMCC_RULES 172.20.20.210
	add CMCC_RULES 172.20.20.211
	add CMCC_RULES 172.20.20.212
	add CMCC_RULES 172.20.20.213
	add CMCC_RULES 172.20.20.214
	add CMCC_RULES 172.20.20.215
	add CMCC_RULES 172.20.20.216
	add CMCC_RULES 172.20.20.217
	add CMCC_RULES 172.20.20.218
	add CMCC_RULES 172.20.20.219
EOF
#DNS劫持
iptables -t nat -N CMCC
iptables -t nat -A CMCC -p udp --dport 53 -j DNAT --to-destination 211.140.13.188
iptables -t nat -I PREROUTING -m set --match-set CMCC_RULES src -j CMCC
#數據包打標
iptables -t mangle -N CMCC
iptables -t mangle -A CMCC -m set --match-set LOCAL_RULES dst -j RETURN
iptables -t mangle -A CMCC -j MARK --set-mark 210
iptables -t mangle -I PREROUTING -m set --match-set CMCC_RULES src -j CMCC
exit 0

給予腳本可以執行權限

>chmod +x /root/cmcc.sh

然後添加到開機自動啓動項

>vi /etc/rc.local
#!/bin/sh -e
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
/root/cmcc.sh
exit 0

3.給移動的DNS添加靜態路由

>vi /etc/config/network 
config route
        option interface 'wan2'
        option target '211.140.13.188'
        option netmask '255.255.255.255'

4.給PPPoE接口添加自動策略路由

>vi /etc/ppp/ip-up.d/cmcc
#!/bin/sh
ip route flush table 210
ip route add default dev pppoe-wan2 table 210
ip rule add fwmark 210 table 210
exit 0

添加可執行權限完成

>chmod +x /etc/ppp/ip-up.d/cmcc

5.手動設置設備IP爲 172.20.20.210/172.20.20.220
測試出口IP分別爲 移動/電信
DNS解析正常 結束

关键字:, , , ,

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *