使用的机器有四个LAN口,LAN1-4,1个WAN口
默认的配置情况是,LAN1-LAN4为vlan-id1,wan口为vlan-id2,在LAN口下能通过dhcp分配ip地址,电脑接入lan口后能访问外网。
我本次实验的目的是
1,创建一个新的桥br-test。(默认桥接口是br-lan)
2,创建一个新的子端口eth0.3并与LAN1关联,即LAN1接收到的数据会进入eth0.3子端口。
3,电脑线接入LAN1口能自动分配IP地址,网段是192.85.1.100开始
4,接入LAN1口的电脑能上网
一般的操作是通过页面来完成,至于后台写了哪些配置文件不是很了解,本次实验不借助web操作,通过console来完成对应操作。
首先看下默认配置
root@BDCOM:/etc/config# cat network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd1f:7a45:08ed::/48'
config interface 'lan'
option ifname 'eth0.1'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option macaddr 'fc:fa:f7:01:02:01'
option enable '1'
option model 'auto'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option vendorid '3830d84fd8bc77bf'
option macaddr 'fc:fa:f7:01:02:00'
option enable '1'
option model 'auto'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config arp_globals 'arp_globals'
option interval '1'
option threshold '500'
config ap_arp 'ap_arp'
option enable '0'
option threshold '50'
root@BDCOM:/etc/config#root@BDCOM:/etc/config# ifconfig
br-lan Link encap:Ethernet HWaddr FC:FA:F7:01:02:01
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::fefa:f7ff:fe01:201/64 Scope:Link
inet6 addr: fd1f:7a45:8ed::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9267 errors:0 dropped:0 overruns:0 frame:0
TX packets:12423 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:479628 (468.3 KiB) TX bytes:18118631 (17.2 MiB)
eth0 Link encap:Ethernet HWaddr FC:FA:F7:01:02:00
inet6 addr: fe80::fefa:f7ff:fe01:200/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14712 errors:0 dropped:22 overruns:0 frame:0
TX packets:9575 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18639573 (17.7 MiB) TX bytes:673852 (658.0 KiB)
Interrupt:5
eth0.1 Link encap:Ethernet HWaddr FC:FA:F7:01:02:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:253 errors:0 dropped:0 overruns:0 frame:0
TX packets:174 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:48132 (47.0 KiB) TX bytes:54977 (53.6 KiB)
eth0.2 Link encap:Ethernet HWaddr FC:FA:F7:01:02:00
inet addr:172.16.20.37 Bcast:172.16.20.255 Mask:255.255.255.0
inet6 addr: fe80::fefa:f7ff:fe01:200/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14228 errors:0 dropped:0 overruns:0 frame:0
TX packets:9376 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:18294088 (17.4 MiB) TX bytes:614932 (600.5 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:427 errors:0 dropped:0 overruns:0 frame:0
TX packets:427 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:29308 (28.6 KiB) TX bytes:29308 (28.6 KiB)
wlan0 Link encap:Ethernet HWaddr FC:FA:F7:01:02:00
inet6 addr: fe80::fefa:f7ff:fe01:200/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9079 errors:0 dropped:0 overruns:0 frame:0
TX packets:12368 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:563664 (550.4 KiB) TX bytes:18325351 (17.4 MiB)新增一个桥接口
在network配置文件中增加如下内容后执行/etc/init.d/network restart
config interface 'test'
option ifname 'eth0.3'
option force_link '1'
option type 'bridge'
option proto 'static'
option ipaddr '192.85.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option macaddr 'fc:fa:f7:01:02:01'
option enable '1'
option model 'auto'ifconfig命令查看得到如下新增信息
br-test Link encap:Ethernet HWaddr FC:FA:F7:01:02:01
inet addr:192.85.1.1 Bcast:192.85.1.255 Mask:255.255.255.0
inet6 addr: fe80::fefa:f7ff:fe01:201/64 Scope:Link
inet6 addr: fd1f:7a45:8ed:10::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:636 (636.0 B)
eth0.3 Link encap:Ethernet HWaddr FC:FA:F7:01:02:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:814 (814.0 B)可以看到在交换机配置项中,划分了 vlan1和vlan2,vlan1的端口有0,1,2,3即LAN1-4,VLAN2为wan口,交换机名称是switch0
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'通过命令swconfig dev switch0 show可以看到底层驱动关于交换机的信息
root@BDCOM:/etc/config# swconfig dev switch0 show
Global attributes:
enable_vlan: 1
Port 0:
pvid: 1
link: port:0 link:up speed:100baseT full-duplex
Port 1:
pvid: 1
link: port:1 link:down
Port 2:
pvid: 1
link: port:2 link:down
Port 3:
pvid: 1
link: port:3 link:down
Port 4:
pvid: 2
link: port:4 link:up speed:100baseT full-duplex
Port 5:
pvid: 0
link: port:5 link:down
Port 6:
pvid: 0
link: port:6 link:up speed:1000baseT full-duplex
Port 7:
pvid: 0
link: port:7 link:down
VLAN 1:
vid: 1
ports: 0 1 2 3 6t
VLAN 2:
vid: 2
ports: 4 6t 我需要把LAN1与eth0.3即vlan-id3关联起来,需要修改network的配置
修改结果如下:
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0 6t'增加了switch_vlan3的配置项,port 0加入至vlan3中,同时需要从vlan1中移除出去,6t貌似是cpu接口,t是tag的意思
swconfig dev switch0 show查看设置结果
Global attributes:
enable_vlan: 1
Port 0:
pvid: 3
link: port:0 link:up speed:100baseT full-duplex
Port 1:
pvid: 1
link: port:1 link:down
Port 2:
pvid: 1
link: port:2 link:down
Port 3:
pvid: 1
link: port:3 link:down
Port 4:
pvid: 2
link: port:4 link:up speed:100baseT full-duplex
Port 5:
pvid: 0
link: port:5 link:down
Port 6:
pvid: 0
link: port:6 link:up speed:1000baseT full-duplex
Port 7:
pvid: 0
link: port:7 link:down
VLAN 1:
vid: 1
ports: 1 2 3 6t
VLAN 2:
vid: 2
ports: 4 6t
VLAN 3:
vid: 3
ports: 0 6t 接下来处理dhcp
配置信息在
root@BDCOM:/etc/config# cat dhcp
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 0 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 0 # enable for RBL checking and similar services
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option wdfile '/usr/bin/wifidog_util'
option resolvfile '/tmp/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
#option nonwildcard 1
#list interface br-lan
#list notinterface lo
#list bogusnxdomain '64.94.110.11'
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
option force 1
option ra_management 1
config dhcp wan
option interface wan
option ignore 1
config ac_dhcp
option sta_acid 'BDCOM_AP'
option ap_acid 'BDCOM_AP'dhcp文件中增加如下配置内容
config dhcp test
option interface test
option start 100
option limit 150
option leasetime 12h
option force 1
option ra_management 1可以看到新的配置文件生成在
root@BDCOM:/etc/config# cat /var/etc/dnsmasq.conf
# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
localise-queries
read-ethers
bogus-priv
expand-hosts
domain=lan
server=/lan/
dhcp-leasefile=/tmp/dhcp.leases
wifidog-file=/usr/bin/wifidog_util
resolv-file=/tmp/resolv.conf.auto
addn-hosts=/tmp/hosts
conf-dir=/tmp/dnsmasq.d
dhcp-broadcast=tag:needs-broadcast
host-record=BDCOM.lan,BDCOM,192.168.1.1
dhcp-range=lan,192.168.1.100,192.168.1.249,255.255.255.0,12h
dhcp-range=test,192.85.1.100,192.85.1.249,255.255.255.0,12h
no-dhcp-interface=eth0.2电脑通过LAN1端口连接后能获取到ip地址,网段为192.85.1.X,但是电脑不能访问外部,这是因为防火墙的缘故
root@BDCOM:/etc/config# vi firewall 增加如下内容
config zone
option name test
list network 'test'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config forwarding
option src test
option dest wan接下来进行桥的配置,将无线口加入至br-test桥中。
先将无线口从br-lan删除下来
brctl delif br-lan wlan0
加入至新的桥中
brctl addif br-test wlan0
brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.fcfaf7010201 no eth0.1
br-test 7fff.fcfaf7010201 no eth0.3
wlan0实验完毕!以上只是通过修改uci的配置文件来实现定制服务,这样,openwrt路由器在重启之后不会因为配置丢失而失去对应的服务。
配置结束后需要重启服务器,大部分网络这块是通过netifd模块进行的配置,其调用流程较为复杂。
附:
brctl show,显示桥信息
brctl addbr br0,新增桥
brctl addif br0 eth0.1,将子端口eth0.1加入桥
vconfig add eth0 3, 创建eth0.3端口
ifconfig eth0.3 up, up端口,非dup端口在ifconfig下不会显示
ifconfig eth0.3 192.168.1.1 netmask 255.255.255.0,端口配置ip地址
ifconfig eth0.0 0.0.0.0 ,端口删除ip地址
vconfig rem eth0.3,删除子端口
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
