环境:
android设备上有3个网卡,usb0(4G网卡),eth0(以太网网卡),eth2(以太网网卡)
目标:
eth0,eth1分别接两台电脑,两台电脑通过4G模块上外网
方法:
1.nat模式
busybox ifconfig eth0 192.168.42.129 netmask 255.255.255.0
busybox ifconfig eth1 192.168.52.129 netmask 255.255.255.0
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -Z
IP=`ifconfig usb0 | busybox awk -F '[ :]' '{print $4}'`
iptables -t nat -A POSTROUTING -s 192.168.42.0/24 -o usb0 -j SNAT --to-source $IP
iptables -t nat -A POSTROUTING -s 192.168.52.0/24 -o usb0 -j SNAT --to-source $IP
2.网桥模式
kernel下打开这几个宏
CONFIG_BRIDGE_NETFILTER=y
CONFIG_STP=y
CONFIG_BRIDGE=y
CONFIG_BRIDGE_IGMP_SNOOPING=y
busybox brctl addbr br0
busybox ifconfig eth0 0.0.0.0
busybox ifconfig eth1 0.0.0.0
busybox brctl addif br0 eth0
busybox brctl addif br0 eth1
busybox ifconfig br0 192.168.52.129
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -Z
IP=`ifconfig usb0 | busybox awk -F '[ :]' '{print $4}'`
iptables -t nat -A POSTROUTING -s 192.168.52.0/24 -o usb0 -j SNAT --to-source $IP
--------------------------------------
以上为android的配置
eth0,eth1所连接的两台电脑ip地址设为192.168.52.x,掩码255.255.255.0,网关192.168.52.129即可
此时ping 192.168.52.129是能通的
--------------------------------------
以下指令只开放554端口
iptables -F
iptables -A FORWARD -p tcp --dport 554 -j ACCEPT
iptables -A FORWARD -p tcp --sport 554 -j ACCEPT
iptables -A FORWARD -j DROP
--------------------------------------
iptables -t filter -L 查看规则表
tcpdump -i usb0 抓usb0的包
--------------------------------------
参考文章:
https://blog.csdn.net/reyleon/article/details/12976341 iptable 详解
https://blog.csdn.net/light_jiang2016/article/details/79029661 nat转发
http://www.zsythink.net/archives/1199 iptable概念
https://blog.csdn.net/nerissa/article/details/17007069
https://blog.csdn.net/fuhaitaomt/article/details/78225193
https://blog.csdn.net/zxygww/article/details/49364499
https://blog.csdn.net/dog250/article/details/8680455
https://blog.csdn.net/liuhuahan/article/details/38982163
https://blog.csdn.net/chuanzhilong/article/details/53671666
http://www.cnblogs.com/meteoric_cry/archive/2011/02/24/1963537.html