{"id":21540,"date":"2020-02-02T21:12:54","date_gmt":"2020-02-02T13:12:54","guid":{"rendered":"http:\/\/4563.org\/?p=21540"},"modified":"2020-02-02T21:12:54","modified_gmt":"2020-02-02T13:12:54","slug":"%e5%85%b3%e4%ba%8elinux%e4%b8%ad%e5%ae%89%e8%a3%85zerotier%e5%90%8e%e5%bc%82%e5%9c%b0%e7%bb%84%e7%bd%91%e7%9a%84%e9%97%ae%e9%a2%98","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=21540","title":{"rendered":"\u5173\u4e8eLinux\u4e2d\u5b89\u88c5ZeroTier\u540e\u5f02\u5730\u7ec4\u7f51\u7684\u95ee\u9898"},"content":{"rendered":"\n

\t\t\t\t\thuangsijun17<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 13:50:10\t<\/p>\n

\u5173\u4e8eLinux\u4e2d\u5b89\u88c5ZeroTier\u540e\u5f02\u5730\u7ec4\u7f51\u7684\u95ee\u9898<\/h3>\n

\t\t\u8bf7\u95ee\u4e00\u4e0b\uff0c\u6709\u6ca1\u6709\u4eba\u8bd5\u8fc7\u7ed9\u5185\u7f51\u7684Linux\u5b89\u88c5ZeroTier\u540e\uff0c\u62ff\u6765\u5f02\u5730\u7ec4\u7f51\u5417\uff1f<\/p>\n

\u6211\u7684ZeroTier\u901a\u4e86\uff0c\u4f46\u63a5\u4e0b\u53bb\u600e\u4e48\u8bbe\u7f6e\uff1f<\/p>\n

Linux\u5728192.168.39.9\/24\uff0cZeroTier\u5206\u914d\u7684\u662f192.168.250.4\u3002<\/p>\n

ZT\u53e6\u4e00\u5934\u7684OP\uff08192.168.65.1\/24\uff09\u6211\u8bbe\u7f6e\u6210\u529f\u4e86\uff0cLinux\u53ef\u4ee5\u8fdbOP\u7684\u5185\u7f51\uff0c\u4f46OP\u8fd9\u91cc\u8fde\u4e0d\u4e0aLinux\u7684192.168.39.1\u7684\u7f51\u5173\u3002<\/p>\n

\u518d\u8005\uff0cOP\u8fd9\u5934\u6709\u6ca1\u6709\u53ef\u80fd\u8fde\u4e0a192.168.39.1\u7684\u7f51\u5173\u7684WAN\u53e3\uff08192.168.12.39\/24\uff09\u7f51\u6bb5\uff1f\t\t\t\t<\/p>\n

\t\t\t\t\tShadowSaint<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 13:58:42\t<\/p>\n

<\/h3>\n

\t\t1.ZeroTier\u7f51\u7ad9\u4e0a\u7f51\u7edc\u7ba1\u7406\u6743\u9650\u914d\u7f6e\u4e86\u4e48\uff1f
2.\u9632\u706b\u5899\u5173\u4e86\u4e48\uff1f\t\t\t\t<\/p>\n

\t\t\t\t\twuxudd<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 13:59:59\t<\/p>\n

<\/h3>\n

\t\t\u4e3a\u4ec0\u4e48\u4e0d\u7528N2N\u5462\t\t\t\t<\/p>\n

\t\t\t\t\thuangsijun17<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 14:07:35\t<\/p>\n

<\/h3>\n

\t\t \u672c\u5e16\u6700\u540e\u7531 huangsijun17 \u4e8e 2020-1-15 14:16 \u7f16\u8f91 <\/p>\n

ShadowSaint \u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 13:58
1.ZeroTier\u7f51\u7ad9\u4e0a\u7f51\u7edc\u7ba1\u7406\u6743\u9650\u914d\u7f6e\u4e86\u4e48\uff1f
2.\u9632\u706b\u5899\u5173\u4e86\u4e48\uff1f<\/p>\n

\u6211\u6309\u7167\u4e4b\u524dOP\u8fdeOP\u8bbe\u7f6e\u7684ZeroTier\uff0c\u5f02\u5730\u7ec4\u7f51\u6210\u529f\u4e86\u3002
\u9632\u706b\u5899\u6ca1\u5173\u2026\u2026
192.168.39.9\u7684HTTP\u670d\u52a1\u6211\u90fd\u8fde\u4e0a\u4e86\u3002<\/p>\n

iptable -l<\/p>\n

Chain INPUT (policy ACCEPT)
target   prot opt source               destination         <\/p>\n

Chain FORWARD (policy ACCEPT)
target   prot opt source               destination         <\/p>\n

Chain OUTPUT (policy ACCEPT)
target   prot opt source               destination         
iptables: Permission denied (you must be root).
$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target   prot opt source               destination         
ACCEPT   udp–anywhere             anywhere             udp dpt:domain
ACCEPT   tcp–anywhere             anywhere             tcp dpt:domain
ACCEPT   udp–anywhere             anywhere             udp dpt:bootps
ACCEPT   tcp–anywhere             anywhere             tcp dpt:bootps<\/p>\n

Chain FORWARD (policy ACCEPT)
target   prot opt source               destination         
ACCEPT   all–anywhere             anywhere            
ACCEPT   all–anywhere             anywhere            
ACCEPT   all–anywhere             anywhere            
ACCEPT   all–anywhere             anywhere            
ACCEPT   all–anywhere             192.168.122.0\/24   ctstate RELATED,ESTABLISHED
ACCEPT   all–192.168.122.0\/24   anywhere            
ACCEPT   all–anywhere             anywhere            
REJECT   all–anywhere             anywhere             reject-with icmp-port-unreachable
REJECT   all–anywhere             anywhere             reject-with icmp-port-unreachable<\/p>\n

ACCEPT   all–192.168.250.0\/24   anywhere            
ACCEPT   all–192.168.39.0\/24      anywhere            
ACCEPT   all–anywhere             192.168.39.0      
ACCEPT   all–192.168.250.0      anywhere            <\/p>\n

Chain OUTPUT (policy ACCEPT)
target   prot opt source               destination         
ACCEPT   udp–anywhere             anywhere             udp dpt:bootpc\t\t\t\t<\/p>\n

\t\t\t\t\thuangsijun17<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 14:08:56\t<\/p>\n

<\/h3>\n

\t\twuxudd \u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 13:59
\u4e3a\u4ec0\u4e48\u4e0d\u7528N2N\u5462<\/p>\n

N2N\u53ef\u4ee5\u591a\u4e2a\u7f51\u6bb5\u5b9e\u73b0\u5f02\u5730\u7ec4\u7f51\uff1f\t\t\t\t<\/p>\n

\t\t\t\t\thuangsijun17<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 14:24:03\t<\/p>\n

<\/h3>\n

\t\tShadowSaint \u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 13:58
1.ZeroTier\u7f51\u7ad9\u4e0a\u7f51\u7edc\u7ba1\u7406\u6743\u9650\u914d\u7f6e\u4e86\u4e48\uff1f
2.\u9632\u706b\u5899\u5173\u4e86\u4e48\uff1f<\/p>\n

\u8bd5\u4e86\u4e00\u4e0b\uff0c\u5173\u4e86firewalld\u548ciptable\u4ee5\u53caSe-Linux\uff0c\u7167\u6837\u4e0d\u884c\u3002\t\t\t\t<\/p>\n

\t\t\t\t\t\u4e03\u67b7\u793e<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 15:27:50\t<\/p>\n

<\/h3>\n

\t\t \u672c\u5e16\u6700\u540e\u7531 \u4e03\u67b7\u793e \u4e8e 2020-1-15 15:33 \u7f16\u8f91 <\/p>\n

\u5982\u679c\u4e0d\u8003\u8651\u901a\u8fc7Linux\u4e0a\u7f51\u7684\u8bdd\uff0c\u5728zerotier \u7f51\u7ad9\u8bbe\u7f6e\u4e00\u4e2a\u8def\u7531
192.168.39.0\/24via192.168.250.4 \t\t\t\t<\/p>\n

\t\t\t\t\thuangsijun17<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 16:02:08\t<\/p>\n

<\/h3>\n

\t\t\u4e03\u67b7\u793e \u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 15:27
\u5982\u679c\u4e0d\u8003\u8651\u901a\u8fc7Linux\u4e0a\u7f51\u7684\u8bdd\uff0c\u5728zerotier \u7f51\u7ad9\u8bbe\u7f6e\u4e00\u4e2a\u8def\u7531
192.168.39.0\/24via192.168.250.4
…<\/p>\n

\u65e9\u90fd\u8bbe\u7f6e\u4e86\uff0c\u6211\u8fd9\u91cc\u90fd\u53ef\u4ee5\u8fde\u4e0a192.168.39.9\u7684HTTP\u9875\u9762\u4e86\u3002\t\t\t\t<\/p>\n

\t\t\t\t\tnisekoi<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 16:45:31\t<\/p>\n

<\/h3>\n

\t\t \u672c\u5e16\u6700\u540e\u7531 nisekoi \u4e8e 2020-1-15 16:49 \u7f16\u8f91 <\/p>\n

\u53ef\u4ee5\u8bd5\u8bd5\u5199\u4e2aNAT\u89c4\u5219\u3002zerotier\u5b98\u7f51\u5199\u4e2a192.168.12.39\/24 via 192.168.250.4,\u7136\u540elinux\u8bbe\u7f6e\u4e00\u4e2anat\u89c4\u5219
\u6211\u4e5f\u4e0d\u77e5\u9053\u884c\u4e0d\u884c \u89c4\u5219\u5927\u6982\u662f\u8fd9\u6837 iptables -t nat -A POSTROUTING -d 192.168.12.0\/24 -j MASQUERADE \t\t\t\t<\/p>\n

\t\t\t\t\thuangsijun17<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 21:03:48\t<\/p>\n

<\/h3>\n

\t\t \u672c\u5e16\u6700\u540e\u7531 huangsijun17 \u4e8e 2020-1-15 21:09 \u7f16\u8f91 <\/p>\n

nisekoi \u5927\u4f6c\u6709\u8bdd\u8bf4 : 2020-1-15 16:45
\u53ef\u4ee5\u8bd5\u8bd5\u5199\u4e2aNAT\u89c4\u5219\u3002zerotier\u5b98\u7f51\u5199\u4e2a192.168.12.39\/24 via 192.168.250.4,\u7136\u540elinux\u8bbe\u7f6e\u4e00\u4e2anat\u89c4\u5219
…<\/p>\n

\u53ef\u4ee5\u4e86\uff0c\u8c22\u8c22\u3002
\u5f80Linux\u8dd1\u4e86\uff1a
iptables -t nat -A POSTROUTING -d 192.168.39.0\/24 -j MASQUERADE<\/p>\n

\u4e0b\u4e00\u6b65\u662f.65.0\/24\u548c.12.0\/24\u7684\u4e92\u8bbf\u4e86\uff0c\u53bb\u5e72.39.0\u3002\t\t\t <\/p>\n","protected":false},"excerpt":{"rendered":"

huangsijun17 \u5927\u4f6c\u6709\u8bdd…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/21540"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21540"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/21540\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21540"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21540"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21540"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}