huikai

生于忧患,死于安乐

下载zerotier

  1. curl -s https://install.zerotier.com | sudo bash

加入网络

  1. sudo zerotier-cli join $NETWORK_ID

查看已加入网络信息:

  1. sudo zerotier-cli listnetworks

开启ip转发(用于访问局域网其他机器)

永久开启:

  1. vim /etc/sysctl.conf
  2. ## 加入如下内容:
  3. net.ipv4.ip_forward = 1

临时开启:

  1. sudo sysctl -w net.ipv4.ip_forward=1

配置防火墙

iptables

  1. PHY_IFACE=eth0; ZT_IFACE=zt7nnig26
  3. sudo iptables -t nat -A POSTROUTING -o $PHY_IFACE -j MASQUERADE
  5. sudo iptables -A FORWARD -i $PHY_IFACE -o $ZT_IFACE -m state --state RELATED,ESTABLISHED -j ACCEPT
  7. sudo iptables -A FORWARD -i $ZT_IFACE -o $PHY_IFACE -j ACCEPT

firewalld

  1. firewall-cmd --add-masquerade --permanent
  3. systemctl restart firewalld.service

nftables

  1. vim /etc/nftables.conf
  2. ## 配置ip表的postrouting链为如下内容($PHY_IFACE替换成物理网卡名,$ZT_IFACE替换成ZEROTIER网卡名)
  3. table ip nat {
  4.     chain postrouting {
  5.         type nat hook postrouting priority 100; policy accept;
  6.         oifname $PHY_IFACE masquerade
  7.     }
  8. }
  10. ## 如果存在其他ip表或者inet表,需要关注forward链(开放允许ct state和ZT->PHY网卡转发)
  11. table inet filter {
  12.     chain forward {
  13.         type filter hook forward priority 0; policy drop;
  14.         ct state vmap { established : accept, related : accept, invalid : drop }
  15.         iifname $ZT_IFACE oifname $PHY_IFACE accept
  16.     }
  17. }


 PVE笔记 Debian Gnome 无法使用中文