welcome: please sign in
location: Router

AlpineLinux 在 PC 上搭建高性能路由

开个坑,计划用 x86 迷你主机装 AlpineLinux[1][2] 搭一套家用路由方案出来,计划时间1年。

Hardware

CPU

Intel(R) Celeron(R) CPU N3150 @ 1.60GHz

Memory

Samsung DDR3L 1600 2GB

Storage

SanDisk i100 16GB SSD

NIC

REALTEK r8169 Gigabit Ethernet (2 ports)

AlpineLinux

此处放 AlpineLinux 及其打包系统[3]简单介绍

apk & abuild

基础服务

无线网络、IPv6支持等系统基本安装和配置

Router

此处放基本路由功能的实现方法

NAT 使用 iptables 实现[4]

   1 DEPMOD=/sbin/depmod
   2 MODPROBE=/sbin/modprobe
   3 
   4 EXTIF="wan0"
   5 INTIF="lan0"
   6 #INTIF2="eth0"
   7 echo "   External Interface:  $EXTIF"
   8 echo "   Internal Interface:  $INTIF"
   9 
  10 #======================================================================
  11 #== No editing beyond this line is required for initial MASQ testing ==
  12 echo -en "   loading modules: "
  13 echo "  - Verifying that all kernel modules are ok"
  14 $DEPMOD -a
  15 echo "----------------------------------------------------------------------"
  16 echo -en "ip_tables, "
  17 $MODPROBE ip_tables
  18 echo -en "nf_conntrack, "
  19 $MODPROBE nf_conntrack
  20 echo -en "nf_conntrack_ftp, "
  21 $MODPROBE nf_conntrack_ftp
  22 echo -en "nf_conntrack_irc, "
  23 $MODPROBE nf_conntrack_irc
  24 echo -en "iptable_nat, "
  25 $MODPROBE iptable_nat
  26 echo -en "nf_nat_ftp, "
  27 $MODPROBE nf_nat_ftp
  28 echo "----------------------------------------------------------------------"
  29 echo -e "   Done loading modules.\n"
  30 echo "   Enabling forwarding.."
  31 echo "1" > /proc/sys/net/ipv4/ip_forward
  32 echo "   Enabling DynamicAddr.."
  33 echo "1" > /proc/sys/net/ipv4/ip_dynaddr
  34 echo "   Clearing any existing rules and setting default policy.."
  35 
  36 iptables-restore <<-EOF
  37 *nat
  38 -A POSTROUTING -o "$EXTIF" -j MASQUERADE
  39 COMMIT
  40 *filter
  41 :INPUT ACCEPT [0:0]
  42 :FORWARD DROP [0:0]
  43 :OUTPUT ACCEPT [0:0]
  44 -A FORWARD -i "$EXTIF" -o "$INTIF" -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  45 -A FORWARD -i "$INTIF" -o "$EXTIF" -j ACCEPT
  46 -A FORWARD -j LOG
  47 COMMIT
  48 EOF
  49 
  50 echo -e "\nrc.firewall-iptables v$FWVER done.\n"

dnsmasq

dnsmasq 实现 DHCP 服务器和 DNS resolver

VLAN

实现 VLAN 划分,隔离 LAN 网络

MultiWAN

实现多路由负载均衡[5][6]

Docker

考虑用 Docker 辅助翻墙(DNS resolver & shadowsocks, etc.)

杂项

Ref.

[1]. AlpineLinux

[2]. Linux Router with VPN on a Raspberry Pi

[3]. Creating an Alpine package

[4]. Enable IP forwarding and Masquerading

[5]. Fault Tolerant Routing with Alpine Linux

[6]. 电信移动双线ISP接入下使用OPENWRT做策略路由区分国内外流量

Router (last edited 2016-04-06 06:31:13 by AstroProfundis)

How many stars in your bowl, How many sorrows in your soul?
CopyRight © 2011-2017 Allen Zhong, under a CC BY-NC-ND 4.0 License. | IPv6 Enabled.