网络配置状态信息搜集
来自Jack's Lab
目录 |
1 Ethernet
root@XiaoQiang:/# cat /etc/config/network config switch 'eth0' option enable '1' config switch_vlan 'eth0_1' option device 'eth0' option vlan '1' option ports '0 2 5*' config switch_vlan 'eth0_2' option device 'eth0' option vlan '2' option ports '4 5' config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config interface 'lan' option type 'bridge' option ifname 'eth0.1' option proto 'static' option ipaddr '192.168.31.1' option netmask '255.255.255.0' config interface 'wan' option proto 'dhcp' option ifname 'eth0.2'
2 Wireless
无线由 /etc/init.d/network 脚本的最后,调用 /sbin/wifi 启动 (他们都用到了这个脚本 /lib/network/config.sh)
配置文件在:
root@XiaoQiang:/# cat /etc/config/wireless config wifi-device 'wl0' option type 'broadcom' option channel '0' option txpwr 'mid' config wifi-iface option device 'wl0' option network 'lan' option mode 'ap' option ssid 'XMSB_5G' option encryption 'mixed-psk' option key 'qwer1234' config wifi-device 'wl1' option type 'broadcom' option channel '0' option txpwr 'mid' config wifi-iface option device 'wl1' option network 'lan' option mode 'ap' option ssid 'XMSB' option encryption 'mixed-psk' option key 'qwer1234'
3 dnsmasq
DNS forwarding and DHCP server
DNS server listen port is 53/domain
-r is specify the resolv.conf (defaults to /etc/resolv.conf)
root@XiaoQiang:/# cat /var/etc/dnsmasq.conf # auto-generated config file from /etc/config/dhcp conf-dir=/etc/dnsmasq.d/ address=/workforme.stat.localdomain/127.0.0.1 dhcp-authoritative domain-needed filterwin2k clear-on-reload localise-queries read-ethers bogus-priv expand-hosts neg-ttl=10 max-ttl=10 cache-size=3000 dns-forward-max=1000 server=/lan/ dhcp-leasefile=/data/dhcp.leases resolv-file=/tmp/resolv.conf.auto <----- from udhcpc wan, key nameserver list local-ttl=0 addn-hosts=/tmp/hosts dhcp-range=lan,192.168.31.100,192.168.31.249,255.255.255.0,12h dhcp-option-force=lan,43,XIAOMI_ROUTER no-dhcp-interface=eth0.2 address=/XiaoQiang/192.168.31.1 ptr-record=1.31.168.192.in-addr.arpa,XiaoQiang root@XiaoQiang:/# ps | grep dns 3643 nobody 1220 S /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf 5609 root 34028 S /usr/sbin/pdnsd --daemon -p /var/run/pdnsd.pid 24027 root 1476 S grep dns
参考:https://wiki.debian.org/HowTo/dnsmasq
4 pdnsd
root@XiaoQiang:/# cat /etc/pdnsd.conf global { daemon=on; verbosity=3; debug=off; status_ctl=on; randomize_recs=on; perm_cache=40960; cache_dir=/userdisk/pdnsd; max_ttl=204800; run_as=root; paranoid=on; server_port=54; run_ipv4=on; par_queries=2; server_ip=lo; query_method=tcp_udp; timeout=6; tcp_qtimeout=2; } server { label="isp"; file="/tmp/resolv.conf.auto"; reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; timeout=3; interval=60; uptest=query; query_test_name="a.com"; purge_cache=off; caching=on; } server { label="114"; ip=114.114.114.114,114.114.115.115,114.114.114.119,114.114.115.119,114.114.114.110,114.114.115.110; reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; edns_query=on; timeout=3; interval=60; uptest=query; query_test_name="a.com"; purge_cache=off; caching=on; } server { label="Google"; ip=8.8.8.8,8.8.4.4; reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; edns_query=on; timeout=3; interval=60; uptest=query; query_test_name="a.com"; purge_cache=off; caching=on; } server { label="OpenDNS"; ip=208.67.222.222,208.67.220.220; reject=4.36.66.178, 8.7.198.45, 37.61.54.158, 46.82.174.68, 59.24.3.173, 64.33.88.161, 64.33.99.47, 64.66.163.251, 65.104.202.252, 65.160.219.113, 66.45.252.237, 72.14.205.99, ; edns_query=on; timeout=3; interval=60; uptest=query; query_test_name="a.com"; purge_cache=off; caching=on; } source { ttl=86400; owner="localhost."; serve_aliases=on; file="/etc/hosts"; }
5 iptables
配置文件在 /etc/config/firewall
root@XiaoQiang:/# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination delegate_input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination delegate_forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination delegate_output all -- anywhere anywhere Chain MINIUPNPD (1 references) target prot opt source destination Chain delegate_forward (1 references) target prot opt source destination forwarding_rule all -- anywhere anywhere /* user chain for forwarding */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_forward all -- anywhere anywhere zone_wan_forward all -- anywhere anywhere reject all -- anywhere anywhere Chain delegate_input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere input_rule all -- anywhere anywhere /* user chain for input */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_input all -- anywhere anywhere zone_wan_input all -- anywhere anywhere Chain delegate_output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere output_rule all -- anywhere anywhere /* user chain for output */ ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED zone_lan_output all -- anywhere anywhere zone_wan_output all -- anywhere anywhere Chain forwarding_lan_rule (1 references) target prot opt source destination Chain forwarding_rule (1 references) target prot opt source destination macfilter_wan all -- anywhere anywhere Chain forwarding_wan_rule (1 references) target prot opt source destination Chain input_lan_rule (1 references) target prot opt source destination Chain input_rule (1 references) target prot opt source destination macfilter_admin tcp -- anywhere XiaoQiang multiport dports www,https,telnet,ssh Chain input_wan_rule (1 references) target prot opt source destination Chain macfilter_admin (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere MAC 4C:21:D0:40:42:D4 ACCEPT all -- anywhere anywhere MAC F8:A4:5F:5A:60:66 Chain macfilter_lan (0 references) target prot opt source destination Chain macfilter_wan (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere MAC 4C:21:D0:40:42:D4 ACCEPT all -- anywhere anywhere MAC F8:A4:5F:5A:60:66 Chain output_lan_rule (1 references) target prot opt source destination Chain output_rule (1 references) target prot opt source destination Chain output_wan_rule (1 references) target prot opt source destination Chain reject (3 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain zone_lan_dest_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_forward (1 references) target prot opt source destination forwarding_lan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_dest_ACCEPT all -- anywhere anywhere /* forwarding lan -> wan */ zone_lan_src_REJECT all -- anywhere anywhere Chain zone_lan_input (1 references) target prot opt source destination input_lan_rule all -- anywhere anywhere /* user chain for input */ zone_lan_src_ACCEPT all -- anywhere anywhere Chain zone_lan_output (1 references) target prot opt source destination output_lan_rule all -- anywhere anywhere /* user chain for output */ zone_lan_dest_ACCEPT all -- anywhere anywhere Chain zone_lan_src_ACCEPT (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_lan_src_REJECT (1 references) target prot opt source destination reject all -- anywhere anywhere Chain zone_wan_dest_ACCEPT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain zone_wan_forward (1 references) target prot opt source destination MINIUPNPD all -- anywhere anywhere forwarding_wan_rule all -- anywhere anywhere /* user chain for forwarding */ zone_wan_src_REJECT all -- anywhere anywhere Chain zone_wan_input (1 references) target prot opt source destination input_wan_rule all -- anywhere anywhere /* user chain for input */ ACCEPT udp -- anywhere anywhere udp dpt:bootpc /* Allow-DHCP-Renew */ ACCEPT icmp -- anywhere anywhere icmp echo-request /* Allow-Ping */ ACCEPT tcp -- anywhere anywhere tcp dpt:socks /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:4662 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:2080 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT tcp -- anywhere anywhere tcp dpt:2062 /* 'xunlei wan accept tcp port 1080 4662 2080 2062' */ ACCEPT udp -- anywhere anywhere udp dpt:4661 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:3027 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:888 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:666 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2037 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2061 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2048 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ ACCEPT udp -- anywhere anywhere udp dpt:2066 /* xunlei wan accept udp port 4661 3027 888 666 2037 2061 2048 2066 */ zone_wan_src_REJECT all -- anywhere anywhere Chain zone_wan_output (1 references) target prot opt source destination output_wan_rule all -- anywhere anywhere /* user chain for output */ zone_wan_dest_ACCEPT all -- anywhere anywhere Chain zone_wan_src_REJECT (2 references) target prot opt source destination reject all -- anywhere anywhere
6 route table
root@XiaoQiang:/# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.31.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan 128.224.162.0 0.0.0.0 255.255.254.0 U 0 0 0 eth0.2 0.0.0.0 128.224.162.1 0.0.0.0 UG 0 0 0 eth0.2 0.0.0.0 128.224.162.1 0.0.0.0 UG 50 0 0 eth0.2