526互联

在 Alpine Linux 安装 Zerotier 并转发内网设备

发布时间 2023-04-22 20:03:18作者: 伞酱酱酱

安装 zerotier-one

alpine:~# apk update && apk add zerotier-one
fetch http://mirrors.ustc.edu.cn/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ustc.edu.cn/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ustc.edu.cn/alpine/edge/main/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ustc.edu.cn/alpine/edge/community/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ustc.edu.cn/alpine/edge/testing/x86_64/APKINDEX.tar.gz
v3.17.3-120-g60944b2cca6 [http://mirrors.ustc.edu.cn/alpine/v3.17/main]
v3.17.3-123-g1099f7eaf4b [http://mirrors.ustc.edu.cn/alpine/v3.17/community]
v20230329-2422-g60ad8cb7d4a [http://mirrors.ustc.edu.cn/alpine/edge/main]
v20230329-2052-g42c12d97caf [http://mirrors.ustc.edu.cn/alpine/edge/community]
v20230329-2044-gaf64c1c62f4 [http://mirrors.ustc.edu.cn/alpine/edge/testing]
OK: 42950 distinct packages available
(1/4) Installing libgcc (12.2.1_git20220924-r10)
(2/4) Installing libstdc++ (12.2.1_git20220924-r10)
(3/4) Installing zerotier-one (1.10.2-r0)
(4/4) Installing zerotier-one-openrc (1.10.2-r0)
Executing busybox-1.35.0-r29.trigger
OK: 336 MiB in 83 packages

开启 TUN 虚拟网卡

alpine:~# modprobe tun
alpine:~# ls -al /dev/net
total 0
drwxr-xr-x    2 root     root            60 Apr 22 19:35 .
drwxr-xr-x   16 root     root          3300 Apr 22 19:35 ..
crw-rw-rw-    1 root     netdev     10, 200 Apr 22 19:35 tun

启动 Zerotier 服务

alpine:~# /etc/init.d/zerotier-one -d
alpine:~# zerotier-one -d
alpine:~# rc-update add zerotier-one sysinit
 * service zerotier-one added to runlevel sysinit

加入网络

alpine:~# zerotier-cli join 885033*********
200 join OK
alpine:~# zerotier-cli info
200 info fa1902**** 1.10.2 ONLINE

在 Zerotier 后台配置转发

image-20230422194753507

image-20230422194845090

查看各网卡状态,记录物理网卡和虚拟网卡的名称。此处物理网卡为 eth0,虚拟网卡为 ztbpaezbf3

alpine:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
...

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
...

3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 
...

4: ztbpaezbf3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc pfifo_fast state UNKNOWN qlen 1000
...

配置 iptables 规则,允许转发流量

alpine:~# iptables -t nat -A POSTROUTING -o <PHY_INTERFACE> -j MASQUERADE
alpine:~# iptables -A FORWARD -i <PHY_INTERFACE> -o <ZT_INTERFACE> -m state --state RELATED,ESTABLISHED -j ACCEPT
alpine:~# iptables -A FORWARD -i <ZT_INTERFACE> -o <PHY_INTERFACE> -j ACCEPT
alpine:~# iptables-save
...

此时在不接入 192.168.10.0 网段的设备中连接到 Zerotier 虚拟网,也可以通过 192.168.10.0 网段的地址访问内网资源;

Alpine Linux 本体占用非常非常低,很适合用来干这种细活,比如跑一些小服务,或者开容器;

本来把 Alpine 开在 LXC 容器里,但是容器内始终无法启动虚拟网卡。还是建议直接用镜像装机;

其他系统开启的步骤一样,命令稍微换一下就行了。