{"id":391,"date":"2014-07-27T22:54:42","date_gmt":"2014-07-27T14:54:42","guid":{"rendered":"http:\/\/xiaoding.org\/?p=391"},"modified":"2014-08-22T19:50:03","modified_gmt":"2014-08-22T11:50:03","slug":"%e5%88%a9%e7%94%a8-dnsmasq-%e7%9a%84-ipset-%e5%ae%9e%e7%8e%b0%e6%99%ba%e8%83%bd%e8%b7%af%e7%94%b1%e3%80%81%e7%a7%91%e5%ad%a6%e4%b8%8a%e7%bd%91","status":"publish","type":"post","link":"https:\/\/xiaoding.org\/?p=391","title":{"rendered":"\u5229\u7528 Dnsmasq \u7684 ipset \u5b9e\u73b0\u667a\u80fd\u8def\u7531\u3001\u79d1\u5b66\u4e0a\u7f51"},"content":{"rendered":"<p>\u4e0a\u4e00\u7bc7\u6587\u7ae0<a title=\"\u5728 EdgeRouter Lite \u4e0a\u5b9e\u73b0\u79d1\u5b66\u4e0a\u7f51\" href=\"http:\/\/xiaoding.org\/?p=389\">\u300a\u5728 EdgeRouter Lite \u4e0a\u5b9e\u73b0\u79d1\u5b66\u4e0a\u7f51\u300b<\/a>\u662f\u7528\u7684\u6bd4\u8f83\u4f20\u7edf\u7684\u65b9\u5f0f\uff0c\u5373\u7b80\u5355\u5730\u6dfb\u52a0\u76ee\u7684\u8def\u7531\u3002\u5bf9\u4e8e\u6bd4\u8f83\u5927\u89c4\u6a21\u7684 ICP \u4f8b\u5982 Google, Facebook\uff0c\u6316\u51fa\u4ed6\u4eec\u7684\u7f51\u6bb5\u7136\u540e\u6dfb\u52a0\u5230\u8def\u7531\u8868\u91cc\u662f\u53ef\u884c\u7684\uff08\u4e3b\u8981\u662f\u4ed6\u4eec\u6709\u8f83\u597d\u7684\u7f51\u7edc\u57fa\u7840\u8bbe\u65bd\u5efa\u8bbe\uff0c\u90fd\u7533\u8bf7\u4e86\u81ea\u5df1\u7684 IP \u5730\u5740\u6bb5\uff0c\u5e76\u4e14\u7528 BGP \u4e92\u8054\u5e7f\u64ad\u5230\u5168\u7f51\uff09\u3002\u4e0d\u8fc7\u5bf9\u4e8e\u7edd\u5927\u591a\u6570\u88ab\u5c01\u7684\u7ad9\u70b9\uff0c\u60f3\u8981\u4e00\u4e2a\u4e00\u4e2a\u5730\u8ffd\u8e2a\u4ed6\u4eec\u7684 IP \u5730\u5740\u662f\u591a\u5c11\u5e76\u4fdd\u6301\u66f4\u65b0\uff0c\u8fd9\u65e0\u7591\u662f\u975e\u5e38\u5403\u529b\u7684\u3002\u597d\u5728\u6628\u5929\u7ffb Dnsmasq \u7684 Manpage \u8bfb\u5230\u4e86 ipset \u7684\u529f\u80fd\u9009\u9879\uff0c\u653e\u72d7\u4e00\u641c\u53d1\u73b0\u65e9\u6709\u4eba\u63d0\u5230\u8fd9\u9879\u529f\u80fd\u4e86\uff0c\u4e0d\u8fc7\u90fd\u662f\u5728 Openwrt \u4e0a\u5b9e\u73b0\u7684\u3002\u8fd9\u56de\u6211\u51b3\u5b9a\u5728 EdgeRouter Lite \u4e0a\u4e5f\u5b9e\u73b0\u4e00\u6b21\u3002<\/p>\n<p>\u76ee\u524d ER-Lite \u4e0a\u6700\u65b0\u7684\u56fa\u4ef6\u662f 1.5.0 \u7248\u672c\uff0c\u57fa\u4e8e Debian Squeeze 6.0.9 \uff0c\u5f88\u9057\u61be\u5176\u4e2d\u7684 Dnsmasq \u7248\u672c\u662f 2.62\uff0c\u6839\u636e Change Log\uff0c\u9700\u8981\u5230 2.66 \u7248\u672c\u624d\u80fd\u6709 ipset \u652f\u6301\uff0c\u8fd9\u6837\u53ea\u597d\u81ea\u5df1\u7f16\u8bd1\u4e86\u3002\u597d\u5728\u7f16\u8bd1\u8d77\u6765\u4e0d\u9ebb\u70e6\uff0c\u628a\u51e0\u4e2a\u9700\u8981\u7684 feature \u5728 src\/config.h \u91cc\u52a0\u4e0a\uff0c\u7136\u540e\u5728 Makefile \u91cc\u628a CC CFLAGS LDFLAGS PKG_CONFIG_PATH \u7b49\u51e0\u4e2a\u53d8\u91cf\u8bbe\u597d\uff0c\u5c31\u53ef\u4ee5\u76f4\u63a5\u7f16\u8bd1\u4e86\u3002\uff08\u5f53\u7136\u6709\u4e9b feature \u9700\u8981\u989d\u5916\u7684\u4f9d\u8d56\uff0c\u9700\u8981\u4e8b\u5148\u7f16\u8bd1\u597d\uff09\u6211\u8fd9\u91cc\u7f16\u8bd1\u7684 <a href=\"http:\/\/xiaoding.org\/wp-content\/uploads\/2014\/07\/dnsmasq.zip\">dnsmasq 2.71<\/a> \u7248\u672c\uff0cfeature \u5c3d\u91cf\u548c\u539f\u7cfb\u7edf\u9884\u88c5\u7684 2.62 \u4fdd\u6301\u4e00\u81f4\u3002<\/p>\n<pre class=\"scroll:true lang:sh highlight:0 decode:true \">ubnt@ERL:~$ \/usr\/sbin\/dnsmasq --version\r\nDnsmasq version 2.71 Copyright (c) 2000-2014 Simon Kelley\r\nCompile time options: IPv6 GNU-getopt no-RTC DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth no-DNSSEC\r\n\r\nThis software comes with ABSOLUTELY NO WARRANTY.\r\nDnsmasq is free software, and you are welcome to redistribute it\r\nunder the terms of the GNU General Public License, version 2 or 3.<\/pre>\n<p>\u76f4\u63a5\u66ff\u6362\u539f\u7cfb\u7edf\u91cc\u7684 2.62 \u7248\u672c\uff0c\u5c31\u53ef\u4ee5\u65e0\u7f1d\u5de5\u4f5c\u4e86\u3002\u4ee5 Google \u4e3a\u4f8b\uff0c\u5728\u914d\u7f6e\u4e2d\u6dfb\u52a0\u5982\u4e0b\u9009\u9879\uff1a<\/p>\n<pre class=\"lang:sh highlight:0 decode:true\">ubnt@ERL:~$ configure\r\n[edit]\r\nubnt@ERL# set service dns forwarding options server=\/google.com\/8.8.8.8\r\n[edit]\r\nubnt@ERL# set service dns forwarding options ipset=\/google.com\/CROSS_WALL<\/pre>\n<p>\u7b2c\u4e00\u884c\u662f\u6307\u5b9a google.com \u4e0b\u6240\u6709\u7684\u57df\u540d\u90fd\u4ea4\u7ed9 8.8.8.8 \u8fd9\u4e2a DNS Server \u6765\u89e3\u6790\uff0c\u7b2c\u4e8c\u884c\u662f\u6307\u5b9a\u6240\u6709 google.com \u57df\u540d\u4e0b\u89e3\u6790\u51fa\u6765\u7684 IP \u90fd\u6254\u5230\u540d\u4e3a CROSS_WALL \u7684\u8fd9\u4e2a ipset \u91cc\uff08\u5f53\u7136 ipset \u9700\u8981\u4e8b\u5148\u521b\u5efa\u597d\uff09<\/p>\n<p>\u5230 8.8.8.8\/32 \u7684\u8def\u7531\u53ef\u4ee5\u901a\u8fc7\u4e4b\u524d\u5efa\u7acb\u7684 OpenVPN tunnel \u51fa\u53bb\uff0c\u76f4\u63a5\u6dfb\u52a0\u5230\u8def\u7531\u8868\u3002\u8fd9\u6837\u9632\u6b62\u89e3\u6790\u51fa\u6765\u7684\u57df\u540d\u53d7\u5230\u6c61\u67d3\u3002\u968f\u540e\u5728 firewall rule \u91cc\u8ba9\u6240\u6709 destination addr \u7b26\u5408 CROSS_WALL \u8fd9\u4e2a ipset \u7684\u5305\u90fd\u8d70\u7279\u5b9a\u7684 tunnel \u51fa\u53bb\uff0c\u8fd9\u6837\u5c31\u5b9e\u73b0\u4e86\u667a\u80fd\u8def\u7531\uff0c\u79d1\u5b66\u4e0a\u7f51\u4e86\u3002trace route \u5982\u4e0b\uff1a<\/p>\n<pre class=\"lang:batch highlight:0 decode:true \">C:\\Users\\Xiaoding&gt;tracert -d www.google.com\r\n\r\nTracing route to www.google.com [173.194.127.210]\r\nover a maximum of 30 hops:\r\n\r\n  1     6 ms     1 ms     5 ms  192.168.111.1\r\n  2   281 ms   285 ms   286 ms  10.8.0.1\r\n  3   276 ms   282 ms   271 ms  96.44.154.33\r\n  4   267 ms   271 ms   275 ms  72.11.150.105\r\n  5   283 ms   279 ms   277 ms  96.44.180.97\r\n  6   280 ms   280 ms   277 ms  206.72.210.41\r\n  7   290 ms   283 ms   284 ms  64.233.174.41\r\n  8   291 ms   308 ms   290 ms  64.233.174.190\r\n  9   400 ms   408 ms   393 ms  64.233.174.177\r\n 10   403 ms   402 ms   422 ms  209.85.243.249\r\n 11   437 ms   406 ms   410 ms  66.249.94.30\r\n 12   407 ms   411 ms   413 ms  209.85.240.133\r\n 13   426 ms   442 ms   442 ms  173.194.127.210\r\n\r\nTrace complete.<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u4e0a\u4e00\u7bc7\u6587\u7ae0\u300a\u5728 EdgeRouter Lite \u4e0a\u5b9e\u73b0\u79d1\u5b66\u4e0a\u7f51\u300b\u662f\u7528\u7684\u6bd4\u8f83\u4f20\u7edf\u7684\u65b9\u5f0f\uff0c\u5373\u7b80\u5355\u5730\u6dfb\u52a0\u76ee\u7684\u8def\u7531\u3002\u5bf9 &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/xiaoding.org\/?p=391\" class=\"more-link\">\u7ee7\u7eed\u9605\u8bfb<span class=\"screen-reader-text\">\u201c\u5229\u7528 Dnsmasq \u7684 ipset \u5b9e\u73b0\u667a\u80fd\u8def\u7531\u3001\u79d1\u5b66\u4e0a\u7f51\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[48,49],"class_list":["post-391","post","type-post","status-publish","format-standard","hentry","category-tech-misc","tag-edgerouter-lite","tag-49"],"_links":{"self":[{"href":"https:\/\/xiaoding.org\/index.php?rest_route=\/wp\/v2\/posts\/391","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xiaoding.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiaoding.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiaoding.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/xiaoding.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=391"}],"version-history":[{"count":0,"href":"https:\/\/xiaoding.org\/index.php?rest_route=\/wp\/v2\/posts\/391\/revisions"}],"wp:attachment":[{"href":"https:\/\/xiaoding.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=391"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiaoding.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=391"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiaoding.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=391"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}