原文转载自: 公网控制全攻略, 网络高手是这样炼成的
http://blog.chinaunix.net/uid-27194309-id-3773990.html
ftp 21/tcp # File Transfer [Control] (XAMPP: FTP Default Port)
smtp 25/tcp mail # Simple Mail Transfer (XAMPP: SMTP Default Port)
http 80/tcp # World Wide Web HTTP (XAMPP: Apache Default Port)
pop3 110/tcp # Post Office Protocol - Version 3 (XAMPP: POP3 Default Port)
imap 143/tcp # Internet Message Access Protocol (XAMPP: IMAP Default Port)
https 443/tcp # http protocol over TLS/SSL (XAMPP: Apache SSL Port)
mysql 3306/tcp # MySQL (XAMPP: MySQL Default Port)
AJP/1.3 8009 # AJP/1.3 (XAMPP: Tomcat AJP/1.3 Port)
http-alt 8080/tcp # HTTP Alternate (see port 80) (XAMPP: Tomcat Default Port)
一. 已有路由做一级路由, OP做二级路由(LUCI中Network->Interfaces 的页面可以看到MAC地址)
1. OP做二级路由, 刷好特定固件
1)一级路由没有WIFI, OP路由只能设置为有线为WAN, 无线为LAN, 需要用网线连接到一级路由.
利用命令获取MAC地址: uci get network.wan.macaddr
2)一级路由有WIFI, OP路由可以设置为中继模式以WIFI连接到一级路由, 具体操作参考如下
http://blog.chinaunix.net/uid-27194309-id-3519153.html
利用命令获取MAC地址: uci get network.wwan.macaddr
root@OpenWrt:/xutest# ifconfig
br-lan Link encap:Ethernet HWaddr 38:83:45:36:0C:F0
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:266 errors:0 dropped:81 overruns:0 frame:0
TX packets:101 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:27528 (26.8 KiB) TX bytes:14711 (14.3 KiB)
eth0 Link encap:Ethernet HWaddr 38:83:45:36:0C:F0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:71 errors:0 dropped:0 overruns:0 frame:0
TX packets:71 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:9521 (9.2 KiB) TX bytes:9521 (9.2 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr 38-83-45-36-0C-F0-00-48-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:72700 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:9609626 (9.1 MiB) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 38:83:45:36:0C:F0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:256 errors:0 dropped:0 overruns:0 frame:0
TX packets:233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:31167 (30.4 KiB) TX bytes:38226 (37.3 KiB)
wlan0-1 Link encap:Ethernet HWaddr 3A:83:45:36:0C:F1
inet addr:192.168.8.145 Bcast:192.168.8.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:26120 errors:0 dropped:5753 overruns:0 frame:0
TX packets:4781 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:2905650 (2.7 MiB) TX bytes:3538122 (3.3 MiB)
一级路由设置, 需要做3个设置
1) 设置二级路由的静态IP, 一般在DHCP页面->静态IP, 将特定的MAC地址固定为特定IP以方便操作
2) 端口转发: 一般在虚拟服务器页面, 设置8081, 8082端口转发到上步所设置的静态IP
3) 动态DNS: 大部分路由器支持花生壳, 磊科的路由器支持 meibu.
花生壳注册: https://console.oray.com/passport/register.html?fromurl=http%3A%2F%2Fwww.oray.com%2F
控制台->产品管理->域名管理->免费域名, 可以看到自己的免费域名, 如我的DDNS为: qiushui-007.vicp.cc
路由器上输入自己用户名和密码, 一般在界面上能看到成功的连接显示并列出相关的动态DNS
更进一步, 一级路由仅需开启UPNP, 无需做其他设置
1)DDNS: openwrt下支持3322, 修改 /etc/config/ddns, 做为二级路由获得公网IP
option 'ip_source' 'web'
option 'ip_url' 'http://www.3322.org/dyndns/getip'
2) UPnP: openwrt下安装 miniupnpc, 具体操作参考
http://blog.chinaunix.net/uid-27194309-id-3785869.html
root@OpenWrt:/xutest# upnpc -a 192.168.8.146 8081 8081 TCP
upnpc : miniupnpc library test client. (c) 2006-2011 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://192.168.8.1:2058/rootDesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found valid IGD : http://192.168.8.1:2058/ctl/IPConn
Local LAN ip address : 192.168.8.146
ExternalIPAddress = 10.51.203.181
InternalIP:Port = 192.168.8.146:8081
external 10.51.203.181:8081 TCP is redirected to internal 192.168.8.146:8081 (duration=0)
然后, 登陆一级路由器 选择 转发规则–>upnp 设置→ 刷新 就可以看到添加了一条 UPnP 规则
测试: 家里和公司的路由器无需手工端口映射, 只用upnpc 即可成功
但家里的路由允许闭环测试, 可以在内网用公网IP直接测试,
公司的路由器不运行闭环测试, 必须增加手工端口映射才可以用公网IP测试.
有的酒店的路由是没开启UPnP的, 比如翰林大酒店, 执行 upnpc -l, 信息如下
No IGD UPnP Device found on the network !
正确时的信息如下:
root@OpenWrt:~# upnpc -l
upnpc : miniupnpc library test client. (c) 2005-2013 Thomas Bernard
Go to http://miniupnp.free.fr/ or http://miniupnp.tuxfamily.org/
for more information.
List of UPNP devices found on the network :
desc: http://192.168.8.1:2109/rootDesc.xml
st: urn:schemas-upnp-org:device:InternetGatewayDevice:1
Found valid IGD : http://192.168.8.1:2109/ctl/IPConn
Local LAN ip address : 192.168.8.102
Connection Type : IP_Routed
Status : Connected, uptime=2025s, LastConnectionError : ERROR_NONE
Time started : Thu Nov 6 13:30:19 2014
MaxBitRateDown : 4200000 bps (4.2 Mbps) MaxBitRateUp 4200000 bps (4.2 Mbps)
ExternalIPAddress = 10.50.160.66
i protocol exPort->inAddr:inPort description remoteHost leaseTime
0 TCP 8082->192.168.8.147:8082 'miniupnpc' '' 0
1 TCP 8081->192.168.8.147:8081 'miniupnpc' '' 0
GetGenericPortMappingEntry() returned 713 (SpecifiedArrayIndexInvalid)
如果上级路由支持UPnP, 就可以用脚本来完成. 文件: upnp.sh
#! /bin/sh
port1=8082
port2=8081
#local_ip=192.168.8.145
#网口做WAN, 无线中继时的名称不同,
eth_name=auto
#eth_name=eth0
#eth_name=wlan0-1
/xutest/get_local_ip $eth_name > /tmp/local_ip
local_ip=$(cat /tmp/local_ip)
#echo local_ip=$local_ip
#先删除再增加
upnpc -d $port1 TCP
upnpc -d $port2 TCP
upnpc -a $local_ip $port1 $port1 TCP
upnpc -a $local_ip $port2 $port2 TCP
4 内网操作
1) 通过LAN连接到二级路由, 浏览器中输入其IP(我的一般都为192.168.2.1)
http://192.168.2.1:8082/javascript_simple.html
2) 浏览器中输入二级路由在一级路由的静态IP(参考1->1)), 如我的为 192.168.8.128
http://192.168.8.128:8082/javascript_simple.html
外网操作
直接用公网IP测试, 如: http://222.208.10.247:8082/javascript_simple.html
抽空写个脚本, 开机时将公网和内网的IP都发到自己的Email, 特别适用于不会申请DDNS或者记不住自己的DDNS的朋友.
亲, 您不会也将自己的Email也忘记了吧?
#! /bin/sh
current_date=`date +%Y_%m_%d`
current_time=`date +%H_%M_%S`
echo $current_date
echo $current_time
wget http://members.3322.org/dyndns/getip -O getip
#必须删除文件中的空格, 否则作为smtp_xu的参数时错误. 222.208.10. 247
#cat getip
sed 's/ //g' getip > getip1
cat getip1
#网口做WAN, 无线中继时的名称不同,
eth_name=auto
#eth_name=eth0
#eth_name=wlan0-1
/xutest/get_local_ip $eth_name > /tmp/local_ip
local_ip=$(cat /tmp/local_ip)
echo $local_ip
#各个变量都不能带空格.
public1=http://$(cat getip1):8082/javascript_simple.html
title=office_fish_tank
subject=today:$current_date,$current_time,$local_ip,$public1
mailto=xxg6688@163.com
echo $mailto
echo $title
echo $subject
sleep_second=5
if [ -f getip1 ]; then
#/xutest/smtp_xu [email protected] router_ip $current_date$current_time$(cat getip1)
/xutest/smtp_xu $mailto $title $subject
fi