在 Alpine Linux 安装 Zerotier 并转发内网设备
安装 zerotier-one
alpine:~# apk update && apk add zerotier-one
fetch http://mirrors.ustc.edu.cn/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ustc.edu.cn/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ustc.edu.cn/alpine/edge/main/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ustc.edu.cn/alpine/edge/community/x86_64/APKINDEX.tar.gz
fetch http://mirrors.ustc.edu.cn/alpine/edge/testing/x86_64/APKINDEX.tar.gz
v3.17.3-120-g60944b2cca6 [http://mirrors.ustc.edu.cn/alpine/v3.17/main]
v3.17.3-123-g1099f7eaf4b [http://mirrors.ustc.edu.cn/alpine/v3.17/community]
v20230329-2422-g60ad8cb7d4a [http://mirrors.ustc.edu.cn/alpine/edge/main]
v20230329-2052-g42c12d97caf [http://mirrors.ustc.edu.cn/alpine/edge/community]
v20230329-2044-gaf64c1c62f4 [http://mirrors.ustc.edu.cn/alpine/edge/testing]
OK: 42950 distinct packages available
(1/4) Installing libgcc (12.2.1_git20220924-r10)
(2/4) Installing libstdc++ (12.2.1_git20220924-r10)
(3/4) Installing zerotier-one (1.10.2-r0)
(4/4) Installing zerotier-one-openrc (1.10.2-r0)
Executing busybox-1.35.0-r29.trigger
OK: 336 MiB in 83 packages
开启 TUN 虚拟网卡
alpine:~# modprobe tun
alpine:~# ls -al /dev/net
total 0
drwxr-xr-x 2 root root 60 Apr 22 19:35 .
drwxr-xr-x 16 root root 3300 Apr 22 19:35 ..
crw-rw-rw- 1 root netdev 10, 200 Apr 22 19:35 tun
启动 Zerotier 服务
alpine:~# /etc/init.d/zerotier-one -d
alpine:~# zerotier-one -d
alpine:~# rc-update add zerotier-one sysinit
* service zerotier-one added to runlevel sysinit
加入网络
alpine:~# zerotier-cli join 885033*********
200 join OK
alpine:~# zerotier-cli info
200 info fa1902**** 1.10.2 ONLINE
在 Zerotier 后台配置转发
查看各网卡状态,记录物理网卡和虚拟网卡的名称。此处物理网卡为 eth0,虚拟网卡为 ztbpaezbf3
alpine:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
...
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
...
4: ztbpaezbf3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc pfifo_fast state UNKNOWN qlen 1000
...
配置 iptables 规则,允许转发流量
alpine:~# iptables -t nat -A POSTROUTING -o <PHY_INTERFACE> -j MASQUERADE
alpine:~# iptables -A FORWARD -i <PHY_INTERFACE> -o <ZT_INTERFACE> -m state --state RELATED,ESTABLISHED -j ACCEPT
alpine:~# iptables -A FORWARD -i <ZT_INTERFACE> -o <PHY_INTERFACE> -j ACCEPT
alpine:~# iptables-save
...
允许 IPv4 流量转发
alpine:~# sysctl -w net.ipv4.ip_forward=1
alpine:~# sysctl -p
此时在不接入 192.168.10.0 网段的设备中连接到 Zerotier 虚拟网,也可以通过 192.168.10.0 网段的地址访问内网资源;
Alpine Linux 本体占用非常非常低,很适合用来干这种细活,比如跑一些小服务,或者开容器;
本来把 Alpine 开在 LXC 容器里,但是容器内始终无法启动虚拟网卡。还是建议直接用镜像装机;
其他系统开启的步骤一样,命令稍微换一下就行了。