CN114598600A - Dual system for realizing network intercommunication - Google Patents
Dual system for realizing network intercommunication Download PDFInfo
- Publication number
- CN114598600A CN114598600A CN202210136677.2A CN202210136677A CN114598600A CN 114598600 A CN114598600 A CN 114598600A CN 202210136677 A CN202210136677 A CN 202210136677A CN 114598600 A CN114598600 A CN 114598600A
- Authority
- CN
- China
- Prior art keywords
- network
- nat
- rules
- dual
- starting
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000009977 dual effect Effects 0.000 title claims abstract description 39
- 238000001914 filtration Methods 0.000 claims description 14
- 238000006243 chemical reaction Methods 0.000 claims description 4
- 238000000034 method Methods 0.000 abstract description 23
- 238000012546 transfer Methods 0.000 abstract description 5
- 230000006870 function Effects 0.000 description 36
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 6
- 230000006854 communication Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 241000282326 Felis catus Species 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 101000652292 Homo sapiens Serotonin N-acetyltransferase Proteins 0.000 description 2
- 101100513046 Neurospora crassa (strain ATCC 24698 / 74-OR23-1A / CBS 708.71 / DSM 1257 / FGSC 987) eth-1 gene Proteins 0.000 description 2
- 102100030547 Serotonin N-acetyltransferase Human genes 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000009434 installation Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/08—Configuration management of networks or network elements
- H04L41/0803—Configuration setting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/08—Protocols for interworking; Protocol conversion
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides a dual system for realizing network intercommunication, which comprises: the system comprises a first system and a second system, wherein the first system and the second system are connected through a USB interface, the first system is provided with a network interface, and the first system is configured as follows: starting the RNDIS function of the first system; starting an IP forwarding function of the first system; and setting the IP route and the rule of the first system. By defining and configuring the method of the soft routing in the dual-system machine, the switch is not needed to transfer the wifi/lan network to the OPS computer, the switch and other hardware are reduced, and the cost is reduced.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a dual system for realizing network intercommunication.
Background
The OPS computer is an open-type pluggable computer module and is also a microcomputer, and can be plugged and unplugged, so that the overall layout is attractive. Digital signals that are more convenient to install, use and maintain. The OPS computer is mainly applied to an educational all-in-one machine, for example, as a teaching platform which is most commonly used in middle and primary schools or a conference system which is most commonly used in a conference room, an electronic whiteboard, and a business display large screen. Generally, a built-in board card on a mainboard of an all-in-one machine adopts an android system for realizing some basic functions. In order to expand and enrich the functions of the all-in-one machine, an OPS computer using a Windows system is also provided.
When an existing OPS computer is connected with an all-in-one machine mainboard, an additional switch needs to be configured to transfer a wifi/lan network to the OPS computer.
Disclosure of Invention
The application aims to provide the dual system for realizing network intercommunication, and the method for defining and configuring the soft route in the dual system machine by replacing hardware with software does not need a switch to transfer a wifi/lan network to an ops computer, so that the switch and other hardware are reduced, and the cost is reduced.
According to an aspect of the present application, a dual system for implementing network interworking is provided, including: the system comprises a first system and a second system, wherein the first system and the second system are connected through a USB interface, the first system is provided with a network interface, and the first system is configured as follows:
starting the RNDIS function of the first system;
starting an IP forwarding function of the first system;
and setting the IP route and the rule of the first system.
According to some embodiments, the second system is configured to:
and starting the RNDIS function of the second system.
According to some embodiments, the dual system comprises:
the starting of the IP forwarding function of the first system includes:
and starting the NAT function of the first system through IPTABLES, so that the source IP address of the data realizes dynamic conversion.
According to some embodiments, the dual system comprises:
the starting the IP forwarding function of the first system further includes:
and clearing the current data packet filtering table of the IPTABLES and the rules in the NAT table.
According to some embodiments, the dual system comprises:
the setting of the IP routing and rules of the first system further includes: and starting a forwarding function of the kernel network.
According to another aspect of the present application, a dual system for implementing network interworking is provided, including: the system comprises a first system and a second system, wherein the first system and the second system are connected through an Ethernet interface, the first system is provided with a wireless network interface, and the first system is configured as follows:
starting an IP forwarding function of the first system;
and setting the IP route and the rule of the first system.
According to some embodiments, the dual system comprises:
the starting of the IP forwarding function of the first system includes:
and starting the NAT function of the first system through IPTABLES, so that the source IP address of the data realizes dynamic conversion.
According to some embodiments, the dual system comprises:
the setting of the IP routing and rules of the first system includes: and adding routing rules of entering from the Ethernet card and exiting from the wireless network card in the NAT table.
According to some embodiments, the dual system comprises:
the defining and configuring the IP routing and rules of the first system further comprises: and starting a forwarding function of the kernel network.
According to the embodiment of the application, the method for defining and configuring the soft route in the dual-system machine is used for connecting the OPS system and the mainboard by adopting the USB interface or the Ethernet interface, a switch is not needed for switching the wifi/lan network to an OPS computer, the switch and other hardware are reduced, and the cost is reduced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments will be briefly introduced below.
Fig. 1 shows a flowchart of a dual system for implementing network interworking according to an exemplary embodiment of the present application.
Fig. 2 illustrates an operational diagram for implementing network interworking according to an exemplary embodiment of the present application.
Fig. 3 shows a schematic diagram of a dual system for implementing network interworking according to an example embodiment of the present application.
Fig. 4 shows a diagram of a dual system implementing network interworking according to another example embodiment of the present application.
Fig. 5 is a diagram illustrating a data flow of a dual system for implementing network interworking according to an exemplary embodiment of the present application.
FIG. 6 shows a block diagram of an electronic device according to an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the present concepts. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It will be appreciated by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present application and are, therefore, not intended to limit the scope of the present application.
OPS, collectively referred to as: open plug capable Specification. The standard digital signage interface specification is established by Intel and display manufacturers. The OPS computer is an open-type pluggable computer, which is a mini PC.
The internal components of the OPS computer are a mini PC with an X86 architecture, an Intel core processor is adopted, and the computer is provided with a memory, a hard disk, various input and output interfaces and a Windows operation interface, so that the OPS computer is favorable for the standardized design and development of digital signage equipment and is inserted into a media player terminal.
In the prior art, a dual system consisting of an OPS computer equipped with a Windows system and an embedded motherboard (e.g., an Android motherboard) needs to transfer a wifi/lan network to the OPS computer through a switch.
The scheme provided by the application is that the whole dual-system only uses one network cable or wifi, so that simultaneous networking of Windows and Android systems can be realized, and an OPS computer and an Android main board intercommunication network is realized.
The following description of example embodiments of the present application refers to the accompanying drawings.
Fig. 1 shows a flowchart of a dual system for implementing network interworking according to an exemplary embodiment of the present application.
The dual system includes a first system including an embedded motherboard, such as an android motherboard, and a second system including an OPS system.
Referring to fig. 1, at S101, RNDIS functions of a first system and a second system are turned on.
RNDIS (remote Network Driver Interface specification), namely remotedIS, a remote Network Driver Interface specification. The RNDIS is actually a TCP/IP over USB based on the USB, namely TCP/IP is run on the USB device, and the USB device looks like a network card.
RNDIS does not require a hardware vendor to program an NDIS miniport device driver for network devices connected to the USB bus. This is achieved by defining a bus independent message set and specifying how this message set operates on the USB bus.
Since this RNDIS interface is standardized, a set of host drivers may support any number of network devices connected to the USB bus. This greatly reduces the development burden on the device manufacturer and improves the overall stability of the system, as no new drivers are required, improving the end-user experience.
Turning on the rndis requires that both windows and android systems are turned on, taking the android system as an example, referring to an operation schematic diagram for realizing network intercommunication shown in fig. 2, usb gadget drivers is selected and set as < >, and the rndis is turned on, so that the usb0 port can transmit network data packets.
At S103, the first system IP forwarding function is turned on.
And enabling the nat function of the first system through IPTABLES, so that the source IP address of the data is converted between the USB interface and the Ethernet interface and/or the wireless network interface.
IPTABLES is an IP packet filtering system integrated with the latest version 3.5 Linux kernel. If the Linux system is connected to the internet or a LAN, a server or a proxy server connecting the LAN and the internet, the system facilitates better control of IP packet filtering and firewall configuration on the Linux system.
When the firewall makes a decision on packet filtering, a set of rules is followed and formed, and the rules are stored in a special packet filtering table which is integrated in a Linux kernel. In the packet filter table (filter), rules are grouped into what we call a chain (chain).
The netfilter/iptables IP packet filtering system is a powerful tool that can be used to add, edit, and remove rules. Although the netfilter/iptables IP packet filtering system is referred to as a single entity, it actually consists of two components netfilter and iptables.
The netfilter component, also known as kernel space (kernel), is part of the kernel and consists of packet filtering tables that contain the set of rules that the kernel uses to control the packet filtering process.
The iptables are not real firewalls, but can be understood as a client agent, and a user executes security setting of the user into a corresponding 'security framework' through the iptables, wherein the 'security framework' is the real firewall, and the name of the framework is netfilter.
The netfilter is the firewall real security framework (framework), and is located in the kernel space. iptables is actually a command line tool, located in user space, with which the actual frame is manipulated.
netfilter is a common architecture in the Linux kernel that provides a series of "tables" (tables), each table consisting of several "chains" (chains), where there may be one or several rules (rules) in each chain. And the default table of the system is "filter". But when NAT is used, the table we use is no longer a "filter", but a "NAT" table, so we must use the "-tnat" option to explicitly indicate this. Because the default table for the system is "filter", we do not have to explicitly specify "-t filter" when using the filter function.
According to some embodiments, NAT functionality is enabled by:
iptables-t nat-APOSTROUTING-o wlan0-j MASQUERADE
iptables-t nat-APOSTROUTING-o usb0-j MASQUERADE
iptables-t nat-APOSTROUTING-o eth0-j MASQUERADE
the existing rules of iptables are cleared, no matter whether the firewall is started during installation of Linux or not, if the firewall needs to be reconfigured, all the rules of the existing filter need to be cleared.
And clearing rules in the current data packet filtering table, namely the filter table and the nat table preset table, for example, by the following commands:
iptables-t filter/nat-F
at S105, first system IP routes and rules are defined and configured. And adding routing rules of entering from the Ethernet card and exiting from the wireless network card into the nat table.
NAT (network address Translation) was proposed in 1994. The NAT method can be used when some hosts inside a private network have been assigned a local IP address (i.e., a private address used only within the private network) but want to communicate with hosts on the internet (without encryption).
This method requires NAT software to be installed on a router connected to the internet (public IP) on a private network (private IP). A router with NAT software, called a NAT router, has at least one valid external global IP address (public IP address). Thus, all hosts using local addresses (private IP addresses) must convert their local addresses to global IP addresses on the NAT router to connect to the internet when communicating with the outside world.
In addition, this way of representing more private IP addresses by using a small number of global IP addresses (public network IP addresses) will help slow down the exhaustion of the available IP address space.
To know the NAT really, the use of the IP address must be known first, the private IP address refers to the IP address of the internal network or host, and the public IP address refers to the global address on the internet. RFC1918 reserves three IP address blocks for private networks as follows:
a type: 10.0.0-10.255.255.255
B type: 172.16.0.0-172.31.255.255
Class C: 192.168.0.0 to 192.168.255.255
Addresses within the above three ranges are not allocated on the internet and can therefore be freely used within a company or enterprise without applying to an ISP or a registry.
With the increasing number of computers accessing the Internet, the IP address resources are becoming more and more popular. In fact, with the exception of the computer network for education and research in China (CERNET), the average user has hardly applied for the entire segment of class C IP addresses. At other ISPs, even large lan users with hundreds of computers are assigned only a few or a dozen IP addresses when they request an IP address. Obviously, such few IP addresses cannot meet the demands of network users at all, and thus, the NAT technology is also generated.
Although NAT can be implemented with some proxy servers, it is often implemented on routers in view of computational cost and network performance.
In the conventional TCP/IP communication process, all routers only play a role of a man-in-the-middle, that is, so-called store-and-forward, and the routers do not modify the forwarded data packets, more precisely, the routers do not modify the forwarded data packets except for replacing the source MAC address with their own MAC address.
NAT (network address Translation) is an operation of rewriting a source ip address, a destination ip address, a source port, and a destination port of a packet for a special need.
For example, the source ip address of all packets from 192.168.1.0/24 is changed to 1.2.3.4: iptables-tnat-A POSTROUTING-s 192.168.1.0/24-o eth0-j SNAT-to 1.2.3.4
It should be noted here that the system does not perform SNAT until the packet is to be sent out, for example, during routing and filtering.
One special case of SNAT is ip spoofing, so-called Masquerading, which is generally recommended when dial-up is used, or when the legal ip address is not fixed. For example:
iptables-t nat-APOSTROUTING-o ppp0-j MASQUERADE
according to some embodiments, ip rule and ip route are added, for example by the following commands:
ip route ip route add default via 192.168.100.1dev wlan0
ip rule add from all lookup local/main/default
ip route add$MASK_INO dev eth0 table local_network proto static scope link
according to some embodiments, a rule that an Ethernet network card enters and then exits from a WIFI network card is added to a nat table so as to achieve intercommunication between wlan and eth networks. For example by the following commands:
iptables-t nat-A POSTROUTING-o wlan0-s 192.168.10.0/24-jMASQUERADE
and configuring the IP address and the subnet mask of the Ethernet card. For example by the following commands:
ifconfig eth0192.168.10.1netmask 255.255.255.0
according to some embodiments, a core network forwarding function is turned on. For security reasons, Linux systems default to disabling packet forwarding. Forwarding means that when a host has more than one network card, one of the network cards receives a data packet, and sends the packet to the other network card according to the destination ip address of the data packet, and the network card continues to send the data packet according to the routing table. This is typically the function that the router is to implement.
Configuring an ip forwarding function of the Linux system, firstly ensuring hardware communication, and then opening the forwarding function of the system.
cat/proc/sys/net/ipv4/ip _ forward, wherein the file content is 0, and indicates that packet forwarding is prohibited; 1 indicates permission, which is modified to1.
The file content can be modified using the command echo "1" >/proc/sys/net/ipv4/ip _ forward.
Fig. 3 shows a schematic diagram of a dual system for implementing network interworking according to an example embodiment of the present application.
Referring to fig. 3, in the dual system, an android motherboard and an OPS computer are interconnected through a usb interface, and the android motherboard may be equipped with a wlan0 wireless network interface and an eth0 ethernet interface.
The wlan0 is an external network port, namely a wire inlet; the eth0 port is an intranet port, i.e., a lan port.
The Ethernet interface corresponds to the network card, each hardware network card (one MAC) corresponds to one Ethernet interface, and the work of the Ethernet interface is completely controlled by a corresponding driving program of the network card.
If there is only one physical network card but there are eth1, eth2, etc., there may be a wireless network card or a plurality of virtual network cards, and the virtual network card is created by the system or by an application layer program and functions similar to the physical network card.
The wlan0 wireless interface is an interface corresponding to the wireless network card, and the wireless network card also needs a corresponding driver to work.
According to some embodiments, in the dual system connection manner shown in fig. 3, the specific steps for implementing network interworking are as follows.
And starting RNDIS functions of the first system and the second system. Turning on the rndis requires both windows and android systems to be turned on, taking the android system as an example, referring to fig. 2, usb gadget drivers is selected and set to < >, and the rndis is turned on, so that the usb0 port can transmit network data packets.
And enabling the nat function of the first system through IPTABLES, so that the source IP address of the data is converted between the USB interface and the Ethernet interface and/or the wireless network interface.
NAT function is enabled, and the method can comprise the following steps:
iptables-t nat-APOSTROUTING-o wlan0-j MASQUERADE
iptables-t nat-APOSTROUTING-o usb0-j MASQUERADE
iptables-t nat-APOSTROUTING-o eth0-j MASQUERADE
the existing rules of iptables are cleared, no matter whether the firewall is started during installation of Linux or not, if the firewall needs to be reconfigured, all the rules of the existing filter need to be cleared.
And clearing rules in the current data packet filtering table, namely the filter table and the nat table preset table, for example, by the following commands:
iptables-t filter/nat-F
first system IP routes and rules are defined and configured. And adding routing rules entering from the Ethernet card and exiting from the wireless network card into the nat table.
Add IP routing and IP rules, for example by the following commands:
ip route ip route add default via 192.168.100.1dev wlan0
ip rule add from all lookup local/main/default
ip route add$MASK_INO dev eth0 table local_network proto static scope link
according to some embodiments, a rule that an Ethernet network card enters and then exits from a WIFI network card is added to a nat table so as to achieve intercommunication between wlan and eth networks. For example by the following commands:
iptables-t nat-A POSTROUTING-o wlan0-s 192.168.10.0/24-jMASQUERADE
and configuring the IP address and the subnet mask of the Ethernet card. For example by the following commands:
ifconfig eth0192.168.10.1netmask 255.255.255.0
according to some embodiments, a core network forwarding function is turned on. Configuring an ip forwarding function of the Linux system, firstly ensuring hardware communication, and then opening the forwarding function of the system.
cat/proc/sys/net/ipv4/ip _ forward, wherein the file content is 0, which indicates that packet forwarding is prohibited; 1 indicates permission, which is modified to1.
The file content may be modified using the commands echo "1" >/proc/sys/net/ipv4/ip _ forward.
Fig. 4 shows a diagram of a dual system implementing network interworking according to another example embodiment of the present application.
Referring to fig. 4, in the dual system, the android motherboard and the OPS computer are interconnected through an eth0 ethernet interface, and the android motherboard is provided with a wlan0 wireless network interface and an eth0 ethernet interface.
The wlan0 is an external network port, namely a wire inlet; the eth0 port is an intranet port, i.e., a lan port.
The Ethernet interface corresponds to the network card, each hardware network card (one MAC) corresponds to one Ethernet interface, and the work of the Ethernet interface is completely controlled by a corresponding driving program of the network card.
If there is only one physical network card, but there are eth1, eth2, etc., there may be a wireless network card or a plurality of virtual network cards, and the virtual network card is created by the system or by an application layer program, and functions similar to the physical network card.
The wlan0 wireless interface is an interface corresponding to the wireless network card, and the wireless network card also needs a corresponding driver to work.
According to some embodiments, in the dual system connection manner shown in fig. 4, the specific steps for implementing network interworking are as follows.
And enabling the nat function of the first system through IPTABLES, so that the source IP address of the data is converted between the Ethernet interface and the wireless network interface.
NAT function is enabled, and the method can comprise the following steps:
iptables-t nat-APOSTROUTING-o wlan0-j MASQUERADE
iptables-t nat-APOSTROUTING-o eth0-j MASQUERADE
and clearing rules in the current data packet filtering table, namely the filter table and the nat table preset table, for example, by the following commands:
iptables-t filter/nat-F
first system IP routes and rules are defined and configured. And adding routing rules of entering from the Ethernet card and exiting from the wireless network card into the nat table.
Add IP routing and IP rules, for example by the following commands:
ip route ip route add default via 192.168.100.1dev wlan0
ip rule add from all lookup local/main/default
ip route add$MASK_INO dev eth0 table local_network proto static scope link
according to some embodiments, a rule that an Ethernet network card enters and then exits from a WIFI network card is added to a nat table so as to achieve intercommunication between wlan and eth networks. For example by the following commands:
iptables-t nat-A POSTROUTING-o wlan0-s 192.168.10.0/24-jMASQUERADE
and configuring the IP address and the subnet mask of the Ethernet card. For example by the following commands:
ifconfig eth0192.168.10.1netmask 255.255.255.0
according to some embodiments, a core network forwarding function is turned on. Configuring an ip forwarding function of the Linux system, firstly ensuring hardware connection, and then opening the forwarding function of the system.
cat/proc/sys/net/ipv4/ip _ forward, wherein the file content is 0, which indicates that packet forwarding is prohibited; 1 indicates permission, which is modified to1.
The file content may be modified using the commands echo "1" >/proc/sys/net/ipv4/ip _ forward.
Fig. 5 is a diagram illustrating a data flow of a dual system for implementing network interworking according to an exemplary embodiment of the present application.
Like the filter table, the nat table also has three default "chains" (chains), which are also regular containers:
PREROUTING: a rule for performing destination NAT can be defined here, because the router only checks the destination ip address of the packet when performing routing, so in order to correctly route the packet, we must perform destination NAT before routing.
POSTROUTING: rules for source NAT can be defined where the system executes the rules in the chain after deciding on the routing of the packet.
OUTPUT: a destination NAT rule is defined for a locally generated packet.
Referring to fig. 5, in the dual system, the data flow is as follows:
a) when a data packet enters the network card, the data packet firstly enters a PREROUTING chain, and the kernel judges whether the data packet needs to be transmitted according to the destination IP of the data packet.
b) If the packet is incoming, it will move up and down in the direction A, C to the right, reaching the INPUT chain. After the packet arrives in the INPUT chain, any process will receive it. A program running locally may send packets that go through the OUTPUT chain and then to the OUTPUT of the postoutputting chain.
c) If the packet is to be forwarded and the core allows forwarding, the packet will move to the right in direction B as shown, pass through the FORWARD chain, and then reach the output of the post output chain.
It should be clearly understood that this application describes how to make and use particular examples, but the application is not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. When the computer program is executed by the CPU, the program for executing the above-mentioned functions defined by the above-mentioned methods provided in the present application may be stored in a computer-readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to exemplary embodiments of the present application and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Through the description of the example embodiments, those skilled in the art will readily appreciate that a dual system implementing network interworking according to embodiments of the present application has at least one or more of the following advantages.
According to the embodiment, the method for defining and configuring the soft routing in the dual-system machine by replacing hardware with software does not need a switch to transfer a wifi/lan network to an ops computer, so that the number of switches and other hardware is reduced, procedures are reduced, and extra cost is reduced.
FIG. 6 shows a block diagram of an electronic device according to an example embodiment.
An electronic device 200 according to this embodiment of the present application is described below with reference to fig. 6. The electronic device 200 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the application range of the embodiments of the present application.
As shown in fig. 6, the electronic device 200 is embodied in the form of a general purpose computing device. The components of the electronic device 200 may include, but are not limited to: at least one processing unit 210, at least one memory unit 220, a bus 230 connecting different system components (including the memory unit 220 and the processing unit 210), a display unit 240, and the like.
Wherein the storage unit stores program code that can be executed by the processing unit 210 such that the processing unit 210 performs the methods according to various exemplary embodiments of the present application described herein.
The storage unit 220 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM)2201 and/or a cache memory unit 2202, and may further include a read only memory unit (ROM) 2203.
The storage unit 220 may also include a program/utility 2204 having a set (at least one) of program modules 2205, such program modules 2205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 200 may also communicate with one or more external devices 300 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 200, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 200 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 250. Also, the electronic device 200 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 260. The network adapter 260 may communicate with other modules of the electronic device 200 via the bus 230. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 200, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. The technical solution according to the embodiments of the present application may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiments of the present application.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Exemplary embodiments of the present application are specifically illustrated and described above. It is to be understood that the application is not limited to the details of construction, arrangement or method of operation set forth herein; on the contrary, the intention is to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (10)
1. A dual system for implementing network interworking, comprising: the system comprises a first system and a second system, wherein the first system and the second system are connected through a USB interface, the first system is provided with a network interface, and the first system is configured as follows:
starting the RNDIS function of the first system;
starting an IP forwarding function of the first system;
and setting the IP route and the rule of the first system.
2. The dual system of claim 1, wherein the second system is configured to:
and starting the RNDIS function of the second system.
3. The dual system of claim 1, wherein the turning on the IP forwarding function of the first system comprises:
and starting the NAT function of the first system through IPTABLES, so that the source IP address of the data realizes dynamic conversion.
4. The dual system of claim 1, wherein the setting the IP routing and rules of the first system comprises: and adding routing rules entering from the Ethernet card and exiting from the wireless network card in the NAT table.
5. The dual system of claim 4, wherein the setting up the IP routing and rules for the first system further comprises:
and clearing the current data packet filtering table of the IPTABLES and the rules in the NAT table.
6. The dual system of claim 5, wherein the setting the IP routing and rules of the first system further comprises: and starting a forwarding function of the kernel network.
7. A dual system for implementing network interworking, comprising: the system comprises a first system and a second system, wherein the first system and the second system are connected through an Ethernet interface, the first system is provided with a wireless network interface, and the first system is configured as follows:
starting an IP forwarding function of the first system;
and setting the IP route and the rule of the first system.
8. The dual system of claim 7, wherein the turning on the IP forwarding function of the first system comprises:
and starting the NAT function of the first system through IPTABLES, so that the source IP address of the data realizes dynamic conversion.
9. The dual system of claim 7, wherein the setting the IP routing and rules of the first system comprises: and adding routing rules of entering from the Ethernet card and exiting from the wireless network card in the NAT table.
10. The dual system of claim 9, wherein the setting the IP routing and rules of the first system further comprises: and starting a forwarding function of the kernel network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210136677.2A CN114598600A (en) | 2022-02-15 | 2022-02-15 | Dual system for realizing network intercommunication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210136677.2A CN114598600A (en) | 2022-02-15 | 2022-02-15 | Dual system for realizing network intercommunication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114598600A true CN114598600A (en) | 2022-06-07 |
Family
ID=81806922
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210136677.2A Pending CN114598600A (en) | 2022-02-15 | 2022-02-15 | Dual system for realizing network intercommunication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114598600A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102176704A (en) * | 2011-02-18 | 2011-09-07 | 中兴通讯股份有限公司 | Method, system and device for accessing wireless network through universal serial bus (USB) virtual network card |
| CN104333867A (en) * | 2014-12-02 | 2015-02-04 | 上海斐讯数据通信技术有限公司 | Method and device for sharing PC network by virtue of mobile phone |
| CN106817303A (en) * | 2016-12-13 | 2017-06-09 | 北京元心科技有限公司 | Share the method and system of network between personal computer and mobile device |
-
2022
- 2022-02-15 CN CN202210136677.2A patent/CN114598600A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102176704A (en) * | 2011-02-18 | 2011-09-07 | 中兴通讯股份有限公司 | Method, system and device for accessing wireless network through universal serial bus (USB) virtual network card |
| CN104333867A (en) * | 2014-12-02 | 2015-02-04 | 上海斐讯数据通信技术有限公司 | Method and device for sharing PC network by virtue of mobile phone |
| CN106817303A (en) * | 2016-12-13 | 2017-06-09 | 北京元心科技有限公司 | Share the method and system of network between personal computer and mobile device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11695591B2 (en) | In-band management interface with user space datapath | |
| US8601158B2 (en) | Virtual gateway router | |
| CN107005471B (en) | Universal customer premises equipment | |
| EP3682604A1 (en) | Remote direct memory access in computing systems | |
| TWI599300B (en) | Rack systems and methods for configuring one or more servers | |
| CN113452830B (en) | Batch control method of android cloud mobile phone, computer readable medium and electronic device | |
| JP2008504777A (en) | Virtual broadcast network for inter-domain communication | |
| US10116622B2 (en) | Secure communication channel using a blade server | |
| US10178068B2 (en) | Translating network attributes of packets in a multi-tenant environment | |
| US7467229B1 (en) | Method and apparatus for routing of network addresses | |
| CN108667779B (en) | Method and server for remotely logging in container | |
| CN114143241A (en) | Joint debugging testing method, device, equipment and medium based on Kubernetes | |
| CN107968849B (en) | Method and device for network private line connection | |
| US9473451B2 (en) | Methods, systems, and computer readable media for providing mapping information associated with port control protocol (PCP) in a test environment | |
| US20110153841A1 (en) | Operation setting method of relay apparatus, relay apparatus, and storage medium stored with program | |
| CN114598600A (en) | Dual system for realizing network intercommunication | |
| KR102595308B1 (en) | Private network access control device for allowing user terminals of internet network to access private network to execute remote service and control method thereof | |
| Nabhen et al. | Some experiences in using virtual machines for teaching computer networks | |
| US20170351558A1 (en) | Method and Apparatus for Determining System Information in a Device Having a Plurality of Processors, each Including Virtual Machines and some Located on Separate Insertable Boards | |
| Cisco | Configuring CMPC+ | |
| Langemak | Docker Networking Cookbook | |
| JP2019121910A (en) | Malware inspection support program, malware inspection support method and communication device | |
| JP7419771B2 (en) | Network system and connection method | |
| Miao et al. | Developing a virtual network environment for analyzing malicious network behavior | |
| JP6321565B2 (en) | Virtual home gateway system and communication control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |