我在按照 https://wiki.archlinux.org/title/Internet_sharing_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87) 这个 wiki 配网络共享
有线网卡 eno2 的 pppoe 网络共享的 wlo1 无线网卡热点给其他设备使用
配置后的 iptables 是这样的
# Generated by iptables-save v1.8.7 on Mon Jan 10 10:52:41 2022
*mangle
:PREROUTING ACCEPT [15903:1059519]
:INPUT ACCEPT [9115:599605]
:FORWARD ACCEPT [6441:411864]
:OUTPUT ACCEPT [7046:953276]
:POSTROUTING ACCEPT [13487:1365140]
-A FORWARD -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Mon Jan 10 10:52:41 2022
# Generated by iptables-save v1.8.7 on Mon Jan 10 10:52:41 2022
*nat
:PREROUTING ACCEPT [4922:292549]
:INPUT ACCEPT [3729:190171]
:OUTPUT ACCEPT [728:55863]
:POSTROUTING ACCEPT [1574:110191]
-A POSTROUTING -o eno2 -j MASQUERADE
COMMIT
# Completed on Mon Jan 10 10:52:41 2022
# Generated by iptables-save v1.8.7 on Mon Jan 10 10:52:41 2022
*filter
:INPUT ACCEPT [1131:72435]
:FORWARD ACCEPT [1325:84720]
:OUTPUT ACCEPT [891:99934]
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eno2 -o wlo1 -j ACCEPT
COMMIT
# Completed on Mon Jan 10 10:52:41 2022
然后客户端后连接抓无线网卡的的包
10:26:19.251788 IP localhost.60341 > 17.248.165.45.https: Flags [SEW], seq 3777170305, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2659359174 ecr 0,sackOK,eol], length 0
10:26:19.483318 IP localhost.60335 > 17.188.182.132.https: Flags [S], seq 2340663921, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1650620106 ecr 0,sackOK,eol], length 0
10:26:19.501651 IP localhost.60334 > 17.248.165.18.https: Flags [S], seq 3239738140, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 560181688 ecr 0,sackOK,eol], length 0
10:26:19.503940 IP localhost.60331 > 17.248.165.4.https: Flags [S], seq 808423480, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1329634627 ecr 0,sackOK,eol], length 0
10:26:19.504796 IP localhost.60342 > 17.188.182.68.https: Flags [SEW], seq 2107145060, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 407501337 ecr 0,sackOK,eol], length 0
10:26:19.739509 IP localhost.60336 > 17.248.170.138.https: Flags [S], seq 2652166369, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 278083628 ecr 0,sackOK,eol], length 0
10:26:19.740028 IP localhost.60337 > 17.188.182.4.https: Flags [S], seq 771367321, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1158407063 ecr 0,sackOK,eol], length 0
10:26:19.937013 IP localhost.60332 > 17.248.165.47.https: Flags [S], seq 974617882, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2953579632 ecr 0,sackOK,eol], length 0
10:26:19.939985 IP localhost.60332 > 17.248.165.47.https: Flags [S], seq 974617882, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2953579632 ecr 0,sackOK,eol], length 0
10:26:19.992149 IP localhost.60338 > 17.188.183.4.https: Flags [S], seq 4141085989, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3914467971 ecr 0,sackOK,eol], length 0
10:26:19.993428 IP localhost.60339 > 17.248.165.10.https: Flags [S], seq 3596363636, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3577910077 ecr 0,sackOK,eol], length 0
10:26:19.994584 IP localhost.60329 > 17.248.165.14.https: Flags [S], seq 571160726, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3768716701 ecr 0,sackOK,eol], length 0
10:26:20.244249 IP localhost.60333 > 17.248.165.6.https: Flags [S], seq 1826949672, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1021036598 ecr 0,sackOK,eol], length 0
10:26:20.250559 IP localhost.60340 > 17.188.182.196.https: Flags [S], seq 322168669, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 3253873762 ecr 0,sackOK,eol], length 0
10:26:20.280508 IP localhost.60341 > 17.248.165.45.https: Flags [S], seq 3777170305, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 2659360180 ecr 0,sackOK,eol], length 0
10:26:20.284157 IP localhost.60330 > 17.248.165.134.https: Flags [S], seq 3507111415, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 4276677295 ecr 0,sackOK,eol], length 0
10:26:20.504139 IP localhost.60335 > 17.188.182.132.https: Flags [S], seq 2340663921, win 65535, options [mss 1460,nop,wscale 6,nop,nop,TS val 1650621111 ecr 0,sackOK,eol], length 0
全是 syn 包没有 ack ,看上去是只能出不能进的样子,请教大佬们指教 iptables 哪里出了问题