R2D 作为二级路由开放 SMB 端口供WAN口资源访问

yxbinghe Daily
在你的 smb.conf 配置中,有两行关键限制锁死了访问权限:
  1. interfaces = br-lan:Samba 只在 LAN 口(内网)监听。
  2. bind interfaces only = yes:强制只绑定上述接口,拒绝来自 WAN 口(10.10.100.252)的所有请求。
由于小米路由器的 /etc/samba/smb.conf 是重启即还原的,你必须修改其配置模板。请按以下步骤操作:
第一步:修改 Samba 配置模板
执行命令编辑模板文件:
vi /etc/samba/smb.conf.template
在文件中找到以下两行并进行修改(按 i 进入编辑模式):
  •  interfaces = br-lan 修改为:
    interfaces = br-lan eth0.2
    (注:请先执行 ifconfig 确认你的 WAN 口名称,如果是 R2D 拨号通常是 eth0.2  eth1,如果不确定,可以直接改为 interfaces = 0.0.0.0 监听所有网口)
  •  bind interfaces only = yes 修改为:
    bind interfaces only = no
 Esc 键,输入 :wq 保存退出。
第二步:重启 Samba 服务
执行以下命令让配置生效:
bash
/etc/init.d/samba restart
請謹慎使用程式碼。

验证: 再次执行 netstat -nlp | grep smbd
如果看到地址变为 0.0.0.0:445(代表监听所有接口),说明第一关过了。
第三步:检查防火墙拦截 (Firewall)
即使 Samba 开始监听 WAN 口,小米自带的防火墙策略可能还在拦截 445 端口。
  1. 编辑防火墙配置:vi /etc/config/firewall
  2. 确保你之前添加的 Allow-SMB-WAN 规则在里面,且 dest_port 包含 445
  3. 特别注意:检查 config zone 中名为 wan 的区域,确保其 input 策略。为了测试,可以临时将其改为 ACCEPT
    text
    config zone
    option name 'wan'
    option input 'ACCEPT'
    ...
    請謹慎使用程式碼。

  4. 重启防火墙:/etc/init.d/firewall restart
第四步:从另一台设备访问
在同级路由(10.10.100.253)下的电脑上:
  1. 按下 Win + R
  2. 输入 \\10.10.100.252 并回车。
  3. 如果提示输入账号密码,由于你的配置里有 guest ok = yes,通常可以直接登录。
关键排查点:
如果依然无法访问,请在 R2D 上执行 ifconfig,确认 WAN 口对应的网卡名称(比如是 eth0.2 还是 eth1),这决定了第一步中 interfaces 应该填什么。
请问执行 ifconfig 后,获取到 10.10.100.252 的那个网卡名称具体是什么?

root@XiaoQiang:~# /etc/init.d/samba restart
5
2
root@XiaoQiang:~# netstat -nlp | grep smbd
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 0 15676/smbd
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 0 15676/smbd
tcp 0 0 :::139 :::* LISTEN 0 0 15676/smbd
tcp 0 0 :::445 :::* LISTEN 0 0 15676/smbd
root@XiaoQiang:~# /etc/init.d/samba restart
5
2
root@XiaoQiang:~# cat /etc/samba/smb.conf | grep interfaces
interfaces = br-lan eth0.2
bind interfaces only = no
root@XiaoQiang:~# ifconfig
br-lan Link encap:Ethernet HWaddr F0:B4:29:19:28:E8
inet addr:192.168.31.254 Bcast:192.168.31.255 Mask:255.255.255.0
inet6 addr: fe80::f2b4:29ff:fe19:28e8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:166251 errors:0 dropped:0 overruns:0 frame:0
TX packets:269620 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:42117770 (40.1 MiB) TX bytes:204943811 (195.4 MiB)

edge0 Link encap:Ethernet HWaddr 32:00:5F:69:A4:E6
inet addr:10.11.69.228 Bcast:10.11.69.255 Mask:255.255.255.0
inet6 addr: fe80::3000:5fff:fe69:a4e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1290 Metric:1
RX packets:67724 errors:0 dropped:0 overruns:0 frame:0
TX packets:48230 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:4988575 (4.7 MiB) TX bytes:4556435 (4.3 MiB)

eth0 Link encap:Ethernet HWaddr F0:B4:29:19:28:E8
inet6 addr: fe80::f2b4:29ff:fe19:28e8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:855234 errors:0 dropped:0 overruns:0 frame:0
TX packets:805253 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:633973955 (604.6 MiB) TX bytes:708225389 (675.4 MiB)
Interrupt:179 Base address:0x4000

eth0.1 Link encap:Ethernet HWaddr F0:B4:29:19:28:E8
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:255699 errors:0 dropped:0 overruns:0 frame:0
TX packets:269236 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:57735382 (55.0 MiB) TX bytes:206164134 (196.6 MiB)

eth0.2 Link encap:Ethernet HWaddr F0:B4:29:19:28:E8
inet addr:10.10.100.252 Bcast:10.10.100.255 Mask:255.255.255.248
inet6 addr: fe80::f2b4:29ff:fe19:28e8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:599521 errors:0 dropped:0 overruns:0 frame:0
TX packets:203373 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:567611149 (541.3 MiB) TX bytes:34743059 (33.1 MiB)

ifb0 Link encap:Ethernet HWaddr 1A:7F:DE:E1:3E:04
inet6 addr: fe80::187f:deff:fee1:3e04/64 Scope:Link
UP BROADCAST RUNNING NOARP MTU:1500 Metric:1
RX packets:600957 errors:0 dropped:5 overruns:0 frame:0
TX packets:600952 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:569823550 (543.4 MiB) TX bytes:564170057 (538.0 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:148097 errors:0 dropped:0 overruns:0 frame:0
TX packets:148097 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:33351093 (31.8 MiB) TX bytes:33351093 (31.8 MiB)

wl0 Link encap:Ethernet HWaddr F0:B4:29:19:28:EA
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6127 errors:0 dropped:0 overruns:0 frame:1941342
TX packets:54617 errors:2 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1111666 (1.0 MiB) TX bytes:62805602 (59.8 MiB)
Interrupt:163

wl1 Link encap:Ethernet HWaddr F0:B4:29:19:28:E9
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3585 errors:0 dropped:0 overruns:0 frame:231280
TX packets:74219 errors:2 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:802971 (784.1 KiB) TX bytes:18999771 (18.1 MiB)
Interrupt:169

wl1.3 Link encap:Ethernet HWaddr F2:B4:29:19:28:EC
inet addr:169.254.29.1 Bcast:169.254.29.255 Mask:255.255.255.0
inet6 addr: fe80::f0b4:29ff:fe19:28ec/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:231280
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

root@XiaoQiang:~#

版权声明:
作者:yxbinghe
链接:https://www.zhanhao.ch/?p=635
来源:ice.99
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>