3个有用的树莓派网络项目

2021-01-29 10:13:04 浏览数 (1)

尽管树莓派是全世界电脑爱好者的挚爱伴侣,但它没有得到足够的赞誉。事实上,各种类型的单板计算机都没有得到应有的效果——我只是碰巧有一个树莓派。正是在对我树莓派所在的空间角落里匆匆瞥一眼,完成了我分配的任务,我才考虑我想的更高级的项目。

我可能需要一段时间才能处理这些宏伟的设计。但下一步完成愿望的最好事情是分享它们。这里的想法是草稿,而不是蓝图,但它们会产生一张粗略的图片。

我还应该指出,这些项目都在其蓝图中包含Linux(我知道令人震惊)。由于这是初步阶段,我们现在可以将具体的分配留白。不过,你可以放心,我们可能运行树莓派的任何服务都需要依靠在 Linux 基础上。

如果你没有号码,你就不能给家里打电话

以下三个项目中有两个需要服务器配置——由于服务器在更广泛的互联网上访问时非常有用,这也需要一些网络修补。具体来说,无论何时你想从外部访问自己的私人网络,你都需要确定面向互联网的IP地址和端口。

首先,弄清楚你的IP地址是什么,在广域网(WAN)上是动态的还是静态的。为了我们的目标,将我们的广域网看作互联网。如果你的广域网IP是静态的,那就太好了。它总是一样(只要你按时支付ISP),所以你可以开始处理端口。

但是,如果你的广域网IP是动态的,这意味着它会定期更改,因此还有其他步骤。你需要为其注册一个域,然后获得全球DNS基础设施来遵循这一点。放松!简而言之,这涉及注册域名,就像你注册网站一样,但将其设置为你家庭的广域网IP地址。

但是,如果你的广域网IP地址不断更改,这如何解决任何问题?

使用一个名为动态DNS(DDNS)的特殊DNS条目,一旦你将路由器与域关联,它将随着路由器的广域网IP的变化而自动更新自己。这样,你的域将始终指向当前分配给路由器的任何广域网 IP。

当你想从互联网访问局域网时,输入域名而不是输入IP地址。然后DNS将其解析到你的广域网IP,这样就万事俱备了。任何进一步的细节都超出了本文的范围,但这就是要点。

无论你选择哪种IP冒险,你都必须决定在路由器的广域网IP上打开哪些端口。如果我们将IP地址比作邮政地址,请将端口视为单元号。基本上,你的树莓派将通过你的网络上,其服务会打开任何它需要的端口,你的路由器将该树莓派端口映射到路由器面向广域网的端口之一。如果你在广域网IP(路由器)上点击了正确的端口,路由器将把流量传递给局域网上关联端口上的树莓派。恰如其分,这被称为“端口映射”或“端口转发”。

例如,假设你的路由器在广域网上是5.6.7.8。假设你的路由器的局域网 IP 是 192.168.1.1,而 树莓派 的局域网 IP 是 192.168.1.37。如果你想从地球上任何地方将SSH放入树莓派中,你会在192.168.1.37上设置端口22正常打开。然后,你的路由器将192.168.1.37上的端口22映射到(例如)其广域网IP(5.6.7.8)上的端口2222。

再说一遍,它还有很多,但本质上这就是 树莓派 网络配置的方式。

到筹划阶段

随着准备工作的完成,让我们做一些树莓派的图谱

1.VPN服务器

我的树莓派实验列表的首位是创建一个 VPN 服务器。当你可以免费通过时,为什么要为云VPN付费?不管怎样,我们大多数人都会把最好的东西,无论是物理的还是数字的,都留在家里。一旦你输入家庭VPN,你可以访问媒体文件、备份或局域网上的其他任何东西。

在这种安排中,你的树莓派是 VPN 服务器,你想要连接到它的最终用户设备,例如笔记本电脑或移动设备,是客户端。你的树莓派驻留在局域网上,路由器将 树莓派 VPN 端口映射到其广域网 IP 上的端口。拨开你家的IP和端口,出示所需的密钥,你将打开一条加密线路返回总部。

2.透明的VPN代理

这个项目是唯一的,因为它不提供服务(服务器也不提供服务),但它方便了现有服务的使用。当转换为透明的VPN代理时,你的树莓派将成为便携式安全设备,自动为你的其他设备提供 VPN 保护。

要构建透明代理,首先你需要确保你的树莓派有两个无线接口。树莓派机型最多只有一个无线接口,因此你必须至少用一台连接USB 的无线设备。其次,你需要VPN的服务。如果你的VPN是上面描述的服务器,我想你需要另一个树莓派。

透明的VPN代理旨在解决对网络的信任不足,无法直接将最终用户设备连接到它,但仍然需要连接的问题。本质上,代理设备通过在不受信任的网络和最终用户设备之间进行干预来做到这一点,然后通过你选择的VPN路由最终用户设备。这使得携带纯加密流量的不受信任的网络。

要做到这一点,请将树莓派配置为接入点 (AP) 和 VPN 客户端。它的AP是用来做什么的?可疑的网络。它作为VPN客户端的作用与你预期一样工作,其流量加密到VPN服务器。

当你的最终用户设备连接到树莓派AP 时,就会发生有趣的事情。由于树莓派的流量是最终用户设备的流量(与典型的 AP 一样),并且树莓派的流量也是加密的,因此你的最终用户设备流量是经过了传输加密的。但是,你无需更改最终用户设备上的任何设置即可获得加密。你的笔记本电脑或移动设备只是认为它处于正常网络上。更好的是,它从未与粗略的网络互动过。很巧妙,是吧?

3.文件存储服务器

我们回到服务器模式,所以网络先决条件又恢复了。

树莓派文件存储服务器可以代替云存储,同时提供额外的特权。一般概念是,与VPN一样,它位于你的局域网上,其文件服务端口映射到路由器广域网IP上的端口。然后,你将家庭路由器的IP和端口,加上服务器用户名和密码,输入网络存储客户端程序,从而打开存储的文件库,从而访问文件服务器。

运行你自己的网络文件存储的优势是巨大的。首先,你可以存储更多的数据。想要更多的空间吗?附加更大的硬盘驱动器。另一方面,你拥有基础设备。你不是将数据委托给某家公司,而是委托给你自己的硬件和开源软件——而且成本要低得多。你真的只把一次性成本投入到树莓派和硬盘驱动器中,然后只付电费。

一切就绪,开始,启动!

这些甚至不是我为我的树莓派制定的所有计划,但它们是我最兴奋的,我认为其他人可能会发现最有趣的方案。当我开始做这些事情时,你肯定会知道,因为我肯定会分享我的发现。在那之前,我希望这些能给你关于树莓派的思考。

原文题目:3 Helpful Networking Projects for Your Raspberry Pi

原文:In spite of being a beloved companion to computer hobbyists the world over, the Raspberry Pi doesn't get enough credit. In fact, single-board computers of all stripes haven't gotten their due -- I just happen to have a Raspberry Pi. It was upon casting a stray glance into the corner of my room where my Pi is, churning away on the previous task I assigned it, that I pondered all the loftier projects I have in mind for it.

It will probably be a while before I tackle those grand designs. But the next best thing to following my dreams is to share them. The ideas here are charcoal sketches, not full illustrations, but they yield a rough picture.

I should also note that these projects all contain Linux in their blueprints (shocking, I know). As this is the preliminary stage, we can leave the exact distribution blank for now. You can safely trust, though, that any services we might need our Pi to run will fasten flush onto a Linux base.

You Can't Phone Home if You Don't Have the Number

Two of the three projects below will require server configuration -- and because servers are most useful when accessible on the wider Internet, this also entails some network tinkering. Specifically, whenever you want to reach your own private network from the outside, you will need to nail down the IP address and ports on the Internet-facing side.

First, figure out what your IP address is and whether it is dynamic or static on the wide area network (WAN). For our purposes, treat our WAN as the Internet. If your WAN IP is static, great. It will always be the same (as long as you pay your ISP on time), so you can start working on ports.

However, if your WAN IP is dynamic, meaning it changes periodically, there are additional steps. You will need to register a domain for it, and then get the global DNS infrastructure to honor that. Easy! In a nutshell, this involves registering a domain, like you would for a website, but setting it to your home's WAN IP address.

But if your WAN IP address constantly changes how does this solve anything?

With a special DNS entry called Dynamic DNS (DDNS), once you associate your router with your domain, it will automatically update itself as your router's WAN IP changes. This way, your domain will always point to whatever WAN IP is currently assigned to your router.

When you want to access your LAN from the Internet, instead of entering an IP address you would input your domain. DNS then resolves it to your WAN IP, and you're all set. Any further detail is beyond the scope of this article, but that's the gist.

No matter which IP adventure you chose, you then have to decide what ports to open on your router's WAN IP. If we liken IP addresses to postal addresses, think of ports as unit numbers. Basically, your Pi will sit on your network with its service opening up whichever of its own ports it needs, and your router will map that Pi port to one of the router's WAN-facing ports. If you hit the right port on your WAN IP (the router), your router will pass the traffic to your Pi, on its associated port, on the LAN. Appropriately enough, this is called "port mapping" or "port forwarding."

For example, imagine your router is 5.6.7.8 on the WAN. Let's say your router's LAN IP is 192.168.1.1 and your Pi's LAN IP is 192.168.1.37. If you wanted to SSH into your Pi from anywhere on the planet, you would set port 22 on 192.168.1.37 to be open as normal. Your router would then map port 22 on 192.168.1.37 to (for instance) port 2222 on its WAN IP, 5.6.7.8.

Again, there's a lot more to it, but that's essentially how network configuration for your Pi goes.

To the Drawing Board

With our prep work out of the way, let's cook up some Pi recipes.

1. VPN Server

At the top of my list of Pi experiments is creating a VPN server. Why pay for a cloud VPN when you can tunnel home for free? Most of us leave our best stuff, physical and digital, at home anyway. Once you punch into your home VPN, you can access media files, backups, or anything else squirreled on your LAN.

In this arrangement, your Pi is the VPN server, and the end-user devices you want to connect to it, e.g. laptops or mobile devices, are the clients. Your Pi resides on your LAN, with your router mapping the Pi VPN port to a port on its WAN IP. Dial your home's IP and port, present the required key, and you will open an encrypted line back to home base.

2. Transparent VPN Proxy

This project is unique because it doesn't provide a service (and so isn't a server), but it facilitates the use of an existing service. When converted to a transparent VPN proxy, your Pi becomes a portable security device that automatically confers VPN protection on your other devices.

To build your transparent proxy, first you will need to ensure that your Pi has two wireless interfaces. Pi models come with, at most, one wireless interface, so you'll have to pick up at least one USB-connected wireless device. Second, you'll need a VPN service. If your VPN was the server described above, I guess you'll need another Pi.

A transparent VPN proxy is designed to solve the problem of not trusting a network enough to connect your end-user devices directly to it, but still needing connectivity. In essence, the proxy device does so by interposing itself between the untrusted network and end-user device, and then routes the end-user device through your VPN of choice. This leaves the untrusted network carrying purely encrypted traffic.

To pull this off, you configure your Pi as an access point (AP) and as a VPN client. What is it an AP for? The suspect network. Its role as a VPN client works as you would expect, with its traffic encrypted to the VPN server.

The interesting stuff happens when your end-user device connects to the Pi AP. Because the Pi's traffic is the end-user device's traffic (as with typical APs), and the Pi's traffic is also encrypted, your end-user device traffic is transitively encrypted. But you get that encryption without altering any settings on the end-user device. Your laptop or mobile device just thinks it's on a normal network. Even better, at no point has it ever interacted with the sketchy network. Neat trick, huh?

3. File Storage Server

We're back to server mode here, so the networking prerequisites are back in force.

A Pi file storage server can stand in for cloud storage while offering added perks. The general concept is that, like with the VPN, it lives on your LAN with its file service port mapped to a port on your router's WAN IP. You then access the file server by punching in your home router's IP and port, plus the server username and password, into your network storage client program and you throw open your vault of stashed files.

The advantages of running your own networked file storage are substantial. For one thing, you can store way more data. Want more space? Attach a bigger hard drive. For another, you own the infrastructure. You're not entrusting your data to some company, but to your own hardware and open-source software -- and it costs much less. You really only sink one-time costs into the Pi and hard drive, and just pay for electricity.

On Your Mark, Get Set, Boot!

Those aren't even all the schemes I've concocted for my Pi, but they are the ones I'm most excited about and that I thought others might find most intriguing. You'll definitely know when I get around to these, since I'm certain to share my findings. Until then, I hope these give you raspberry-flavored food for thought. 

0 人点赞