Centos

OpenVZ 主機是源 IP 地址而不是實際的網路衝浪者?

  • April 24, 2011

我的 VPS 有問題。簡單的例子:

<?php $ip = $_SERVER['REMOTE_ADDR']; 
Echo "User IP : " . $ip; 
?>

該程式碼應該顯示使用者 IP 地址,但它顯示的是 HN IP 地址(不是 VPS IP 地址)。

同樣,當我通過 ssh 登錄到虛擬容器時,登錄的 IP 是硬體節點的 IP。

類似的問題在這裡:OpenVZ 主機是源 IP 地址而不是實際的網路衝浪者?

這是openVZ的配置:

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1

# Controls source route verification
net.ipv4.conf.all.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# Disable proxy arp
net.ipv4.conf.default.proxy_arp = 0
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.ip_conntrack_max=32760

IPTables 配置

[root@nod1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
          all  --  clienti.alba.rdsnet.ro  anywhere
          all  --  anywhere             clienti.alba.rdsnet.ro
          all  --  clienti.alba.rdsnet.ro  anywhere
          all  --  anywhere             clienti.alba.rdsnet.ro
          all  --  clienti.alba.rdsnet.ro  anywhere
          all  --  anywhere             clienti.alba.rdsnet.ro

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB                                                                     LISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:s                                                                     sh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:s                                                                     mtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h                                                                     ttp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:f                                                                     tp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h                                                                     ttps
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho      

有人可以幫幫我嗎 ?另外,我不是專家,所以如果有人可以逐步解釋,我將不勝感激。

您能否粘貼您的 iptables 配置的輸出?您是否嘗試過 Jerry Tunin 建議的潛在解決方案?

iptables -t nat -L
iptables -t mangle -L

好的,這就是我所做的。我已經停止了 iptables 服務,並從 /etc/sysconfig/iptables 中刪除了帶有 mangle 和 nat 的部分。按照 Adam 的指示,我已從文件 /etc/sysconfig/vz 的“## IPv4 iptables 核心模組”行部分中刪除了“iptable_mangle”。我做了:

iptables -t nat -L iptables -t mangle -L

我已經重新啟動了 iptables 服務並解決了問題。

現在我可以在伺服器日誌中查看我的私有 IP 了:D

非常感謝 Adam 指出 mangle 和 nat。

祝你好運!

引用自:https://serverfault.com/questions/167300