Centos
OpenVZ 主機是源 IP 地址而不是實際的網路衝浪者?
我的 VPS 有問題。簡單的例子:
<?php $ip = $_SERVER['REMOTE_ADDR']; Echo "User IP : " . $ip; ?>
該程式碼應該顯示使用者 IP 地址,但它顯示的是 HN IP 地址(不是 VPS IP 地址)。
同樣,當我通過 ssh 登錄到虛擬容器時,登錄的 IP 是硬體節點的 IP。
類似的問題在這裡:OpenVZ 主機是源 IP 地址而不是實際的網路衝浪者?
這是openVZ的配置:
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.all.forwarding = 1 # Controls source route verification net.ipv4.conf.all.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 1 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Controls the maximum size of a message, in bytes kernel.msgmnb = 65536 # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 # Disable proxy arp net.ipv4.conf.default.proxy_arp = 0 # We do not want all our interfaces to send redirects net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.ip_conntrack_max=32760
IPTables 配置
[root@nod1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere all -- clienti.alba.rdsnet.ro anywhere all -- anywhere clienti.alba.rdsnet.ro all -- clienti.alba.rdsnet.ro anywhere all -- anywhere clienti.alba.rdsnet.ro all -- clienti.alba.rdsnet.ro anywhere all -- anywhere clienti.alba.rdsnet.ro Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps REJECT all -- anywhere anywhere reject-with icmp-ho
有人可以幫幫我嗎 ?另外,我不是專家,所以如果有人可以逐步解釋,我將不勝感激。
您能否粘貼您的 iptables 配置的輸出?您是否嘗試過 Jerry Tunin 建議的潛在解決方案?
iptables -t nat -L iptables -t mangle -L
好的,這就是我所做的。我已經停止了 iptables 服務,並從 /etc/sysconfig/iptables 中刪除了帶有 mangle 和 nat 的部分。按照 Adam 的指示,我已從文件 /etc/sysconfig/vz 的“## IPv4 iptables 核心模組”行部分中刪除了“iptable_mangle”。我做了:
iptables -t nat -L iptables -t mangle -L
我已經重新啟動了 iptables 服務並解決了問題。
現在我可以在伺服器日誌中查看我的私有 IP 了:D
非常感謝 Adam 指出 mangle 和 nat。
祝你好運!