Centos7

OpenVZ(CentOS 7)之前工作時無法訪問網際網路

  • January 28, 2021

這裡有一個奇怪的問題……我正在使用 OpenVZ 並且有 3 個容器。我的設置工作了 3 年,昨天發生了一些事情,我似乎無法在一個容器上找到問題。其他 2 個按預期工作。

這是我的 openvz 設置

[root@node1 ~]# vzlist -a
     CTID      NPROC STATUS    IP_ADDR         HOSTNAME
      101        133 running   67.212.65.43    serveur1.***.com
      102        139 running   67.212.65.44    serveur2.***.com
      103        187 running   67.212.65.45    serveur3.***.com

有故障的容器位於 67.212.65.43 其他 2 個工作正常 我的供應商告訴我,從 67.212.65.43 開始一切正常

[root@node1 ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
67.212.65.44    0.0.0.0         255.255.255.255 UH    0      0        0 venet0
67.212.65.45    0.0.0.0         255.255.255.255 UH    0      0        0 venet0
67.212.65.46    0.0.0.0         255.255.255.255 UH    0      0        0 venet0
67.212.65.43    0.0.0.0         255.255.255.255 UH    0      0        0 venet0
67.212.65.40    0.0.0.0         255.255.255.248 U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         67.212.65.41    0.0.0.0         UG    0      0        0 eth0

我可以通過鍵入以下內容進入有故障的容器:

vzctl 輸入 101

這是我嘗試過的:

[root@serveur1 /]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms

[root@serveur1 /]# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
send: Operation not permitted

[root@serveur1 /]# nslookup 8.8.8.8
;; connection timed out; no servers could be reached

我試著做一個 iptables -F 但這並沒有解決任何問題。目前的規則是:

[root@serveur1 etc]# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination

Chain ALLOWIN (0 references)
target     prot opt source               destination

Chain ALLOWOUT (0 references)
target     prot opt source               destination

Chain DENYIN (0 references)
target     prot opt source               destination

Chain DENYOUT (0 references)
target     prot opt source               destination

Chain INVALID (0 references)
target     prot opt source               destination

Chain INVDROP (0 references)
target     prot opt source               destination

Chain LOCALINPUT (0 references)
target     prot opt source               destination

Chain LOCALOUTPUT (0 references)
target     prot opt source               destination

Chain LOGDROPIN (0 references)
target     prot opt source               destination

Chain LOGDROPOUT (0 references)
target     prot opt source               destination

Chain cpanel-dovecot-solr (0 references)
target     prot opt source               destination

Chain f2b-sshd (0 references)
target     prot opt source               destination

我開始檢查我的伺服器網路配置……但就像我說的,它執行了 3 年……我是迷路之王,需要幫助找到問題。

解析.conf:

由網路管理器生成

名稱伺服器 8.8.8.8 名稱伺服器 8.8.4.4

如果配置

[root@serveur1 etc]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
       inet 127.0.0.1  netmask 255.0.0.0
       inet6 ::1  prefixlen 128  scopeid 0x10<host>
       loop  txqueuelen 0  (Local Loopback)
       RX packets 60  bytes 4200 (4.1 KiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 60  bytes 4200 (4.1 KiB)
       TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
       inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination 127.0.0.1
       unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)
       RX packets 45325  bytes 2970128 (2.8 MiB)
       RX errors 0  dropped 0  overruns 0  frame 0
       TX packets 51  bytes 14395 (14.0 KiB)
       TX errors 0  dropped 2 overruns 0  carrier 0  collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
       inet 67.212.65.43  netmask 255.255.255.255  broadcast 67.212.65.43  destination 67.212.65.43
       unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)

一切似乎都設置正確……讓我知道您需要哪些額外資訊,我將發布編輯。

好的,所以我找到了解決此問題的方法。刷新 iptables 的規則後,我需要像這樣重新創建它們:

iptables -P INPUT ACCEPT
iptables -F OUTPUT
iptables -F FORWARD

之後,伺服器再次開始響應。如果將來有人遇到該錯誤,希望這會有所幫助。

引用自:https://serverfault.com/questions/940796