Linux-Networking
Ubuntu 20.04 伺服器無法從外部世界訪問
我有一個 Ubuntu 伺服器,我無法從外部機器訪問伺服器。我試圖通過 ssh 連接到 Ubuntu 機器,但它似乎所有請求都被丟棄或沒有到達。我沒有設置任何特殊的路由或 ip 配置。
子網如下所示:
router | ---------+-------------------- | | | | Ubuntu raspberry raspberry raspberry首先我通過vpn進入網路,然後我想登錄我的Ubuntu機器但我不能這樣做,所以我嘗試訪問覆盆子,當我看到我可以進入我嘗試的覆盆子時從覆盆子 ssh 到我的 Ubuntu 伺服器,它工作。
從路由器我看到所有的機器。
任何人都可以在不訪問其中一個樹莓的情況下幫助我訪問我的 Ubuntu 伺服器嗎?
sudo iptables-保存
# Generated by iptables-save v1.8.4 on Fri Sep 11 07:58:24 2020 *nat :PREROUTING ACCEPT [60337:4082282] :INPUT ACCEPT [5:300] :OUTPUT ACCEPT [4920:342818] :POSTROUTING ACCEPT [4920:342818] :OUTPUT_direct - [0:0] :POSTROUTING_ZONES - [0:0] :POSTROUTING_direct - [0:0] :POST_public - [0:0] :POST_public_allow - [0:0] :POST_public_deny - [0:0] :POST_public_log - [0:0] :POST_public_post - [0:0] :POST_public_pre - [0:0] :PREROUTING_ZONES - [0:0] :PREROUTING_direct - [0:0] :PRE_public - [0:0] :PRE_public_allow - [0:0] :PRE_public_deny - [0:0] :PRE_public_log - [0:0] :PRE_public_post - [0:0] :PRE_public_pre - [0:0] -A PREROUTING -j PREROUTING_direct -A PREROUTING -j PREROUTING_ZONES -A OUTPUT -j OUTPUT_direct -A POSTROUTING -j POSTROUTING_direct -A POSTROUTING -j POSTROUTING_ZONES -A POSTROUTING_ZONES -o eno1 -g POST_public -A POSTROUTING_ZONES -g POST_public -A POST_public -j POST_public_pre -A POST_public -j POST_public_log -A POST_public -j POST_public_deny -A POST_public -j POST_public_allow -A POST_public -j POST_public_post -A PREROUTING_ZONES -i eno1 -g PRE_public -A PREROUTING_ZONES -g PRE_public -A PRE_public -j PRE_public_pre -A PRE_public -j PRE_public_log -A PRE_public -j PRE_public_deny -A PRE_public -j PRE_public_allow -A PRE_public -j PRE_public_post COMMIT # Completed on Fri Sep 11 07:58:24 2020 # Generated by iptables-save v1.8.4 on Fri Sep 11 07:58:24 2020 *mangle :PREROUTING ACCEPT [78641:5937844] :INPUT ACCEPT [78611:5935350] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [46644:3913664] :POSTROUTING ACCEPT [46670:3916660] :FORWARD_direct - [0:0] :INPUT_direct - [0:0] :OUTPUT_direct - [0:0] :POSTROUTING_direct - [0:0] :PREROUTING_ZONES - [0:0] :PREROUTING_direct - [0:0] :PRE_public - [0:0] :PRE_public_allow - [0:0] :PRE_public_deny - [0:0] :PRE_public_log - [0:0] :PRE_public_post - [0:0] :PRE_public_pre - [0:0] -A PREROUTING -j PREROUTING_direct -A PREROUTING -j PREROUTING_ZONES -A INPUT -j INPUT_direct -A FORWARD -j FORWARD_direct -A OUTPUT -j OUTPUT_direct -A POSTROUTING -j POSTROUTING_direct -A PREROUTING_ZONES -i eno1 -g PRE_public -A PREROUTING_ZONES -g PRE_public -A PRE_public -j PRE_public_pre -A PRE_public -j PRE_public_log -A PRE_public -j PRE_public_deny -A PRE_public -j PRE_public_allow -A PRE_public -j PRE_public_post COMMIT # Completed on Fri Sep 11 07:58:24 2020 # Generated by iptables-save v1.8.4 on Fri Sep 11 07:58:24 2020 *raw :PREROUTING ACCEPT [78642:5937896] :OUTPUT ACCEPT [46646:3914420] :OUTPUT_direct - [0:0] :PREROUTING_ZONES - [0:0] :PREROUTING_direct - [0:0] :PRE_public - [0:0] :PRE_public_allow - [0:0] :PRE_public_deny - [0:0] :PRE_public_log - [0:0] :PRE_public_post - [0:0] :PRE_public_pre - [0:0] -A PREROUTING -j PREROUTING_direct -A PREROUTING -j PREROUTING_ZONES -A OUTPUT -j OUTPUT_direct -A PREROUTING_ZONES -i eno1 -g PRE_public -A PREROUTING_ZONES -g PRE_public -A PRE_public -j PRE_public_pre -A PRE_public -j PRE_public_log -A PRE_public -j PRE_public_deny -A PRE_public -j PRE_public_allow -A PRE_public -j PRE_public_post COMMIT # Completed on Fri Sep 11 07:58:24 2020 # Generated by iptables-save v1.8.4 on Fri Sep 11 07:58:24 2020 *security :INPUT ACCEPT [19038:1906726] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [47400:3969196] :FORWARD_direct - [0:0] :INPUT_direct - [0:0] :OUTPUT_direct - [0:0] -A INPUT -j INPUT_direct -A FORWARD -j FORWARD_direct -A OUTPUT -j OUTPUT_direct COMMIT # Completed on Fri Sep 11 07:58:24 2020 # Generated by iptables-save v1.8.4 on Fri Sep 11 07:58:24 2020 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [30649:2765745] :FORWARD_IN_ZONES - [0:0] :FORWARD_OUT_ZONES - [0:0] :FORWARD_direct - [0:0] :FWDI_public - [0:0] :FWDI_public_allow - [0:0] :FWDI_public_deny - [0:0] :FWDI_public_log - [0:0] :FWDI_public_post - [0:0] :FWDI_public_pre - [0:0] :FWDO_public - [0:0] :FWDO_public_allow - [0:0] :FWDO_public_deny - [0:0] :FWDO_public_log - [0:0] :FWDO_public_post - [0:0] :FWDO_public_pre - [0:0] :INPUT_ZONES - [0:0] :INPUT_direct - [0:0] :IN_public - [0:0] :IN_public_allow - [0:0] :IN_public_deny - [0:0] :IN_public_log - [0:0] :IN_public_post - [0:0] :IN_public_pre - [0:0] :OUTPUT_direct - [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -j INPUT_direct -A INPUT -j INPUT_ZONES -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -j FORWARD_direct -A FORWARD -j FORWARD_IN_ZONES -A FORWARD -j FORWARD_OUT_ZONES -A FORWARD -m conntrack --ctstate INVALID -j DROP -A FORWARD -j REJECT --reject-with icmp-host-prohibited -A OUTPUT -o lo -j ACCEPT -A OUTPUT -j OUTPUT_direct -A FORWARD_IN_ZONES -i eno1 -g FWDI_public -A FORWARD_IN_ZONES -g FWDI_public -A FORWARD_OUT_ZONES -o eno1 -g FWDO_public -A FORWARD_OUT_ZONES -g FWDO_public -A FWDI_public -j FWDI_public_pre -A FWDI_public -j FWDI_public_log -A FWDI_public -j FWDI_public_deny -A FWDI_public -j FWDI_public_allow -A FWDI_public -j FWDI_public_post -A FWDI_public -p icmp -j ACCEPT -A FWDO_public -j FWDO_public_pre -A FWDO_public -j FWDO_public_log -A FWDO_public -j FWDO_public_deny -A FWDO_public -j FWDO_public_allow -A FWDO_public -j FWDO_public_post -A INPUT_ZONES -i eno1 -g IN_public -A INPUT_ZONES -g IN_public -A IN_public -j IN_public_pre -A IN_public -j IN_public_log -A IN_public -j IN_public_deny -A IN_public -j IN_public_allow -A IN_public -j IN_public_post -A IN_public -p icmp -j ACCEPT -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT COMMIT # Completed on Fri Sep 11 07:58:24 2020
我已經解決了這個問題,將 /etc/netplan/01-network-all.yaml 文件修改為以下內容:
network: version: 2 renderer: networkd ethernets: eno1: addresses: - local ip/24 gateway4: gateway ip nameservers: addresses: - 8.8.8.8 - 8.8.4.4之後我執行了以下命令:
sudo netplan --debug generate sudo netplan apply reboot