Networking

網路服務超時,每秒重啟一次

  • April 4, 2018

設置

我在 online.net 上的 debian 伺服器正在執行雙棧 ipv4/ipv6

# /etc/network/interfaces

auto lo
iface lo inet loopback

source /etc/network/interfaces.d/*

/etc/network/interfaces.d/中有2個文件

# /etc/network/interfaces.d/device-enp0s20-inet

auto enp0s20
iface enp0s20 inet dhcp

# /etc/network/interfaces.d/device-enp0s20-inet6

auto enp0s20
iface enp0s20 inet6 dhcp
 request_prefix 1
 accept_ra 2

我使用 dhclient請求我的ipv6 委派前綴

# /etc/dhcp/dhclient.conf

option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
   domain-name, domain-name-servers, domain-search, host-name,
   dhcp6.name-servers, dhcp6.domain-search, dhcp6.fqdn, dhcp6.sntp-servers,
   netbios-name-servers, netbios-scope, interface-mtu,
   rfc3442-classless-static-routes, ntp-servers;


interface "enp0s20" {                                                                                                                                                                                 
 send dhcp6.client-id XX:XX:XX:XX:XX:XX:XX:XX:XX:XX;
}

在 enp0s20 的 inet6 設置中,我想要 accept_ra=2,因為我的核心中有 net.ipv6.conf.all.forwarding=1(我打算設置一個 vpn)。

問題

每次嘗試重新啟動網路服務都會失敗。

$ sudo serving networking restart # first attempt
Job for networking.service failed because a timeout was exceeded.
See "systemctl status networking.service" and "journalctl -xe" for details.
$ sudo service networking restart # second attempt works fine (this cycles)

啟動網路服務也總是在啟動時失敗。

日誌

我啟用它以更好地了解正在發生的事情

# /etc/default/networking
VERBOSE=yes

這是我在重啟失敗時從 journalctl 得到的資訊:

Apr 03 12:38:37 boxname ifup[4135]: ifup: parsing file /etc/network/interfaces.d/device-enp0s20-inet
Apr 03 12:38:37 boxname ifup[4135]: ifup: parsing file /etc/network/interfaces.d/device-enp0s20-inet6
Apr 03 12:38:37 boxname ifup[4135]: /bin/run-parts --exit-on-error --verbose /etc/network/if-pre-up.d
Apr 03 12:38:37 boxname ifup[4135]: ifup: configuring interface enp0s20=enp0s20 (inet)
Apr 03 12:38:37 boxname ifup[4135]: /bin/run-parts --exit-on-error --verbose /etc/network/if-pre-up.d
Apr 03 12:38:37 boxname ifup[4135]: /sbin/dhclient -4 -v -pf /run/dhclient.enp0s20.pid -lf /var/lib/dhcp/dhclient.enp0s20.leases -I -df /var/lib/dhcp/dhclient6.enp0s20.leases enp0s20
Apr 03 12:38:37 boxname ifup[4135]: Internet Systems Consortium DHCP Client 4.3.5
Apr 03 12:38:37 boxname ifup[4135]: Copyright 2004-2016 Internet Systems Consortium.
Apr 03 12:38:37 boxname ifup[4135]: All rights reserved.
Apr 03 12:38:37 boxname ifup[4135]: For info, please visit https://www.isc.org/software/dhcp/
Apr 03 12:38:38 boxname ifup[4135]: Listening on LPF/enp0s20/<REDACTED>
Apr 03 12:38:38 boxname ifup[4135]: Sending on   LPF/enp0s20/<REDACTED>
Apr 03 12:38:38 boxname ifup[4135]: Sending on   Socket/fallback
Apr 03 12:38:38 boxname ifup[4135]: DHCPDISCOVER on enp0s20 to 255.255.255.255 port 67 interval 4
Apr 03 12:38:38 boxname ifup[4135]: DHCPREQUEST of 163.172.XX.XX on enp0s20 to 255.255.255.255 port 67
Apr 03 12:38:38 boxname ifup[4135]: DHCPOFFER of 163.172.XX.XX from 163.172.XX.1
Apr 03 12:38:38 boxname ifup[4135]: DHCPACK of 163.172.XX.XX from 163.172.XX.1
Apr 03 12:38:38 boxname ifup[4135]: bound to 163.172.XX.XX -- renewal in 2147483648 seconds.
Apr 03 12:38:38 boxname ifup[4135]: /bin/run-parts --exit-on-error --verbose /etc/network/if-up.d
Apr 03 12:38:38 boxname ifup[4135]: run-parts: executing /etc/network/if-up.d/000resolvconf
Apr 03 12:38:38 boxname ifup[4135]: run-parts: executing /etc/network/if-up.d/openntpd
Apr 03 12:38:38 boxname ifup[4135]: run-parts: executing /etc/network/if-up.d/openssh-server
Apr 03 12:38:38 boxname ifup[4135]: run-parts: executing /etc/network/if-up.d/upstart
Apr 03 12:38:38 boxname ifup[4135]: ifup: configuring interface enp0s20=enp0s20 (inet6)
Apr 03 12:38:38 boxname ifup[4135]: /bin/run-parts --exit-on-error --verbose /etc/network/if-pre-up.d
Apr 03 12:38:38 boxname ifup[4135]: /sbin/modprobe -q net-pf-10 > /dev/null 2>&1 || true # ignore failure.
Apr 03 12:38:38 boxname ifup[4135]: /sbin/sysctl -q -e -w net.ipv6.conf.enp0s20.accept_ra=2
Apr 03 12:38:38 boxname ifup[4135]: /bin/ip link set dev enp0s20  up
Apr 03 12:38:38 boxname ifup[4135]: /lib/ifupdown/wait-for-ll6.sh
Apr 03 12:38:39 boxname ifup[4135]: /sbin/dhclient -6 -pf /run/dhclient6.enp0s20.pid -lf /var/lib/dhcp/dhclient6.enp0s20.leases -I -P -N -df /var/lib/dhcp/dhclient.enp0s20.leases enp0s20
Apr 03 12:38:50 boxname ifup[4135]: RTNETLINK answers: Invalid argument

問題

你能幫我找出問題所在並修復它嗎?

我發現了問題!

經過一番研究,我發現dhcpv6 的工作方式是客戶端從埠 546 和伺服器從埠 547 進行通信。我添加了以下兩個 ip6tables 規則,它們使我的盒子充當客戶端:

-A INPUT -p udp --sport 547 --dport 546 -j ACCEPT
-A OUTPUT -p udp --sport 546 --dport 547 -j ACCEPT

這解決了這個問題。

之所以出現這個問題,是因為我使用了防火牆並且無意中阻止了 dhcpv6。如果您不使用防火牆,則不需要這些規則,這篇文章不是您問題的答案。

引用自:https://serverfault.com/questions/905758