Networking
使用靜態 IP 的“沒有到主機的路由”。可以ping通
我剛剛從 DigitalOcean 配置了一個新伺服器。除了將 ssh 埠從 22 更改為 2202 之外,我認為我沒有對伺服器的網路配置進行任何更改,但是突然之間我無法通過 ssh 進入伺服器。我最初能夠在埠 2202 上使用 ssh 登錄幾次
請讓我知道這個問題是否有更好的 StackExchange
$ ssh -p 2202 user@159.89.x.x ssh: connect to host 159.89.x.x port 2202: No route to host
我可以ping伺服器
$ ping 159.89.x.x PING 159.89.x.x (159.89.x.x) 56(84) bytes of data. 64 bytes from 159.89.x.x: icmp_seq=1 ttl=56 time=30.0 ms 64 bytes from 159.89.x.x: icmp_seq=2 ttl=56 time=29.7 ms 64 bytes from 159.89.x.x: icmp_seq=3 ttl=56 time=29.9 ms --- 159.89.x.x ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 29.756/29.932/30.083/0.134 ms
我關閉了除乙太網連接之外的所有網路配置
$ ifconfig eth0 Link encap:Ethernet HWaddr 90:2b:34:d6:e1:d5 inet addr:192.168.0.8 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::737e:c4b0:f37c:ab45/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7449 errors:0 dropped:0 overruns:0 frame:0 TX packets:139088 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6762469 (6.7 MB) TX bytes:9333612 (9.3 MB) Interrupt:18 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:1180 errors:0 dropped:0 overruns:0 frame:0 TX packets:1180 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:109431 (109.4 KB) TX bytes:109431 (109.4 KB)
這是跟踪路由
$ traceroute 159.89.x.x traceroute to 159.89.x.x (159.89.x.x), 30 hops max, 60 byte packets 1 192.168.0.1 (192.168.0.1) 0.455 ms 0.613 ms 0.802 ms 2 hlrn-dsl-gw09.hlrn.qwest.net (207.225.x.x) 3.641 ms 3.833 ms 4.532 ms 3 hlrn-agw1.inet.qwest.net (71.217.x.x) 4.763 ms 4.733 ms 4.734 ms 4 dvr3-brdr-01.inet.qwest.net (208.168.x.x) 4.911 ms 5.347 ms 5.131 ms 5 den-b1-link.telia.net (213.248.93.94) 5.336 ms 5.327 ms 5.764 ms 6 sjo-b21-link.telia.net (213.155.133.171) 33.313 ms 29.887 ms 29.980 ms 7 digitalocean-ic-318773-sjo-b21.c.telia.net (62.115.149.7) 29.570 ms digitalocean-ic-306499-sjo-b21.c.telia.net (62.115.45.22) 30.931 ms 30.938 ms 8 159.89.x.x (159.89.x.x) 29.617 ms !X 29.838 ms !X 29.614 ms !X
這
nmap
就是說的(我對如何有效地使用nmap非常不熟悉)$ nmap 159.89.x.x Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-20 09:34 MDT Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 0.08 seconds
和
$ nmap -Pn 159.89.x.x Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-20 09:35 MDT Nmap scan report for 159.89.x.x Host is up (0.59s latency). Not shown: 999 filtered ports PORT STATE SERVICE 22/tcp closed ssh
和
$ nmap -Pn 159.89.x.x -p 2202 Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-20 12:56 MDT Nmap scan report for 159.89.x.x Host is up (0.036s latency). PORT STATE SERVICE 2202/tcp filtered unknown Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds
從 DigitalOcean 控制台(目前訪問機器的唯一方法),我能夠成功
8.8.8.8
地curl -vL google.com
ping同樣來自 DO 控制台,
(myserver)$ ip route default via 159.89.128.1 dev eth0 10.46.0.0/16 dev eth0 proto kernel scope link src 10.46.0.5 159.89.128.0/20 dev eth0 proto kernel scope link src 159.89.x.x
由於我無法從 DO 控制台複製/粘貼,這是一張圖片
sudo iptables -nvL INPUT
您忘記在防火牆中打開埠。您需要這樣做,例如,因為您使用的是 firewalld:
firewall-cmd --add-port=2202/tcp
一旦它開始工作,就讓它成為永久的。
聽起來您可能有一個
iptables
衝突阻塞埠2202
。嘗試此過程作為測試,看看您是否可以重新獲得訪問權限:iptables-save > ~/iptables.save iptables -F
然後在 port 上重新嘗試 SSH
2202
。如果這可行,您的防火牆規則需要調整,如果它不起作用,請確保您也沒有與 Digital Ocean 防火牆發生衝突。要恢復規則,請執行以下命令:
iptables-restore < ~/iptables.save