Networking
Ping 不適用於內部介面
我有一個網關 CentOS 7,當指定介面時,它的內部介面上的 ping 沒有得到回复,這讓我認為有問題,但在 ping 到它工作時也無法在內部網路上 ping 任何東西。
ping 10.20.1.7 -I enp0s25 PING 10.20.1.7 (10.20.1.7) from 10.20.1.7 enp0s25: 56(84) bytes of data. ^C --- 10.20.1.7 ping statistics --- 52 packets transmitted, 0 received, 100% packet loss, time 50999ms它無需指定介面即可工作
ping 10.20.1.7 PING 10.20.1.7 (10.20.1.7) 56(84) bytes of data. 64 bytes from 10.20.1.7: icmp_seq=1 ttl=64 time=0.052 ms 64 bytes from 10.20.1.7: icmp_seq=2 ttl=64 time=0.029 ms ^C --- 10.20.1.7 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.029/0.040/0.052/0.013 ms或 ip 介面(感謝@Gerard H. Pille)
ping 10.20.1.7 -I 10.20.1.7 PING 10.20.1.7 (10.20.1.7) from 10.20.1.7 : 56(84) bytes of data. 64 bytes from 10.20.1.7: icmp_seq=1 ttl=64 time=0.050 ms 64 bytes from 10.20.1.7: icmp_seq=2 ttl=64 time=0.028 ms 64 bytes from 10.20.1.7: icmp_seq=3 ttl=64 time=0.040 ms ^C --- 10.20.1.7 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.028/0.039/0.050/0.010 msping 外部介面也在工作
ping 192.168.111.247 PING 192.168.111.247 (192.168.111.247) 56(84) bytes of data. 64 bytes from 192.168.111.247: icmp_seq=1 ttl=64 time=5.13 ms 64 bytes from 192.168.111.247: icmp_seq=2 ttl=64 time=0.642 ms 64 bytes from 192.168.111.247: icmp_seq=3 ttl=64 time=0.395 ms ^C --- 192.168.111.247 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 0.395/2.057/5.136/2.179 ms我還驗證了我可以
ping從內部網路中的機器獲取網關的內部和外部 IP和
ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp3s11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:02:2a:df:3a:79 brd ff:ff:ff:ff:ff:ff inet 192.168.111.247/24 brd 192.168.111.255 scope global dynamic enp3s11 valid_lft 41978sec preferred_lft 41978sec inet6 fe80::af94:9dd0:f4a9:8dcb/64 scope link valid_lft forever preferred_lft forever 3: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:19:99:5d:91:46 brd ff:ff:ff:ff:ff:ff inet 10.20.1.7/16 brd 10.20.255.255 scope global enp0s25 valid_lft forever preferred_lft forever inet6 fe80::219:99ff:fe5d:9146/64 scope link valid_lft forever preferred_lft forever
enp0s25連接內部網路和enp3s11連接外部介面
arp列出預期設備中的設備arp Address HWtype HWaddress Flags Mask Iface 192.168.111.160 ether 00:15:5d:0a:0b:25 C enp3s11 10.20.100.2 ether 2c:d4:44:a2:5a:4c C enp0s25 192.168.111.155 ether 90:1b:0e:6e:d1:3f C enp3s11 gateway ether 00:19:99:c5:f0:ad C enp3s11 10.20.1.102 (unvollständig) enp0s25 192.168.111.245 ether 00:19:99:7e:5d:81 C enp3s11 192.168.111.212 ether 52:54:00:d5:d3:6d C enp3s11防火牆似乎已正確配置為不阻止 ICMP
firewall-cmd --list-all --zone=external external (active) target: default icmp-block-inversion: no interfaces: enp3s11 sources: services: ssh ports: protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: sudo firewall-cmd --list-all --zone=internal internal (active) target: default icmp-block-inversion: no interfaces: enp0s25 sources: services: ssh mdns samba-client dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:以獲得更完整的視圖
netstat -rn輸出netstat -rn Kernel IP Routentabelle Ziel Router Genmask Flags MSS Fenster irtt Iface 0.0.0.0 192.168.111.14 0.0.0.0 UG 0 0 0 enp3s11 10.20.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp0s25 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 enp0s25 192.168.111.0 0.0.0.0 255.255.255.0 U 0 0 0 enp3s11編輯:
**這是一場瘋狂的追逐,因為內部網路中的 IP 反復出現轉錄錯誤(真實:10.20.100.x 鍵入 10.20..104)… **
現在感覺很笨
這應該關閉嗎?
如果一台機器可以 ping 網關並得到響應,我會說網路沒有完全損壞。我會考慮停止防火牆以查看它是否相關。
如果您得到回复,我暗示“在 ping 到它工作時”。那麼它似乎不是與路由相關的問題。
我的建議是首先對防火牆進行故障排除,完全禁用它。如果禁用防火牆會造成策略/安全問題,請考慮斷開外部介面。
兄弟,馬丁