确切地说,我使用 virt-install 从 ubuntu-15.10-server-amd64.iso 创建了 PXE kickstart 安装。在网络检测后,它会在尝试连接到 Canonical 服务器时挂起很长时间(我使用 tcpdump 检查了这一点)
我使用了 ISO 映像目录 install/netboot/ubuntu-installer/amd64/initrd.gz 中的内核和 initrd 以及 install/netboot/ubuntu-installer/amd64/linux 中的内核
$ sudo tcpdump -ni virbr1
listening on virbr1, link-type EN10MB (Ethernet), capture size 262144 bytes
15:45:13.795894 IP 192.168.133.164.41364 > 91.189.91.23.80: Flags [S], seq 1799080957, win 29200, options [mss 1460,sackOK,TS val 4294907400 ecr 0,nop,wscale 7], length 0
15:45:16.328835 IP 192.168.133.1.57621 > 192.168.133.255.57621: UDP, length 44
15:45:18.803981 ARP, Request who-has 192.168.133.1 tell 192.168.133.164, length 28
15:45:18.804026 ARP, Reply 192.168.133.1 is-at 52:54:00:98:08:64, length 28
15:45:45.892037 IP 192.168.133.164.41364 > 91.189.91.23.80: Flags [S], seq 1799080957, win 29200, options [mss 1460,sackOK,TS val 4294915424 ecr 0,nop,wscale 7], length 0
15:46:06.483822 IP 192.168.133.1.5353 > 224.0.0.251.5353: 0 [2q] PTR (QM)? _ipp._tcp.local. PTR (QM)? _ipps._tcp.local. (45)
15:46:23.669390 IP 192.168.133.1.57621 > 192.168.133.255.57621: UDP, length 44
15:46:50.020203 IP 192.168.133.164.37426 > 91.189.92.201.80: Flags [S], seq 2183110333, win 29200, options [mss 1460,sackOK,TS val 4294931456 ecr 0,nop,wscale 7], length 0
15:46:51.019807 IP 192.168.133.164.37426 > 91.189.92.201.80: Flags [S], seq 2183110333, win 29200, options [mss 1460,sackOK,TS val 4294931706 ecr 0,nop,wscale 7], length 0
15:46:53.023945 IP 192.168.133.164.37426 > 91.189.92.201.80: Flags [S], seq 2183110333, win 29200, options [mss 1460,sackOK,TS val 4294932207 ecr 0,nop,wscale 7], length 0
15:46:55.027790 ARP, Request who-has 192.168.133.1 tell 192.168.133.164, length 28
15:46:55.027812 ARP, Reply 192.168.133.1 is-at 52:54:00:98:08:64, length 28
15:46:57.027904 IP 192.168.133.164.37426 > 91.189.92.201.80: Flags [S], seq 2183110333, win 29200, options [mss 1460,sackOK,TS val 4294933208 ecr 0,nop,wscale 7], length 0
15:47:05.043835 IP 192.168.133.164.37426 > 91.189.92.201.80: Flags [S], seq 2183110333, win 29200, options [mss 1460,sackOK,TS val 4294935212 ecr 0,nop,wscale 7], length 0
15:47:21.059893 IP 192.168.133.164.37426 > 91.189.92.201.80: Flags [S], seq 2183110333, win 29200, options [mss 1460,sackOK,TS val 4294939216 ecr 0,nop,wscale 7], length 0
15:47:31.002757 IP 192.168.133.1.57621 > 192.168.133.255.57621: UDP, length 44
15:47:53.123970 IP 192.168.133.164.37426 > 91.189.92.201.80: Flags [S], seq 2183110333, win 29200, options [mss 1460,sackOK,TS val 4294947232 ecr 0,nop,wscale 7], length 0
IP 91.189.92.201 属于 Canonical。但是该机器位于代理后面,无法连接到互联网。这绝不是故意的。特别是在安装级别。我该如何防止这种情况发生?
答案1
如果无法连接,听起来你已经在阻止它了。如果你想让连接更快失败,那么修复你的路由器/代理/任何东西以立即断开连接,而不是等待漫长的 TCP 超时发生。如果你希望防火墙禁止外部访问,它应该丢弃/关闭对非内部地址的任何连接请求。
该 IP 是存档.ubuntu.com主存档服务器。一旦确定网络可用,安装程序就会连接到该服务器以检查安全更新。