奇怪的是无法从服务器内部连接到域

奇怪的是无法从服务器内部连接到域

我无法连接到github.comIF,只有当我尝试从 LAN 服务器(我们称之为其 FQDN server.com)内部进行连接时才能这样做。如果我ssh server.com然后尝试,比如说curl github.com,会产生“无主机路由”类型的错误:

curl: (7) Failed to connect to github.com port 80: No route to host

有问题的服务器具有活动的 DNS (bind9)、DHCP、HTTP/s 和 SSH 服务,特别是它是 LAN 上所有机器的 DNS 解析器。请参阅帖子底部的一些有用信息。

我可以很好地连接到 GitHub任何但是,我的其他本地机器。

我该如何诊断并修复这个问题?


$ systemd-resolve github.com
github.com: 192.30.253.113
            192.30.253.112

-- Information acquired via protocol DNS in 48.2ms.
-- Data is authenticated: no

$ host -v github.com
Trying "github.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47061
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 13, ADDITIONAL: 2

;; QUESTION SECTION:
;github.com.            IN  A

;; ANSWER SECTION:
github.com.     8   IN  A   192.30.253.113
github.com.     8   IN  A   192.30.253.112

;; AUTHORITY SECTION:
.           513652  IN  NS  a.root-servers.net.
.           513652  IN  NS  d.root-servers.net.
.           513652  IN  NS  k.root-servers.net.
.           513652  IN  NS  j.root-servers.net.
.           513652  IN  NS  c.root-servers.net.
.           513652  IN  NS  f.root-servers.net.
.           513652  IN  NS  h.root-servers.net.
.           513652  IN  NS  g.root-servers.net.
.           513652  IN  NS  b.root-servers.net.
.           513652  IN  NS  i.root-servers.net.
.           513652  IN  NS  e.root-servers.net.
.           513652  IN  NS  l.root-servers.net.
.           513652  IN  NS  m.root-servers.net.

;; ADDITIONAL SECTION:
E.ROOT-SERVERS.NET. 133062  IN  AAAA    2001:500:a8::e
G.ROOT-SERVERS.NET. 483477  IN  AAAA    2001:500:12::d0d

Received 347 bytes from 127.0.0.1#53 in 0 ms
Trying "github.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37084
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;github.com.            IN  AAAA

;; AUTHORITY SECTION:
github.com.     660 IN  SOA ns-1707.awsdns-21.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

Received 112 bytes from 127.0.0.1#53 in 0 ms
Trying "github.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39053
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 13, ADDITIONAL: 2

;; QUESTION SECTION:
;github.com.            IN  MX

;; ANSWER SECTION:
github.com.     844 IN  MX  1 aspmx.l.google.com.
github.com.     844 IN  MX  10 alt3.aspmx.l.google.com.
github.com.     844 IN  MX  5 alt2.aspmx.l.google.com.
github.com.     844 IN  MX  5 alt1.aspmx.l.google.com.
github.com.     844 IN  MX  10 alt4.aspmx.l.google.com.

;; AUTHORITY SECTION:
.           513652  IN  NS  b.root-servers.net.
.           513652  IN  NS  j.root-servers.net.
.           513652  IN  NS  l.root-servers.net.
.           513652  IN  NS  e.root-servers.net.
.           513652  IN  NS  i.root-servers.net.
.           513652  IN  NS  m.root-servers.net.
.           513652  IN  NS  g.root-servers.net.
.           513652  IN  NS  k.root-servers.net.
.           513652  IN  NS  a.root-servers.net.
.           513652  IN  NS  f.root-servers.net.
.           513652  IN  NS  d.root-servers.net.
.           513652  IN  NS  c.root-servers.net.
.           513652  IN  NS  h.root-servers.net.

;; ADDITIONAL SECTION:
E.ROOT-SERVERS.NET. 133062  IN  AAAA    2001:500:a8::e
G.ROOT-SERVERS.NET. 483477  IN  AAAA    2001:500:12::d0d

Received 430 bytes from 127.0.0.1#53 in 0 ms

$ sudo traceroute -ITU github.com
traceroute to github.com (192.30.253.112), 30 hops max, 60 byte packets
 1  server.com (192.168.0.2)  2998.275 ms !H  2998.252 ms !H  2998.238 ms !H

答案1

我怀疑这与我在 LAN 中使用子网有关192.168.0.0/16,事实也确实如此。为了了解问题所在并最终解决它,我首先查询了服务器的路由,结果发现了一个奇怪的网络掩码:

# ip route show
default via 192.168.0.1 dev enp5s0 onlink                                                                                                                  
192.0.0.0/8 dev enp5s0  proto kernel  scope link  src 192.168.0.2

仔细查看后,我们/etc/network/interfaces发现了罪魁祸首:

iface enp5s0 inet static
address 192.168.0.2
netmask 255.0.0.0
gateway 192.168.0.1

我记不清在设置服务器时 Ubuntu Server 安装是否提示我输入有关网络的详细信息,或者它是否默默地做出了上述假设。我实际上相信它出厂时就配置为需要子网10.0.0.0/8,我一定是错误地将其更改为192.168.*.*但忘记了网络掩码。

无论如何,我随后将上面的网络掩码更正为255.255.0.0并执行systemctl restart networking。运行ip route show显示新的网络掩码已生效,但奇怪的是,旧的。我必须明确删除旧路线,ip route delete 192.0.0.0/8 dev enp5s0然后一切顺利。


编辑:我的问题的第一部分(如何诊断)的答案是查看机器的路由,如果您遇到与我类似的网络连接问题,这可能是首先查看的好地方。

相关内容