尽管 20.04 LTS 上的 IP 是静态的,但在启动时仍分配了链路本地 169.254.xx 地址

tag-icon tag-icon networking server iptables router nat
尽管 20.04 LTS 上的 IP 是静态的,但在启动时仍分配了链路本地 169.254.xx 地址

我一直在努力将我的 Ubuntu 机器设置为带有 NAT 的简单 2-NIC 路由器,并尝试遵循最新推荐的方法,即netplan针对 NIC 和ufw防火墙对于 iptables。我终于设法让它路由,但我不明白为什么在启动时系统会为我的 LAN NIC 分配一个本地链接 (169.254.xx) 地址此外到静态 IP,就好像它发出了 DHCP 请求但未得到响应。 之后sudo netplan apply,169.254.xx 地址就消失了。

我不确定这是否会给我的网络带来麻烦,但我不明白,这让我很困扰 :-)。任何提示都非常感谢!

这是我的网络拓扑:

  ISP router            Ubuntu router          Win10 Client 
[           ]   [ wan1              lan1 ]   [             ]
[192.168.1.1]---[192.168.1.8  192.168.9.1]---[192.168.9.10 ]
[           ]   [           (169.254.x.x)]   [  (static)   ]
[           ]   [(dhcp)          (static)]   [             ]

目前我没有在 Ubuntu 机器上设置任何 DHCP 服务器或 DNS 守护程序(我打算很快这样做)。

请注意,这台机器是作为 Ubuntu 桌面安装的(我现在很后悔),并且我通过systemctl unmask/enable/start systemd-networkd和启用了 systemd-networkd 并禁用了 NetworkManager systemctl stop/disable/mask NetworkManager

重启后lan1分配一个169.254.x.x地址:

> ~ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: lan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 50:3e:aa:12:aa:cb brd ff:ff:ff:ff:ff:ff
    inet 192.168.9.1/24 brd 192.168.9.255 scope global lan1
       valid_lft forever preferred_lft forever
    inet 169.254.232.216/16 brd 169.254.255.255 scope global noprefixroute lan1
       valid_lft forever preferred_lft forever
    inet6 fe80::523e:aaff:fe12:aacb/64 scope link
       valid_lft forever preferred_lft forever
3: wan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether e0:69:95:e4:d5:e8 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.8/24 brd 192.168.1.255 scope global dynamic wan1
       valid_lft 86239sec preferred_lft 86239sec
    inet6 fe80::e269:95ff:fee4:d5e8/64 scope link
       valid_lft forever preferred_lft forever

> ~ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    203    0        0 wan1
169.254.0.0     0.0.0.0         255.255.0.0     U     202    0        0 lan1
192.168.1.0     0.0.0.0         255.255.255.0   U     203    0        0 wan1
192.168.1.1     0.0.0.0         255.255.255.255 UH    100    0        0 wan1
192.168.9.0     0.0.0.0         255.255.255.0   U     0      0        0 lan1

手动重新应用 netplan 后,sudo netplan apply地址169.254.x.x消失了。

> ~ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.1     0.0.0.0         UG    203    0        0 wan1
192.168.1.0     0.0.0.0         255.255.255.0   U     203    0        0 wan1
192.168.1.1     0.0.0.0         255.255.255.255 UH    100    0        0 wan1
192.168.9.0     0.0.0.0         255.255.255.0   U     0      0        0 lan1

有关我的设置的一些细节:

/etc/netplan/01-router-all.yaml

network:
  version: 2
  renderer: networkd

  ethernets:
    wan1:
      match:
        macaddress: "e0:69:95:e4:d5:e8"
      set-name: wan1
      dhcp4: true
      accept-ra: false

    lan1:
      match:
        macaddress: "50:3e:aa:12:aa:cb"
      set-name: lan1
      dhcp4: false
      dhcp6: false
      addresses: [192.168.9.1/24]
      nameservers:
        addresses: [9.9.9.9, 1.1.1.1]
        search: []
     optional: true 
     accept-ra: false

/etc/ufw/before.rules

# rules.before
#
# Rules that should be run before the ufw command line added rules. Custom
# rules should be added to one of these chains:
#   ufw-before-input
#   ufw-before-output
#   ufw-before-forward
#

# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic from lan1 to wan1
-A POSTROUTING -s 192.168.9.0/24 -o wan1 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [0:0]
:ufw-before-output - [0:0]
:ufw-before-forward - [0:0]
:ufw-not-local - [0:0]
# End required lines

-A ufw-before-forward -i lan1 -o wan1 -j ACCEPT
-A ufw-before-forward -i wan1 -o lan1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

[rest of file unchanged]

答案1

原来问题出在/etc/dhcpcd.conf

当从 移动NetworkManager到 时systemd-networkd,我注释了该文件的末尾,其中包含接口的名称(据我记得,nmtui当我尝试两个静态 IP 时,它已经自动填充了我所做的 NetWork Manager 更改)。

我怀疑 DHCP 客户端(WAN NIC 所需eno1)也尝试为 LAN NIC 分配一个地址,因为它不知道它是静态的(因为我在 中没有这么说dhcpcd.conf),并且在没有响应的情况下它分配了一个169.254.x.x地址。它现在可以正常工作,在 末尾添加 2 行后,我只有一个静态地址/etc/dhcpcd.conf

interface enp1s0
   static ip_address=192.168.9.1/24

我想,如果我安装的是 Ubuntu 服务器而不是桌面版,我就可以节省几个小时的设置时间,而不必切换到systemd-networkd。但在此过程中我学到了很多东西。

笔记:自从我发布了我的问题后,我已经设置了一个 DHCP 服务器(isc-dhcp-server),为了使其工作,我不得不删除别名lan1,因此我重新使用enp1s0(而不是lan1上面的问题中的使用)。

在职的/etc/dhcpcd.conf

# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.

# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel

# Inform the DHCP server of our hostname for DDNS.
hostname

# Use the hardware address of the interface for the Client ID.
#clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
duid

# Persist interface configuration when dhcpcd exits.
persistent

# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit

# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu

# Most distributions have NTP support.
option ntp_servers

# A ServerID is required by RFC2131.
require dhcp_server_identifier

noipv6rs
noipv6

# Generate SLAAC address using the Hardware Address of the interface
#slaac hwaddr
# OR generate Stable Private IPv6 Addresses based from the DUID

# mc 2020-07-18 commented below
#slaac private
interface enp1s0
        static ip_address=192.168.9.1/24
        #static routers=192.168.1.1
        #static domain_name_servers=9.9.9.9
#interface eno1
#        static ip_address=192.168.1.111/24
#        static routers=192.168.1.1
#        static domain_name_servers=9.9.9.9 149.112.112.112

相关内容