我有一台运行 20.04 的 ubuntu 服务器,带有 2 个 NIC – 一个连接到互联网网关,另一个连接到另一个运行 22.04 的 ubuntu 服务器。我无法让运行 22.04 的计算机看到互联网或 20.04 服务器。20.4 服务器确实可以看到互联网。
20.04服务器上的yaml文件是
# This is the network config written by 'subiquity'
network:
ethernets:
enp3s0:
dhcp4: false
addresses: ['10.0.0.205/24']
gateway4: 10.0.0.1
nameservers:
addresses: [10.0.0.1, 8.8.8.8]
enp2s0:
dhcp4: false
addresses: ['10.0.0.207/24']
version: 2
20.04 服务器上的 lshw -C 网络命令是
sudo lshw -C network
*-network
description: Ethernet interface
product: RTL8125 2.5GbE Controller
vendor: Realtek Semiconductor Co., Ltd.
physical id: 0
bus info: pci@0000:02:00.0
logical name: enp2s0
version: 05
serial: 1c:86:0b:22:73:5d
capacity: 1Gbit/s
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress msix vpd bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.15.0-75-generic firmware=rtl8125b-2_0.0.2 07/13/20 latency=0 link=no multicast=yes port=twisted pair
resources: irq:17 ioport:e000(size=256) memory:df110000-df11ffff memory:df120000-df123fff memory:df100000-df10ffff
*-network
description: Ethernet interface
product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
vendor: Realtek Semiconductor Co., Ltd.
physical id: 0
bus info: pci@0000:03:00.0
logical name: enp3s0
version: 15
serial: 30:9c:23:0c:90:d9
size: 1Gbit/s
capacity: 1Gbit/s
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.15.0-75-generic duplex=full firmware=rtl8168h-2_0.0.2 02/26/15 ip=10.0.0.205 latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
resources: irq:18 ioport:d000(size=256) memory:df004000-df004fff memory:df000000-df003fff
22.04 服务器的 yaml 文件是
# This is the network config written by 'subiquity'
network:
ethernets:
enp3s0:
addresses: ['10.0.0.206/24']
gateway4: 10.0.0.1
nameservers:
addresses: [8.8.8.8]
routes:
- to: default
via: 10.0.0.207
version: 2
22.04服务器上的lshw -C网络命令是
sudo lshw -C network
*-network
description: Wireless interface
product: Intel Corporation
vendor: Intel Corporation
physical id: 14.3
bus info: pci@0000:00:14.3
logical name: wlo1
version: 11
serial: 98:59:7a:99:6c:2c
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical wireless
configuration: broadcast=yes driver=iwlwifi driverversion=5.19.0-051900-generic firmware=72.a764baac.0 so-a0-gf-a0-72.uc latency=0 link=no multicast=yes wireless=IEEE 802.11
resources: irq:18 memory:42314000-42317fff
*-network
description: Ethernet interface
product: RTL8125 2.5GbE Controller
vendor: Realtek Semiconductor Co., Ltd.
physical id: 0
bus info: pci@0000:03:00.0
logical name: enp3s0
version: 05
serial: 74:56:3c:2c:f1:bc
size: 1Gbit/s
capacity: 1Gbit/s
width: 64 bits
clock: 33MHz
capabilities: pm msi pciexpress msix vpd bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.19.0-051900-generic duplex=full firmware=rtl8125b-2_0.0.2 07/13/20 ip=10.0.0.206 latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
resources: irq:18 ioport:3000(size=256) memory:42100000-4210ffff memory:42110000-42113fff
另外,我无法将一台服务器 ping 到另一台服务器。
@拉法
感谢您的快速回复。我已根据您的最新指示进行了更改,但仍然无法从服务器 A ping 通网关 (10.0.0.1)。
以下是服务器 A 的 ipconfig
ifconfig
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.206 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::7656:3cff:fe2c:f1bc prefixlen 64 scopeid 0x20<link>
inet6 2001:16a2:cb96:3c00::5 prefixlen 128 scopeid 0x0<global>
inet6 2001:16a2:cb96:3c00:7656:3cff:fe2c:f1bc prefixlen 64 scopeid 0x0<global>
ether 74:56:3c:2c:f1:bc txqueuelen 1000 (Ethernet)
RX packets 306 bytes 26761 (26.7 KB)
RX errors 0 dropped 60 overruns 0 frame 0
TX packets 1621 bytes 150679 (150.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3793 bytes 519354 (519.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3793 bytes 519354 (519.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlo1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 98:59:7a:99:6c:2c txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
以下是服务器 B 的 ipconfig
ifconfig
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.207 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::1e86:bff:fe22:735d prefixlen 64 scopeid 0x20<link>
ether 1c:86:0b:22:73:5d txqueuelen 1000 (Ethernet)
RX packets 1428 bytes 99754 (99.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 131 bytes 8666 (8.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.205 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 2001:16a2:cb96:3c00:329c:23ff:fe0c:90d9 prefixlen 64 scopeid 0x0<global>
inet6 fe80::329c:23ff:fe0c:90d9 prefixlen 64 scopeid 0x20<link>
inet6 2001:16a2:cb96:3c00::3 prefixlen 128 scopeid 0x0<global>
ether 30:9c:23:0c:90:d9 txqueuelen 1000 (Ethernet)
RX packets 31323 bytes 33052255 (33.0 MB)
RX errors 0 dropped 1228 overruns 0 frame 0
TX packets 14667 bytes 4587072 (4.5 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 54250 bytes 38017605 (38.0 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 54250 bytes 38017605 (38.0 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
以下是服务器 B 上的 iptables
sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
f2b-phpmyadmin-syslog tcp -- anywhere anywhere multiport dports http,https
f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,submissions,submission,imap2,imaps,pop3,pop3s
f2b-phpmyadmin-syslog tcp -- anywhere anywhere multiport dports http,https
f2b-postfix-sasl tcp -- anywhere anywhere multiport dports smtp,submissions,submission,imap2,imaps,pop3,pop3s
f2b-sshd tcp -- anywhere anywhere multiport dports 2200
ACCEPT tcp -- anywhere anywhere tcp dpt:2200
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:submissions
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:webmin
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:3478
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain f2b-phpmyadmin-syslog (2 references)
target prot opt source destination
REJECT all -- 103.175.198.129 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain f2b-postfix-sasl (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain f2b-sshd (1 references)
target prot opt source destination
REJECT all -- 211.36.142.65 anywhere reject-with icmp-port-unreachable
RETURN all -- anywhere anywhere
如果我可以为您提供更多详细信息,请告诉我。
@Raffa,
好的,我已删除所有 iptables 规则,以下是 iptables
/etc/iptables# cat rules.v4
# Generated by iptables-save v1.8.4 on Sat Aug 19 16:54:30 2023
*nat
:PREROUTING ACCEPT [8:428]
:INPUT ACCEPT [7:364]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp3s0 -j MASQUERADE
COMMIT
# Completed on Sat Aug 19 16:54:30 2023
# Generated by iptables-save v1.8.4 on Sat Aug 19 16:54:30 2023
*filter
:INPUT ACCEPT [37731:25530374]
:FORWARD ACCEPT [1311:95992]
:OUTPUT ACCEPT [38754:27316299]
-A FORWARD -i enp2s0 -o enp3s0 -j ACCEPT
-A FORWARD -i enp3s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Aug 19 16:54:30 2023
我仍然无法从 10.0.0.206 服务器 ping 通网关有什么想法吗?
谢谢
在您的最后一条评论之后发现以下内容:
从服务器 B 使用 sudo ethtool enp2s0
sudo ethtool enp2s0
Settings for enp2s0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
2500baseT/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
2500baseT/Full
Advertised pause frame use: Symmetric Receive-only
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Link partner advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
2500baseT/Full
Link partner advertised pause frame use: Symmetric Receive-only
Link partner advertised auto-negotiation: Yes
Link partner advertised FEC modes: Not reported
Speed: 2500Mb/s
Duplex: Full
Port: Twisted Pair
PHYAD: 0
Transceiver: internal
Auto-negotiation: on
MDI-X: Unknown
Supports Wake-on: pumbg
Wake-on: d
Link detected: yes
以下是来自服务器 A 的 sudo ethtool enp3s0
Settings for enp3s0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
2500baseT/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
2500baseT/Full
Advertised pause frame use: Symmetric Receive-only
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Link partner advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
1000baseT/Full
2500baseT/Full
Link partner advertised pause frame use: Symmetric Receive-only
Link partner advertised auto-negotiation: Yes
Link partner advertised FEC modes: Not reported
Speed: 2500Mb/s
Duplex: Full
Auto-negotiation: on
master-slave cfg: preferred slave
master-slave status: slave
Port: Twisted Pair
PHYAD: 0
Transceiver: external
MDI-X: Unknown
Supports Wake-on: pumbg
Wake-on: d
Link detected: yes
答案1
在 22.04 上的此配置中,您需要删除网关 4:10.0.0.1,据我了解,这是连接到 10.0.0.207 的描述接口,并且同时使用两个选项是行不通的。为了方便起见,我会将它们全部连接到交换机。如果它们都在交换机上,则从 22.04 中删除所有这些路由:- 到:默认通过:10.0.0.207
答案2
在服务器 A 上
所需的最小 net-plan 配置文件是:
network:
ethernets:
enp3s0:
dhcp4: false
addresses: [10.0.0.206/24]
nameservers:
addresses: [10.0.0.1, 8.8.8.8]
routes:
- to: default
via: 10.0.0.207
version: 2
在服务器B上
所需的最小 net-plan 配置文件是:
network:
ethernets:
enp3s0:
dhcp4: false
addresses: [10.0.0.205/24]
nameservers:
addresses: [10.0.0.1, 8.8.8.8]
routes:
- to: default
via: 10.0.0.1
enp2s0:
dhcp4: false
addresses: [10.0.0.207/24]
version: 2
最小系统配置
IP 转发(路由)
sudo sysctl -w "net.ipv4.ip_forward=1"
数据包转发(出站和入站)两个接口之间
出站:
sudo iptables -A FORWARD -i enp2s0 -o enp3s0 -j ACCEPT
入站:
sudo iptables -A FORWARD -i enp3s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
NATing
sudo iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE
答案3
我通过在服务器 B 上的 2 个 NIC 上安装桥接器并在服务器 B 上的 iptables 上执行以下命令来解决这个问题
sudo iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE
这是服务器 B 上的 yaml 文件
network:
version: 2
# renderer: networkd
ethernets:
enp3s0: {}
enp2s0: {}
bridges:
br0:
interfaces: [enp2s0, enp3s0]
dhcp4: no
addresses: [10.0.0.205/24]
gateway4: 10.0.0.1
nameservers:
addresses: [10.0.0.1, 8.8.8.8]
parameters:
stp: true
forward-delay: 0
这是服务器 A 的 yaml 文件
network:
ethernets:
enp3s0:
dhcp4: false
addresses: ['10.0.0.206/24']
gateway4: 10.0.0.1
nameservers:
addresses: [10.0.0.1, 8.8.8.8]
感谢@Raffa 指导我走出 IP 网络迷宫。