2 台 Ubuntu 服务器,A 通过以太网连接到 B。服务器 B 有 2 个 NIC,其中一个连接到互联网。A 看不到 B 或互联网

2 台 Ubuntu 服务器,A 通过以太网连接到 B。服务器 B 有 2 个 NIC,其中一个连接到互联网。A 看不到 B 或互联网

我有一台运行 20.04 的 ubuntu 服务器,带有 2 个 NIC – 一个连接到互联网网关,另一个连接到另一个运行 22.04 的 ubuntu 服务器。我无法让运行 22.04 的计算机看到互联网或 20.04 服务器。20.4 服务器确实可以看到互联网。

20.04服务器上的yaml文件是

# This is the network config written by 'subiquity'
network:

  ethernets:
        enp3s0:
            dhcp4: false
            addresses: ['10.0.0.205/24']
            gateway4: 10.0.0.1
            nameservers:
                addresses: [10.0.0.1, 8.8.8.8]
        enp2s0:
            dhcp4: false
            addresses: ['10.0.0.207/24']

  version: 2

20.04 服务器上的 lshw -C 网络命令是

 sudo lshw -C network
  *-network
       description: Ethernet interface
       product: RTL8125 2.5GbE Controller
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@0000:02:00.0
       logical name: enp2s0
       version: 05
       serial: 1c:86:0b:22:73:5d
       capacity: 1Gbit/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix vpd bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.15.0-75-generic firmware=rtl8125b-2_0.0.2 07/13/20 latency=0 link=no multicast=yes port=twisted pair
       resources: irq:17 ioport:e000(size=256) memory:df110000-df11ffff memory:df120000-df123fff memory:df100000-df10ffff
  *-network
       description: Ethernet interface
       product: RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@0000:03:00.0
       logical name: enp3s0
       version: 15
       serial: 30:9c:23:0c:90:d9
       size: 1Gbit/s
       capacity: 1Gbit/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.15.0-75-generic duplex=full firmware=rtl8168h-2_0.0.2 02/26/15 ip=10.0.0.205 latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
       resources: irq:18 ioport:d000(size=256) memory:df004000-df004fff memory:df000000-df003fff

22.04 服务器的 yaml 文件是

# This is the network config written by 'subiquity'
network:
  ethernets:
        enp3s0:
            addresses: ['10.0.0.206/24']
            gateway4: 10.0.0.1
            nameservers:
                addresses: [8.8.8.8]
            routes:
              - to: default
                via: 10.0.0.207
  version: 2

22.04服务器上的lshw -C网络命令是

sudo lshw -C network
  *-network
       description: Wireless interface
       product: Intel Corporation
       vendor: Intel Corporation
       physical id: 14.3
       bus info: pci@0000:00:14.3
       logical name: wlo1
       version: 11
       serial: 98:59:7a:99:6c:2c
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix bus_master cap_list ethernet physical wireless
       configuration: broadcast=yes driver=iwlwifi driverversion=5.19.0-051900-generic firmware=72.a764baac.0 so-a0-gf-a0-72.uc latency=0 link=no multicast=yes wireless=IEEE 802.11
       resources: irq:18 memory:42314000-42317fff
  *-network
       description: Ethernet interface
       product: RTL8125 2.5GbE Controller
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@0000:03:00.0
       logical name: enp3s0
       version: 05
       serial: 74:56:3c:2c:f1:bc
       size: 1Gbit/s
       capacity: 1Gbit/s
       width: 64 bits
       clock: 33MHz
       capabilities: pm msi pciexpress msix vpd bus_master cap_list ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
       configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=5.19.0-051900-generic duplex=full firmware=rtl8125b-2_0.0.2 07/13/20 ip=10.0.0.206 latency=0 link=yes multicast=yes port=twisted pair speed=1Gbit/s
       resources: irq:18 ioport:3000(size=256) memory:42100000-4210ffff memory:42110000-42113fff

另外,我无法将一台服务器 ping 到另一台服务器。


@拉法

感谢您的快速回复。我已根据您的最新指示进行了更改,但仍然无法从服务器 A ping 通网关 (10.0.0.1)。

以下是服务器 A 的 ipconfig

ifconfig
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.206  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::7656:3cff:fe2c:f1bc  prefixlen 64  scopeid 0x20<link>
        inet6 2001:16a2:cb96:3c00::5  prefixlen 128  scopeid 0x0<global>
        inet6 2001:16a2:cb96:3c00:7656:3cff:fe2c:f1bc  prefixlen 64  scopeid 0x0<global>
        ether 74:56:3c:2c:f1:bc  txqueuelen 1000  (Ethernet)
        RX packets 306  bytes 26761 (26.7 KB)
        RX errors 0  dropped 60  overruns 0  frame 0
        TX packets 1621  bytes 150679 (150.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 3793  bytes 519354 (519.3 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 3793  bytes 519354 (519.3 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlo1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 98:59:7a:99:6c:2c  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

以下是服务器 B 的 ipconfig

ifconfig
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.207  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::1e86:bff:fe22:735d  prefixlen 64  scopeid 0x20<link>
        ether 1c:86:0b:22:73:5d  txqueuelen 1000  (Ethernet)
        RX packets 1428  bytes 99754 (99.7 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 131  bytes 8666 (8.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.205  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 2001:16a2:cb96:3c00:329c:23ff:fe0c:90d9  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::329c:23ff:fe0c:90d9  prefixlen 64  scopeid 0x20<link>
        inet6 2001:16a2:cb96:3c00::3  prefixlen 128  scopeid 0x0<global>
        ether 30:9c:23:0c:90:d9  txqueuelen 1000  (Ethernet)
        RX packets 31323  bytes 33052255 (33.0 MB)
        RX errors 0  dropped 1228  overruns 0  frame 0
        TX packets 14667  bytes 4587072 (4.5 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 54250  bytes 38017605 (38.0 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 54250  bytes 38017605 (38.0 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

以下是服务器 B 上的 iptables

 sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
f2b-phpmyadmin-syslog  tcp  --  anywhere             anywhere             multiport dports http,https
f2b-postfix-sasl  tcp  --  anywhere             anywhere             multiport dports smtp,submissions,submission,imap2,imaps,pop3,pop3s
f2b-phpmyadmin-syslog  tcp  --  anywhere             anywhere             multiport dports http,https
f2b-postfix-sasl  tcp  --  anywhere             anywhere             multiport dports smtp,submissions,submission,imap2,imaps,pop3,pop3s
f2b-sshd   tcp  --  anywhere             anywhere             multiport dports 2200
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2200
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submissions
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:3478
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain f2b-phpmyadmin-syslog (2 references)
target     prot opt source               destination
REJECT     all  --  103.175.198.129      anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain f2b-postfix-sasl (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain f2b-sshd (1 references)
target     prot opt source               destination
REJECT     all  --  211.36.142.65        anywhere             reject-with icmp-port-unreachable
RETURN     all  --  anywhere             anywhere

如果我可以为您提供更多详细信息,请告诉我。

@Raffa,

好的,我已删除所有 iptables 规则,以下是 iptables

/etc/iptables# cat rules.v4
# Generated by iptables-save v1.8.4 on Sat Aug 19 16:54:30 2023
*nat
:PREROUTING ACCEPT [8:428]
:INPUT ACCEPT [7:364]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp3s0 -j MASQUERADE
COMMIT
# Completed on Sat Aug 19 16:54:30 2023
# Generated by iptables-save v1.8.4 on Sat Aug 19 16:54:30 2023
*filter
:INPUT ACCEPT [37731:25530374]
:FORWARD ACCEPT [1311:95992]
:OUTPUT ACCEPT [38754:27316299]
-A FORWARD -i enp2s0 -o enp3s0 -j ACCEPT
-A FORWARD -i enp3s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Sat Aug 19 16:54:30 2023

我仍然无法从 10.0.0.206 服务器 ping 通网关有什么想法吗?

谢谢


在您的最后一条评论之后发现以下内容:

从服务器 B 使用 sudo ethtool enp2s0

sudo ethtool enp2s0
Settings for enp2s0:
        Supported ports: [ TP MII ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
                                2500baseT/Full
        Supported pause frame use: Symmetric Receive-only
        Supports auto-negotiation: Yes
        Supported FEC modes: Not reported
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
                                2500baseT/Full
        Advertised pause frame use: Symmetric Receive-only
        Advertised auto-negotiation: Yes
        Advertised FEC modes: Not reported
        Link partner advertised link modes:  10baseT/Half 10baseT/Full
                                             100baseT/Half 100baseT/Full
                                             1000baseT/Full
                                             2500baseT/Full
        Link partner advertised pause frame use: Symmetric Receive-only
        Link partner advertised auto-negotiation: Yes
        Link partner advertised FEC modes: Not reported
        Speed: 2500Mb/s
        Duplex: Full
        Port: Twisted Pair
        PHYAD: 0
        Transceiver: internal
        Auto-negotiation: on
        MDI-X: Unknown
        Supports Wake-on: pumbg
        Wake-on: d
        Link detected: yes

以下是来自服务器 A 的 sudo ethtool enp3s0

Settings for enp3s0:
        Supported ports: [ TP    MII ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
                                2500baseT/Full
        Supported pause frame use: Symmetric Receive-only
        Supports auto-negotiation: Yes
        Supported FEC modes: Not reported
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Full
                                2500baseT/Full
        Advertised pause frame use: Symmetric Receive-only
        Advertised auto-negotiation: Yes
        Advertised FEC modes: Not reported
        Link partner advertised link modes:  10baseT/Half 10baseT/Full
                                             100baseT/Half 100baseT/Full
                                             1000baseT/Full
                                             2500baseT/Full
        Link partner advertised pause frame use: Symmetric Receive-only
        Link partner advertised auto-negotiation: Yes
        Link partner advertised FEC modes: Not reported
        Speed: 2500Mb/s
        Duplex: Full
        Auto-negotiation: on
        master-slave cfg: preferred slave
        master-slave status: slave
        Port: Twisted Pair
        PHYAD: 0
        Transceiver: external
        MDI-X: Unknown
        Supports Wake-on: pumbg
        Wake-on: d
        Link detected: yes

答案1

在 22.04 上的此配置中,您需要删除网关 4:10.0.0.1,据我了解,这是连接到 10.0.0.207 的描述接口,并且同时使用两个选项是行不通的。为了方便起见,我会将它们全部连接到交换机。如果它们都在交换机上,则从 22.04 中删除所有这些路由:- 到:默认通过:10.0.0.207

答案2

在服务器 A 上

所需的最小 net-plan 配置文件是:

network:
  ethernets:
    enp3s0:
      dhcp4: false
      addresses: [10.0.0.206/24]
      nameservers:
        addresses: [10.0.0.1, 8.8.8.8]
      routes:
        - to: default
          via: 10.0.0.207
  version: 2

在服务器B上

所需的最小 net-plan 配置文件是:

network:
  ethernets:
    enp3s0:
      dhcp4: false
      addresses: [10.0.0.205/24]
      nameservers:
        addresses: [10.0.0.1, 8.8.8.8]
      routes:
        - to: default
          via: 10.0.0.1
    enp2s0:
      dhcp4: false
      addresses: [10.0.0.207/24]
  version: 2

最小系统配置

IP 转发(路由
sudo sysctl -w "net.ipv4.ip_forward=1"
数据包转发(出站和入站)两个接口之间

出站:

sudo iptables -A FORWARD -i enp2s0 -o enp3s0 -j ACCEPT

入站:

sudo iptables -A FORWARD -i  enp3s0 -o enp2s0 -m state --state RELATED,ESTABLISHED -j ACCEPT
NATing
sudo iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE

答案3

我通过在服务器 B 上的 2 个 NIC 上安装桥接器并在服务器 B 上的 iptables 上执行以下命令来解决这个问题

sudo iptables -t nat -A POSTROUTING -o enp3s0 -j MASQUERADE

这是服务器 B 上的 yaml 文件

network:
  version: 2
#  renderer: networkd
  ethernets:
       enp3s0: {}
       enp2s0: {}

  bridges:
     br0:
        interfaces: [enp2s0, enp3s0]
        dhcp4: no
        addresses: [10.0.0.205/24]
        gateway4: 10.0.0.1
        nameservers:
            addresses: [10.0.0.1, 8.8.8.8]
        parameters:
           stp: true
           forward-delay: 0

这是服务器 A 的 yaml 文件

network:
  ethernets:
        enp3s0:
            dhcp4: false
            addresses: ['10.0.0.206/24']
            gateway4: 10.0.0.1
            nameservers:
                addresses: [10.0.0.1, 8.8.8.8]

感谢@Raffa 指导我走出 IP 网络迷宫。

相关内容