如何解决家用路由器后面的 Vagrant+Centos 7 连接问题

tag-icon tag-icon linux networking router
如何解决家用路由器后面的 Vagrant+Centos 7 连接问题

在尝试在家中设置一些测试服务时,我遇到了一种奇怪的情况,似乎 centos7 实例无法通过我的家庭路由器(netgear r6400)正确通信,而类似配置的 centos6 实例可以。

我设置了一台带有 httpd 的简单 centos6 机器(vagrant 1.8.4 - geerlingguy/centos6 (virtualbox, 1.1.2), virtualbox 5.0.26, ansible, yum install),并通过我的 LAN 的 ip(192.168.1.100)连接到它。如果我在 r6400 路由器中为端口 80 添加单个端口转发规则,那么我就可以从外部访问它,即通过“mydomainname.com”。如果我在 httpd.conf 和路由器端口转发中将端口更改为其他内容(例如 88),则更改会立即被识别。

但是……当我对 centos 7 实例执行相同操作时,我只能通过 LAN ip 访问 httpd。我的设置中唯一的区别只是指定了一个不同的 vagrant box,“centos/7 (virtualbox, 1606.01)”。

我远非网络或 Linux 专家,所以我很可能忽略了一些简单的事情。我已经确认firewalldiptables都关闭了。我不确定如何评估selinux

以下是 的输出 tcpdump -i enp0s8 -s 65535 >> /opt/tcpdump.txt

如下所示:

  • 192.168.1.11-我的笔记本电脑
  • 192.168.1.111-centos7-httpd
  • 192.168.1.54 - 注意实际上不确定。没有 IP 预留并且不返回 ping。一个旧的、现已断开连接的 DHCP 设备?
  • cpe-external.isp.provider.com - 当我尝试从外部访问 mydomainname.com 时
14:51:22.253156 IP centos7-httpd.ssh > 192.168.1.10.55201: Flags [P.], seq 1610946846:1610947034, ack 3839393363, win 314, length 188
14:51:22.263652 IP 192.168.1.10.55201 > centos7-httpd.ssh: Flags [.], ack 188, win 52884, length 0
14:51:22.818952 ARP, Request who-has 192.168.1.54 tell 192.168.1.11, length 46
14:51:23.959272 ARP, Request who-has 192.168.1.54 tell 192.168.1.11, length 46
14:51:23.961179 IP6 fe80::1aaa:2d09:20e8:6a30.33333 > ff02::c.ssdp: UDP, length 146
14:51:23.979378 IP 192.168.1.11.54112 > centos7-httpd.kerberos: Flags [P.], seq 1708141637:1708142038, ack 1590313680, win 260, length 401
14:51:23.979654 IP centos7-httpd.kerberos > 192.168.1.11.54112: Flags [.], seq 1:2521, ack 401, win 279, length 2520
14:51:23.979707 IP centos7-httpd.kerberos > 192.168.1.11.54112: Flags [.], seq 2521:5041, ack 401, win 279, length 2520
14:51:23.979753 IP centos7-httpd.kerberos > 192.168.1.11.54112: Flags [P.], seq 5041:5205, ack 401, win 279, length 164
14:51:23.980131 IP 192.168.1.11.54112 > centos7-httpd.kerberos: Flags [.], ack 5205, win 260, length 0
14:51:24.058616 IP 192.168.1.11.54112 > centos7-httpd.kerberos: Flags [P.], seq 401:868, ack 5205, win 260, length 467
14:51:24.058677 IP 192.168.1.11.54113 > centos7-httpd.kerberos: Flags [P.], seq 2665849367:2665849830, ack 1191583241, win 260, length 463
14:51:24.059194 IP centos7-httpd.kerberos > 192.168.1.11.54112: Flags [P.], seq 5205:5385, ack 868, win 287, length 180
14:51:24.059276 IP centos7-httpd.kerberos > 192.168.1.11.54113: Flags [P.], seq 1:181, ack 463, win 270, length 180
14:51:24.061688 IP 192.168.1.11.54113 > centos7-httpd.kerberos: Flags [P.], seq 463:930, ack 181, win 260, length 467
14:51:24.061844 IP centos7-httpd.kerberos > 192.168.1.11.54113: Flags [P.], seq 181:360, ack 930, win 279, length 179
14:51:24.061915 IP 192.168.1.11.54112 > centos7-httpd.kerberos: Flags [P.], seq 868:1335, ack 5385, win 260, length 467
14:51:24.062115 IP centos7-httpd.kerberos > 192.168.1.11.54112: Flags [P.], seq 5385:5564, ack 1335, win 296, length 179
14:51:24.076216 IP 192.168.1.11.54112 > centos7-httpd.kerberos: Flags [P.], seq 1335:1771, ack 5564, win 259, length 436
14:51:24.076250 IP 192.168.1.11.54113 > centos7-httpd.kerberos: Flags [P.], seq 930:1368, ack 360, win 259, length 438
14:51:24.076420 IP centos7-httpd.kerberos > 192.168.1.11.54112: Flags [P.], seq 5564:6018, ack 1771, win 304, length 454
14:51:24.076468 IP centos7-httpd.kerberos > 192.168.1.11.54113: Flags [P.], seq 360:816, ack 1368, win 287, length 456
14:51:24.092472 STP 802.1d, Config, Flags [none], bridge-id 3000.78:24:ee:50:90:70.4444, length 43
14:51:24.129280 IP 192.168.1.11.54112 > centos7-httpd.kerberos: Flags [.], ack 6018, win 257, length 0
14:51:24.129303 IP 192.168.1.11.54113 > centos7-httpd.kerberos: Flags [.], ack 816, win 257, length 0
14:51:24.204108 IP 192.168.1.11.54113 > centos7-httpd.kerberos: Flags [P.], seq 1368:1803, ack 816, win 257, length 435
14:51:24.204255 IP 192.168.1.11.54112 > centos7-httpd.kerberos: Flags [P.], seq 1771:2208, ack 6018, win 257, length 437
14:51:24.204380 IP centos7-httpd.kerberos > 192.168.1.11.54113: Flags [P.], seq 816:1269, ack 1803, win 296, length 453
14:51:24.204505 IP centos7-httpd.kerberos > 192.168.1.11.54112: Flags [P.], seq 6018:6473, ack 2208, win 312, length 455
14:51:24.254379 IP 192.168.1.11.54113 > centos7-httpd.kerberos: Flags [.], ack 1269, win 260, length 0
14:51:24.254401 IP 192.168.1.11.54112 > centos7-httpd.kerberos: Flags [.], ack 6473, win 260, length 0
14:51:24.819415 ARP, Request who-has 192.168.1.54 tell 192.168.1.11, length 46
14:51:25.713147 IP gateway.tivoconnect > 192.168.1.255.tivoconnect: UDP, length 166
14:51:25.819526 ARP, Request who-has 192.168.1.54 tell 192.168.1.11, length 46
14:51:26.092396 STP 802.1d, Config, Flags [none], bridge-id 3000.78:24:ee:50:90:70.4444, length 43
14:51:26.296344 IP cpe-external.isp.provider.com.54116 > centos7-httpd.kerberos: Flags [S], seq 3514904834, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
14:51:26.297392 IP cpe-external.isp.provider.com.54117 > centos7-httpd.kerberos: Flags [S], seq 3514113067, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
14:51:26.438969 IP cpe-external.isp.provider.com.54118 > centos7-httpd.kerberos: Flags [S], seq 2521192680, win 8192, options [mss 1260,nop,wscale 8,nop,nop,sackOK], length 0
14:51:26.961276 IP6 fe80::1aaa:2d09:20e8:6a30.33333 > ff02::c.ssdp: UDP, length 146
14:51:26.965271 ARP, Request who-has 192.168.1.54 tell 192.168.1.11, length 46
14:51:27.820018 ARP, Request who-has 192.168.1.54 tell 192.168.1.11, length 46
14:51:28.092498 STP 802.1d, Config, Flags [none], bridge-id 3000.78:24:ee:50:90:70.4444, length 43
14:51:28.632329 IP 192.168.1.10.55201 > centos7-httpd.ssh: Flags [P.], seq 1:37, ack 188, win 52884, length 36

一些用于验证当前机器配置的命令:

[root@localhost ~]#  iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
[root@localhost ~]# service iptables status
Redirecting to /bin/systemctl status  iptables.service
● iptables.service
   Loaded: not-found (Reason: No such file or directory)
   Active: inactive (dead)
[root@localhost ~]# service firewalld status
Redirecting to /bin/systemctl status  firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
[root@localhost ~]# ip route
default via 10.0.2.2 dev eth0  proto static  metric 100
default via 192.168.1.1 dev eth1  proto static  metric 101
10.0.2.0/24 dev eth0  proto kernel  scope link  src 10.0.2.15  metric 100
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.111  metric 100

更新 1 我得出的结论是,无论问题是什么,它都是 vagrant+centos7 特有的,而且我已经尝试在各种 vagrant+centos6 机器上进行相同的基本设置,并且没有遇到任何问题。
同样,我“手动”创建了一些 Centos7 VirtualBox VM(即使用 iso),它们似乎运行良好,但是当我将手动创建的 centos7 机器打包到 vagrant box 中时,我遇到了外部可访问性问题。

更新 2 我刚刚发现删除 NAT 网络适配器可以解决问题。我删除了/etc/sysconfig/网络脚本/ifcfg-eth0关闭机器,手动删除 VirtualBox 中的网络适配器,重新启动,然后瞧 - 它现在工作正常。我不确定为什么 NAT 会导致这个问题,但它至少是一个值得关注的新问题!

答案1

使用“setenforce 0”将 selinux 切换到宽容模式。这将继续评估问题,但不会阻止操作,只会记录它。这样你至少可以确定这是否是 selinux 问题,如果是,是什么问题。

相关内容