去年某个时候,Traceroute 的行为发生了变化。之前运行正常。(Debian v9.11 Traceroute 1:2.1.0-2)现在,第一个 traceroute 结果(我的网关)是正确的,但所有中间跳数都列出了目标 IP 地址,而不是中间主机。我的外围防火墙明确允许 ICMP any。
本地主机防火墙:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
跟踪路由结果:
shughes@skht5d:~$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 pfSense.abc.example.com (192.168.11.1) 3.222 ms 3.200 ms 3.190 ms
2 * * *
3 dns.google (8.8.8.8) 11.662 ms 11.656 ms 11.616 ms
4 dns.google (8.8.8.8) 14.003 ms 16.191 ms 16.177 ms
5 dns.google (8.8.8.8) 14.002 ms 13.981 ms 16.121 ms
6 dns.google (8.8.8.8) 22.640 ms 16.258 ms 19.028 ms
7 dns.google (8.8.8.8) 25.339 ms 20.188 ms 20.170 ms
8 dns.google (8.8.8.8) 27.407 ms 25.020 ms 27.858 ms
9 dns.google (8.8.8.8) 24.951 ms 24.472 ms 24.456 ms
10 dns.google (8.8.8.8) 23.790 ms 21.811 ms 24.017 ms
11 * * dns.google (8.8.8.8) 20.639 ms
12 dns.google (8.8.8.8) 21.437 ms 23.536 ms 22.119 ms
13 dns.google (8.8.8.8) 21.429 ms 21.181 ms 21.207 ms
shughes@skht5d:~$
shughes@skht5d:~$ traceroute a2hosting.com
traceroute to a2hosting.com (104.18.131.225), 30 hops max, 60 byte packets
1 pfSense.abc.example.com (192.168.11.1) 11.043 ms 11.001 ms 11.006 ms
2 * * *
3 104.18.131.225 (104.18.131.225) 18.531 ms 18.527 ms 18.519 ms
4 104.18.131.225 (104.18.131.225) 18.514 ms 18.508 ms 18.493 ms
5 104.18.131.225 (104.18.131.225) 18.472 ms 18.476 ms 18.451 ms
6 104.18.131.225 (104.18.131.225) 30.552 ms 30.868 ms 26.008 ms
7 104.18.131.225 (104.18.131.225) 26.017 ms 30.792 ms 30.755 ms
8 104.18.131.225 (104.18.131.225) 41.155 ms 30.765 ms 30.757 ms
9 104.18.131.225 (104.18.131.225) 30.722 ms 30.714 ms 30.707 ms
10 104.18.131.225 (104.18.131.225) 30.703 ms 29.137 ms 28.252 ms
11 104.18.131.225 (104.18.131.225) 28.202 ms 29.162 ms 29.151 ms
shughes@skht5d:~$