我不知道我遗漏了什么,如能提供任何帮助我将不胜感激。
(全部更新)主机:Windows 10 Pro,WebServer:Debian 11(Hyper-V VM),Mysql MariaDb 10.5.15,php 7.4.28,Wordpress 5.9.3,80,443 端口在网关(Ubiquiti USG Pro-4)中转发到 Debian WebServer 私有 IP/vlan x,防火墙(EsedNod32)禁用-Host,防火墙(UFW)Debian WebServer(22、80、443 已打开),防火墙(Windows 防火墙)禁用-Host,
Wordpress:wp-config.php 所有设置均正常(数据库、url 等)
/** The name of the database for WordPress */
define( 'DB_NAME', 'wordpressdb' );
/** Database username */
define( 'DB_USER', 'user' );
/** Database password */
define( 'DB_PASSWORD', 'Pass' );
/** Database hostname */
define( 'DB_HOST', 'localhost' );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/* Add any custom values between this line and the "stop editing" line. */
define('WP_SITEURL', 'http://example.com');
define('WP_HOME', 'http://example.com');
apache2:domain.com.conf 所有设置均正常(虚拟主机)
<VirtualHost example.com:80 *:80>
ServerName example.com
ServerAlias example.com
DirectoryIndex index.htm index.html index.php
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/example.com
<Directory "/var/www/html/example.com">
Options -Indexes +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName example.com
ServerAlias www.example.com
ServerAdmin [email protected]
DocumentRoot /var/www/html/example.com
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key
SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
新闻(已编辑)
我发现了一个相关帖子并采取行动,我能够使其工作(NatNetwork),但我仍然无法从 Internet(outsize)访问我的 Debian WebServer,还有一个问题,我失去了从主机(win10Pro)到 Guest VM(Debian)的 ssh 访问权限,通常我使用我的私钥通过 SSH-Agent 进行此操作,即使使用密码也不起作用;
<myuser>@10.0.0.1已修复:在 /etc/ssh/sshd_config 文件中添加允许用户
另外评论一下现在的网络情况,主机 192.168.xx,以及 10.0.xx 中的新 NatNetwork
New-VMSwitch -SwitchName "NATSwitch" -SwitchType Internal
New-NetNat -Name NATNetwork -InternalIPInterfaceAddressPrefix 10.0.0.0/24
New-NetIPAddress -IPAddress 10.0.0.1 -PrefixLength 24 -InterfaceAlias "vEthernet (NATSwitch)"
地图绘制
Add-NetNatStaticMapping -NatName NATNetwork -Protocol TCP -ExternalIPAddress 0.0.0.0/24 -ExternalPort 80 -InternalIPAddress 10.0.0.24 -InternalPort 80
- 我可以使用局域网中的私有 IP 进入我的网页(因为它在我的 host 文件中/手动添加)
- 我无法从互联网(超大/公共 IP)
Get-NetRoute -AddressFamily IPv4 -InterfaceIndex 2 | 格式表 DestinationPrefix,NextHop
DestinationPrefix NextHop
----------------- -------
255.255.255.255/32 0.0.0.0
224.0.0.0/4 0.0.0.0
10.0.0.255/32 0.0.0.0
10.0.0.1/32 0.0.0.0
10.0.0.0/24 0.0.0.0
Get-NetRoute -AddressFamily IPv4 -InterfaceIndex 28 | 格式表 DestinationPrefix,NextHop
DestinationPrefix NextHop
----------------- -------
255.255.255.255/32 0.0.0.0
224.0.0.0/4 0.0.0.0
192.168.1.255/32 0.0.0.0
192.168.1.64/32 0.0.0.0
192.168.1.0/24 0.0.0.0
0.0.0.0/0 192.168.1.1
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.64 281
10.0.0.0 255.255.255.0 On-link 10.0.0.1 271
10.0.0.1 255.255.255.255 On-link 10.0.0.1 271
10.0.0.255 255.255.255.255 On-link 10.0.0.1 271
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.23.144.0 255.255.240.0 On-link 172.23.144.1 5256
172.23.144.1 255.255.255.255 On-link 172.23.144.1 5256
172.23.159.255 255.255.255.255 On-link 172.23.144.1 5256
172.31.80.0 255.255.240.0 On-link 172.31.80.1 5256
172.31.80.1 255.255.255.255 On-link 172.31.80.1 5256
172.31.95.255 255.255.255.255 On-link 172.31.80.1 5256
192.168.1.0 255.255.255.0 On-link 192.168.1.64 281
192.168.1.64 255.255.255.255 On-link 192.168.1.64 281
192.168.1.255 255.255.255.255 On-link 192.168.1.64 281
192.168.2.0 255.255.255.0 On-link 192.168.2.64 281
192.168.2.64 255.255.255.255 On-link 192.168.2.64 281
192.168.2.255 255.255.255.255 On-link 192.168.2.64 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.2.64 281
224.0.0.0 240.0.0.0 On-link 192.168.1.64 281
224.0.0.0 240.0.0.0 On-link 10.0.0.1 271
224.0.0.0 240.0.0.0 On-link 172.23.144.1 5256
224.0.0.0 240.0.0.0 On-link 172.31.80.1 5256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.2.64 281
255.255.255.255 255.255.255.255 On-link 192.168.1.64 281
255.255.255.255 255.255.255.255 On-link 10.0.0.1 271
255.255.255.255 255.255.255.255 On-link 172.23.144.1 5256
255.255.255.255 255.255.255.255 On-link 172.31.80.1 5256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 192.168.1.1 Default
===========================================================================
Debian(WebServer)进入 Vlan(10.0.xx vlan x) vlan ID 也在 VSwitch Manager 设置和 VM 网络适配器设置中设置,而不是在 debian VM 配置 (/etc/interface) 中设置,我可以吗?它以这种方式工作,所以我认为我可以。
接口设置
我可以 ping 互联网、主机和 eth0 接口。我是否需要静态路由(USG 路由器)、任何 iptable 规则或 mascarade(在服务器中)?我的接口文件设置是否正确?(/etc/network/interfaces)
<myuser>@terrawp:~$ ip route
default via 10.0.0.1 dev eth0 onlink
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.24
<myuser>@terrawp:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:00:69:3a brd ff:ff:ff:ff:ff:ff
inet 10.0.0.24/24 brd 10.0.0.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe00:693a/64 scope link
valid_lft forever preferred_lft forever
谢谢您,修复得很好!!
答案1
在基于 Internet 的流量到达您的网络服务器之前,您需要确保以下两项都已到位。
到网络网关/防火墙的有效网络路由 VM 需要连接网络适配器。如果适用,它需要 VLAN 标记。然后,您需要确保在 VM 内部为其分配了 IP 地址(静态或 DHCP,带预留)、DNS 和网关。当您能够从 VM ping 出时,您就知道它成功了 https://windowsreport.com/add-network-adapter-windows-10-hyper-v/#:~:text=在 HyperVManager 中,您位于 NetworkAdapter 窗口
配置了端口转发或反向代理的防火墙规则。默认情况下,所有防火墙都会阻止入站流量。您需要设置一条规则,将流量转发到端口 80 上的虚拟机