Debian VLAN 不响应 ping 命令

tag-icon tag-icon linux networking vlan
Debian VLAN 不响应 ping 命令

我的设置:

| Liux 计算机 | --- | Cisco SG350 | --- | 设备 |

我希望我的计算机上的 VLAN 有 192.168.1.254,设备上的 VLAN 有 192.168.1.1(它是一个路由器)

我的机器上的 VLAN 接口是使用以下命令创建的:

sudo ip link add link eno1 name vlan20 type vlan id 20
sudo ip addr flush dev vlan20
sudo ip addr add 192.168.1.254/24 dev vlan20
sudo ip link set dev vlan20 up
sudo ip route add default via 192.168.1.254 dev vlan20 table 20
sudo ip rule add fwmark 20 table 20
sudo iptables -t mangle -A POSTROUTING -d 10.10.20.0/24 -j MARK --set-mark 20
sudo iptables -t nat -A POSTROUTING -o vlan20 -j SNAT --to 192.168.1.254
sudo iptables -t mangle -A OUTPUT -d 10.10.20.0/24 -j MARK --set-mark 20
sudo iptables -t nat -A OUTPUT -d 10.10.20.0/24 -j NETMAP --to 192.168.1.254/24

对于我来说该配置似乎有效。

$ ifconfig vlan20:

21: vlan20@eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:d8:61:22:6d:c7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.254/24 scope global vlan20
       valid_lft forever preferred_lft forever
    inet6 fe80::2d8:61ff:fe22:6dc7/64 scope link 
       valid_lft forever preferred_lft forever

$ netstat -rn:

Kernel-IP-Routentabelle
Ziel            Router          Genmask         Flags   MSS Fenster irtt Iface
0.0.0.0         172.31.96.1     0.0.0.0         UG        0 0          0 eno1
172.31.96.0     0.0.0.0         255.255.254.0   U         0 0          0 eno1
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 vlan20

$ iptables -t nat -L:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
SNAT       all  --  anywhere             anywhere             to:192.168.1.254

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
NETMAP     all  --  anywhere             10.10.20.0/24         to:192.168.1.0/24

$ iptables -t mangle -L:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
MARK       all  --  anywhere             10.10.20.0/24         MARK set 0x14

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MARK       all  --  anywhere             10.10.20.0/24         MARK set 0x14

可以通过 ping 连接该设备:

$ ping -w2 10.10.20.1
PING 10.10.20.1 (10.10.20.1) 56(84) bytes of data.
64 bytes from 10.10.20.1: icmp_seq=1 ttl=64 time=0.384 ms
64 bytes from 10.10.20.1: icmp_seq=2 ttl=64 time=0.411 ms

--- 10.10.20.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 2ms
rtt min/avg/max/mdev = 0.384/0.397/0.411/0.024 ms

我可以通过 SSH、Web 等方式访问该设备。

我不明白的是:另一个方向不起作用。我可以在 vlan20 接口上看到传入的 ICMP 回显请求,但它们没有得到答复。

相关内容