我正在尝试使用127.0.0.1
以下接口从我的计算机执行 ping 操作:
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 170879 bytes 9140807 (8.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 170879 bytes 9140807 (8.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo:1: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 192.168.117.1 netmask 255.255.255.0
loop txqueuelen 1000 (Local Loopback)
我没有任何特殊的路由或 iptables 规则。在 ping 时,127.0.0.1
我看到源 IP 为192.168.117.1
:
[ +5.279957] TRACE: raw:PREROUTING:policy:2 IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.117.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=61813 DF PROTO=ICMP TYPE=8 CODE=0 ID=11844 SEQ=1
[ +0.015864] TRACE: mangle:PREROUTING:policy:1 IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.117.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=61813 DF PROTO=ICMP TYPE=8 CODE=0 ID=11844 SEQ=1
[ +0.015960] TRACE: mangle:INPUT:policy:1 IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.117.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=61813 DF PROTO=ICMP TYPE=8 CODE=0 ID=11844 SEQ=1
[ +0.015974] TRACE: filter:INPUT:policy:1 IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=192.168.117.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=61813 DF PROTO=ICMP TYPE=8 CODE=0 ID=11844 SEQ=1
[ +0.015967] TRACE: raw:PREROUTING:policy:2 IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63078 PROTO=ICMP TYPE=0 CODE=0 ID=11844 SEQ=1
[ +0.015690] TRACE: mangle:PREROUTING:policy:1 IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63078 PROTO=ICMP TYPE=0 CODE=0 ID=11844 SEQ=1
[ +0.015724] TRACE: mangle:INPUT:policy:1 IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63078 PROTO=ICMP TYPE=0 CODE=0 ID=11844 SEQ=1
[ +0.015613] TRACE: filter:INPUT:policy:1 IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=63078 PROTO=ICMP TYPE=0 CODE=0 ID=11844 SEQ=1
我不知道是谁导致源地址发生变化。如果有人可以推荐我应该检查的组件,那就太好了?
更新:
我写了关于问题的背景这里。
答案1
于是我发现这确实是iptables
。我有一个容器正在添加“随时随地伪装”规则,但它在主机上不可见。该容器的运行iptables
由以下支持nftables
:
iptables v1.8.4 (nf_tables)
当底层主机仍在运行旧版 iptables 时:
iptables v1.4.21
由于nf_tables
支持iptables
,您无法看到主机上容器配置的规则,除非您在添加规则之前切换回旧后端:
update-alternatives --set iptables /usr/sbin/iptables-legacy
iptables v1.8.4 (legacy)
好玩的东西!