我通过直接链接连接了两个 Debian 10 系统。
在其中一个上,我定义了一个虚拟接口,在另一个上,我提供了一个静态路由来访问它。我在接口上看到来自发送方的流量,但看不到对方系统上的流量,也没有收到任何响应。
是否有可能流量被对方系统丢弃了?
sudo ip link add lo1 type dummy
sudo ip link set dev lo1 up
sudo ip addr add 13.13.13.13/32 dev lo1
pc2~$ ip addr show lo1
63: lo1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether ae:e2:d8:95:2b:ae brd ff:ff:ff:ff:ff:ff
inet 13.13.13.13/32 brd 13.13.13.13 scope global lo1
valid_lft forever preferred_lft forever
inet6 fe80::ace2:d8ff:fe95:2bae/64 scope link
valid_lft forever preferred_lft forever
pc2~$ sudo sysctl -p
sysctl: cannot stat /proc/sys/net/ipv4/tcp_syncookies: No such file or directory
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
kernel.printk = 1 4 1 7
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
和另一个系统:
sudo ip route add 13.13.13.13/32 via 20.20.20.2
pc1~$ ip addr show port25
31: port25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 04:f8:f8:76:53:59 brd ff:ff:ff:ff:ff:ff
inet 20.20.20.1/24 brd 20.20.20.255 scope global port25
valid_lft forever preferred_lft forever
inet6 fe80::6f8:f8ff:fe76:5359/64 scope link
valid_lft forever preferred_lft forever
pc1(20.20.20.1)--------(20.20.20.2)pc2(lo2:13.13.13.13/32)
pc1~$ sudo tcpdump -ni port25 icmp
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on port25, link-type EN10MB (Ethernet), snapshot length 262144 bytes
22:54:42.098033 IP 20.20.20.1 > 13.13.13.13: ICMP echo request, id 3321, seq 0, length 64
22:54:43.107142 IP 20.20.20.1 > 13.13.13.13: ICMP echo request, id 3321, seq 1, length 64
22:54:44.117137 IP 20.20.20.1 > 13.13.13.13: ICMP echo request, id 3321, seq 2, length 64
22:54:45.127138 IP 20.20.20.1 > 13.13.13.13: ICMP echo request, id 3321, seq 3, length 64
22:54:46.137143 IP 20.20.20.1 > 13.13.13.13: ICMP echo request, id 3321, seq 4, length 64
pc2:~$ sudo tcpdump -ni port25 icmp
Password:
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on port25, link-type EN10MB (Ethernet), snapshot length 262144 bytes
pc1~$ ip route
default nhid 16 via 192.168.60.2 dev enp0 proto 196 metric 20
13.13.13.13 nhid 79 via 20.20.20.2 dev port25 proto 196 metric 20
20.20.20.0/24 dev port25 proto kernel scope link src 20.20.20.1
50.50.60.60 nhid 16 via 192.168.60.2 dev enp0 proto 196 metric 20
192.168.60.0/24 dev enp0 proto kernel scope link src 192.168.60.75
192.168.121.0/24 dev port2 proto kernel scope link src 192.168.121.37 linkdown
pc2~$ ip route
default nhid 26 via 192.168.60.2 dev enp0 proto 196 metric 20
20.20.20.0/24 dev port25 proto kernel scope link src 20.20.20.2
192.168.22.0/24 dev port1 proto kernel scope link src 192.168.22.156
192.168.60.0/24 dev enp0 proto kernel scope link src 192.168.60.76
zharf-switch:~$
答案1
您可能必须在要在接口之间转发数据包的系统上启用 IP 转发。假设您使用 Linux,则默认情况下它是禁用的。
引用https://www.ducea.com/2006/08/01/how-to-enable-ip-forwarding-in-linux/:
检查设置sysctl net.ipv4.ip_forward
改变它与sysctl -w net.ipv4.ip_forward=1
根据您的发行版,有不同的方法可以使此设置永久化。