我在一台机器上安装了 Arch Linux,并带有6.1.12-1-lts内核。我已经dhcpcd安装NetworkManager了 VPN 客户端,并且能够通过我的连接访问互联网。我没有ufw安装过。dhcpcd或都没有警告NetworkManager,并且我没有在路由器(Edgerouter X)上配置特定的防火墙规则。
但是,我无法从此盒子一致地访问我的路由器或网络上的其他计算机。过去我有时能够做到,但现在不行了。以下是可能有帮助的输出。我缺少什么?
ip addr
(permaddr 已删除,VPN ip 已清空)
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp89s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 48:21:0b:33:32:5f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.75/24 brd 192.168.1.255 scope global dynamic noprefixroute enp89s0
valid_lft 85461sec preferred_lft 85461sec
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 5e:17:af:6b:7c:6d brd ff:ff:ff:ff:ff:ff permaddr
4: nordlynx: <POINTOPOINT,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet xx.xx.xx.xx/32 scope global nordlynx
valid_lft forever preferred_lft forever
ip neigh
192.168.1.1 dev enp89s0 lladdr 78:8a:20:be:20:63 REACHABLE
192.168.1.47 dev enp89s0 lladdr 90:09:d0:0a:2b:4f STALE
sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere connmark match 0xe1f1 /* nordvpn */
ACCEPT all -- anywhere anywhere connmark match 0xe1f1 /* nordvpn */
DROP all -- anywhere anywhere /* nordvpn */
DROP all -- anywhere anywhere /* nordvpn */
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
CONNMARK all -- anywhere anywhere mark match 0xe1f1 /* nordvpn */ CONNMARK save
ACCEPT all -- anywhere anywhere connmark match 0xe1f1 /* nordvpn */
CONNMARK all -- anywhere anywhere mark match 0xe1f1 /* nordvpn */ CONNMARK save
ACCEPT all -- anywhere anywhere connmark match 0xe1f1 /* nordvpn */
DROP all -- anywhere anywhere /* nordvpn */
DROP all -- anywhere anywhere /* nordvpn */
tracepath 192.168.1.1
1?: [LOCALHOST] pmtu 1500
1: send failed
1: send failed
Resume: pmtu 1500
ip route show
default via 192.168.1.1 dev enp89s0 proto dhcp src 192.168.1.75 metric 1002
default via 192.168.1.1 dev enp89s0 proto dhcp src 192.168.1.75 metric 20100
192.168.1.0/24 dev enp89s0 proto kernel scope link src 192.168.1.75 metric 100
192.168.1.0/24 dev enp89s0 proto dhcp scope link src 192.168.1.75 metric 1002
192.168.1.1 dev enp89s0 proto dhcp scope link src 192.168.1.75 metric 100
192.168.1.47 dev enp89s0 proto dhcp scope link src 192.168.1.75 metric 100
systemctl status dhcpcd
● dhcpcd.service - dhcpcd on all interfaces
Loaded: loaded (/usr/lib/systemd/system/dhcpcd.service; enabled; preset: disabled)
Active: active (running) since Wed 2023-02-22 16:48:48; 21min ago
Process: 530 ExecStart=/usr/bin/dhcpcd -q -b (code=exited, status=0/SUCCESS)
Main PID: 533 (dhcpcd)
Tasks: 5 (limit: 38095)
Memory: 2.4M
CPU: 96ms
CGroup: /system.slice/dhcpcd.service
├─533 "dhcpcd: [manager] [ip4] [ip6]"
├─534 "dhcpcd: [privileged proxy]"
├─535 "dhcpcd: [network proxy]"
├─536 "dhcpcd: [control proxy]"
└─645 "dhcpcd: [BPF ARP] enp89s0 192.168.1.75"
systemctl status NetworkManager
● NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; enabled; preset: disabled)
Active: active (running) since Wed 2023-02-22 16:48:47; 21min ago
Docs: man:NetworkManager(8)
Main PID: 4915 (NetworkManager)
Tasks: 4 (limit: 38095)
Memory: 6.1M
CPU: 94ms
CGroup: /system.slice/NetworkManager.service
└─4915 /usr/bin/NetworkManager --no-daemon
答案1
这个问题与我的 VPN 有关,即 NordVPN,它在活动时会阻止访问。在激活 VPN 后禁用 VPN 后,它还会阻止访问。
仅当我的 VPN 最初未激活时才能访问其他计算机,激活后将停止。
将我的本地子网列入白名单192.168.1.0/24解决了我的问题。