OpenVZ Host 是源 IP 地址而不是实际的网络浏览者?

OpenVZ Host 是源 IP 地址而不是实际的网络浏览者?

我的 VPS 出了问题。简单的例子:

<?php $ip = $_SERVER['REMOTE_ADDR']; 
Echo "User IP : " . $ip; 
?>

该代码应该显示用户 IP 地址,但它显示的是 HN IP 地址(而不是 VPS IP 地址)。

再次,当我通过 ssh 登录到虚拟容器时,登录的 IP 是硬件节点的 IP。

类似的问题在这里:OpenVZ Host 是源 IP 地址而不是实际的网络浏览者?

以下是 openVZ 配置:

# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Controls IP packet forwarding
net.ipv4.ip_forward = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1

# Controls source route verification
net.ipv4.conf.all.rp_filter = 1

# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0

# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 1

# Controls whether core dumps will append the PID to the core filename
# Useful for debugging multi-threaded applications
kernel.core_uses_pid = 1

# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1

# Controls the maximum size of a message, in bytes
kernel.msgmnb = 65536

# Controls the default maxmimum size of a mesage queue
kernel.msgmax = 65536

# Controls the maximum shared segment size, in bytes
kernel.shmmax = 68719476736

# Controls the maximum number of shared memory segments, in pages
kernel.shmall = 4294967296
# Disable proxy arp
net.ipv4.conf.default.proxy_arp = 0
# We do not want all our interfaces to send redirects
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.all.send_redirects = 0
net.ipv4.ip_conntrack_max=32760

IPTables 配置

[root@nod1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere
           all  --  clienti.alba.rdsnet.ro  anywhere
           all  --  anywhere             clienti.alba.rdsnet.ro
           all  --  clienti.alba.rdsnet.ro  anywhere
           all  --  anywhere             clienti.alba.rdsnet.ro
           all  --  clienti.alba.rdsnet.ro  anywhere
           all  --  anywhere             clienti.alba.rdsnet.ro

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     esp  --  anywhere             anywhere
ACCEPT     ah   --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB                                                                     LISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:s                                                                     sh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:s                                                                     mtp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h                                                                     ttp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:f                                                                     tp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h                                                                     ttps
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho      

有人能帮帮我吗?另外,我不是专家,所以如果有人能一步一步解释,我将不胜感激。

答案1

您能否粘贴一下您的 iptables 配置的输出?您是否尝试过 Jerry Tunin 建议的潜在解决方案?

iptables -t nat -L
iptables -t mangle -L

答案2

好的,这就是我所做的。我停止了 iptables 服务并从 /etc/sysconfig/iptables 中删除了包含 mangle 和 nat 的部分。按照 Adam 的指示,我从文件 /etc/sysconfig/vz 中的“## IPv4 iptables kernel modules”行部分中删除了“iptable_mangle”。我做了:

iptables -t nat -L iptables -t mangle -L

我已重新启动 iptables 服务并且问题解决。

现在我可以在服务器日志中看到我的私有 IP :D

非常感谢 Adam 指出了 mangle 和 nat 的问题。

祝你好运!

答案3

您很可能在所有 VPS 机器上都有一个环回设备,因此请尝试将其从整体配置中删除,或者出于测试目的访问 VPS 并输入:

ifconfig lo 下

再次检查传出的IP。

谨致问候,B.Bozhev

答案4

您的 HN 中是否有代理可以将请求发送到 CT 中的服务器?

如果是这种情况,您应该告诉您的代理将客户端 IP 转发到您的 CT 服务器,然后读取 X-Forwarding-For 标头。

相关内容