Linux:使用别名 (eth0:1) 时某些地址完全无法访问

Linux:使用别名 (eth0:1) 时某些地址完全无法访问

我有一个有两个 IP 地址的服务器。主 IP 地址是 81.21.136.5。后来我用 添加了 81.21.136.8 ifconfig eth0:1 81.21.136.8 up

一切正常。除了某些地址无法访问。我无法从我的服务器访问这些地址,并且这些机器无法以类似的方式访问我的服务器。如果我eth0:1删除ifconfig eth0:1 down

说实话,我不知道出了什么问题。

首先,让我向您展示一个到随机工作地址的“正常”(缩写)跟踪路由:

[~]# traceroute arp242.net
traceroute to arp242.net (94.142.245.225), 30 hops max, 40 byte packets
 1  son-er-dc1.signet.nl (81.21.136.254)  0.681 ms  0.540 ms  0.820 ms
 2  ams-er8-sara.v92.signet.nl (217.21.246.50)  12.668 ms  14.177 ms  14.856 ms
 3  amsix.true.nl (195.69.144.171)  1.973 ms  2.212 ms  2.208 ms
  [...etc...]

现在跟踪路由到一个“损坏的”地址:

[~]# traceroute 81.204.228.205
traceroute to 81.204.228.205 (81.204.228.205), 30 hops max, 40 byte packets
 1  vps-aragorn0.signet.nl (81.21.136.8)  3002.364 ms !H  3002.368 ms !H  3002.067 ms !H

第一步从 81.21.136.8 开始。为什么?为什么只针对(据我所知)这一特定地址块?

eth0:1这是将状态设置为关闭后到同一“损坏”地址的(完整)跟踪路由:

[~]# traceroute 81.204.228.205
traceroute to 81.204.228.205 (81.204.228.205), 30 hops max, 40 byte packets
 1  son-er-dc1.signet.nl (81.21.136.254)  0.610 ms  0.791 ms  0.842 ms
 2  ams-er8-sara.v92.signet.nl (217.21.246.50)  2.169 ms  3.123 ms  3.996 ms
 3  iawxsrt-rt2.bb21.wxs.nl (195.69.144.62)  4.554 ms  4.554 ms  4.508 ms
 4  nl-rt-dc2-gsi-cr01b.kpn.net (213.75.64.187)  4.351 ms nl-rt-dc2-isp-cr01a.wxs.nl (213.75.64.25)  4.425 ms nl-rt-dc2-gsi-cr01b.kpn.net (213.75.64.23)  4.207 ms
 5  nl-asd-dc2-gsi-cr01a.kpn.net (213.75.64.67)  4.499 ms  4.983 ms  4.499 ms
 6  213.75.14.140 (213.75.14.140)  4.983 ms nl-asd-dc2-gsi-br01a.kpn.net (213.75.14.1)  4.499 ms nl-asd-dc2-isp-bb21.wxs.nl (213.75.14.76)  4.983 ms
 7  iawxsrt-dc2-acc04.wxs.nl (213.75.1.70)  4.983 ms 213.75.1.14 (213.75.1.14)  4.951 ms 213.75.1.62 (213.75.1.62)  4.685 ms

任何建议都将非常感谢!


有关系统配置的一些信息:

[~]% uname -a
Linux vps-aragorn0 2.6.18-238.9.1.el5 #1 SMP Tue Apr 12 18:10:13 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux


[/etc]% cat /etc/issue 
CentOS release 5.6 (Final)
Kernel \r on an \m


[~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
81.21.136.0     *               255.255.255.0   U         0 0          0 eth0
169.254.0.0     *               255.255.0.0     U         0 0          0 eth0
81.0.0.0        *               255.0.0.0       U         0 0          0 eth0
default         son-er-dc1.sign 0.0.0.0         UG        0 0          0 eth0



[~]# service iptables status
Table: filter
Chain INPUT (policy DROP)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2844
8    ACCEPT     tcp  --  80.246.203.133       0.0.0.0/0           tcp dpt:3306
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain RH-Firewall-1-INPUT (0 references)
num  target     prot opt source               destination


[~]# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 52:54:00:23:6C:9F
          inet addr:81.21.136.5  Bcast:81.21.136.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:63276899 errors:0 dropped:1113 overruns:0 frame:0
          TX packets:28898565 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:6736496489 (6.2 GiB)  TX bytes:30255467302 (28.1 GiB)
          Interrupt:10 Base address:0xa000

eth0:1    Link encap:Ethernet  HWaddr 52:54:00:23:6C:9F
          inet addr:81.21.136.8  Bcast:81.255.255.255  Mask:255.0.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0xa000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4656156 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4656156 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:7034068633 (6.5 GiB)  TX bytes:7034068633 (6.5 GiB)

答案1

你的路由表中有以下内容:

81.0.0.0        *               255.0.0.0       U         0 0          0 eth0

为 上的 IP 地址指定正确的网络掩码eth0:0,否则它似乎使用/8网络掩码,因此每个到以 81 开头的 IP 地址的连接都将被视为在同一个广播域内,并且请求将不会被发送到默认网关,而是尝试进行连接,就好像它与您的网络接口位于同一区域一样。

将 IP 地址的网络掩码更改为eth0:0正确的网络掩码即可解决此问题。

相关内容