我有一台机器(Fedora)正在使用 iptables(充当防火墙)。系统运行了很长时间,但现在出现了问题。互联网连接失败。我仔细检查了一下,发现如果机器启动或连接到路由器,则网络中的每个人都会无法连接互联网。局域网中的通信正常(其他 NIC)。我在哪里可以查找问题?
如果我查看交换机(Fedora 和路由器之间),如果服务器连接到路由器,活动 LED 就会一直闪烁……
iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
eth2-DMZ all -- 0.0.0.0/0 0.0.0.0/0
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
eth0-internal-INPUT all -- 0.0.0.0/0 0.0.0.0/0
LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `REJECT FILTER:'
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 ww.ww.77.104/29 tcp dpt:80 state NEW
ACCEPT tcp -- 0.0.0.0/0 ww.ww.77.104/29 tcp dpt:443 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001 state NEW
ACCEPT tcp -- xx.yy.133.130 0.0.0.0/0 tcp state NEW,ESTABLISHED
ACCEPT tcp -- zz.104.19.111 0.0.0.0/0 tcp state NEW,ESTABLISHED
REJECT tcp -- 0.0.0.0/0 !ww.ww.77.104/29 tcp dpt:80 reject-with icmp-port-unreachable
REJECT all -- aa.251.23.91 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- bb.30.3.184 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- cc.10.104.163 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- dd.53.170.29 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- ee.120.230.6 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- ff.109.225.231 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- gg.95.43.173 0.0.0.0/0 reject-with icmp-port-unreachable
Chain eth0-internal-INPUT (1 references)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:4000:4003 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:4000:4003 state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12489 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80
Chain eth2-DMZ (1 references)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED icmp type 8
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:161:162 state NEW,RELATED,ESTABLISHED
ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp state NEW,ESTABLISHED
ACCEPT tcp -- 192.168.11.0 0.0.0.0/0 tcp state NEW,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666 state NEW
路线-n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
ww.ww.77.104 0.0.0.0 255.255.255.248 U 0 0 0 eth1
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.10.0 192.168.3.2 255.255.255.0 UG 0 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 ww.ww.77.105 0.0.0.0 UG 0 0 0 eth1
cat /proc/sys/net/ipv4/ip_forward
1
我已经屏蔽了官方 IP 地址。
解决方案:
似乎一名黑客访问了 Fedora 背后的另一台服务器。他在那里放置了一个脚本,该脚本会发起 DDOS 或类似攻击。因此路由器超负荷运行,互联网无法正常工作……
答案1
你能更换网卡或换一个吗?有时当网卡出问题时,它们会通过向网络发送大量垃圾信息来破坏网络。