如果 Linux 服务器连接到路由器,整个网络的互联网连接将无法工作

tag-icon tag-icon linux fedora internet connection
如果 Linux 服务器连接到路由器,整个网络的互联网连接将无法工作

我有一台机器(Fedora)正在使用 iptables(充当防火墙)。系统运行了很长时间,但现在出现了问题。互联网连接失败。我仔细检查了一下,发现如果机器启动或连接到路由器,则网络中的每个人都会无法连接互联网。局域网中的通信正常(其他 NIC)。我在哪里可以查找问题?

如果我查看交换机(Fedora 和路由器之间),如果服务器连接到路由器,活动 LED 就会一直闪烁……

iptables -L -n

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
eth2-DMZ   all  --  0.0.0.0/0            0.0.0.0/0
RH-Firewall-1-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
eth0-internal-INPUT  all  --  0.0.0.0/0            0.0.0.0/0
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4 prefix `REJECT FILTER:'
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (1 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21 state NEW,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            ww.ww.77.104/29    tcp dpt:80 state NEW
ACCEPT     tcp  --  0.0.0.0/0            ww.ww.77.104/29    tcp dpt:443 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:10001 state NEW
ACCEPT     tcp  --  xx.yy.133.130       0.0.0.0/0           tcp state NEW,ESTABLISHED
ACCEPT     tcp  --  zz.104.19.111        0.0.0.0/0           tcp state NEW,ESTABLISHED
REJECT     tcp  --  0.0.0.0/0           !ww.ww.77.104/29    tcp dpt:80 reject-with icmp-port-unreachable
REJECT     all  --  aa.251.23.91         0.0.0.0/0           reject-with icmp-port-unreachable
REJECT     all  --  bb.30.3.184         0.0.0.0/0           reject-with icmp-port-unreachable
REJECT     all  --  cc.10.104.163       0.0.0.0/0           reject-with icmp-port-unreachable
REJECT     all  --  dd.53.170.29        0.0.0.0/0           reject-with icmp-port-unreachable
REJECT     all  --  ee.120.230.6         0.0.0.0/0           reject-with icmp-port-unreachable
REJECT     all  --  ff.109.225.231       0.0.0.0/0           reject-with icmp-port-unreachable
REJECT     all  --  gg.95.43.173        0.0.0.0/0           reject-with icmp-port-unreachable

Chain eth0-internal-INPUT (1 references)
target     prot opt source               destination
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 255
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:10000 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:111 state NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:111 state NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:2049 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:2049 state NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:4000:4003 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpts:4000:4003 state NEW,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5901 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5666 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:12489 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 state NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:80

Chain eth2-DMZ (1 references)
target     prot opt source               destination
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           state NEW,RELATED,ESTABLISHED icmp type 8
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpts:161:162 state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  192.168.10.0/24      0.0.0.0/0           tcp state NEW,ESTABLISHED
ACCEPT     tcp  --  192.168.11.0         0.0.0.0/0           tcp state NEW,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:5666 state NEW

路线-n

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
ww.ww.77.104   0.0.0.0         255.255.255.248 U     0      0        0 eth1
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth2
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.10.0    192.168.3.2     255.255.255.0   UG    0      0        0 eth2
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth2
0.0.0.0         ww.ww.77.105   0.0.0.0         UG    0      0        0 eth1

cat /proc/sys/net/ipv4/ip_forward

  1

我已经屏蔽了官方 IP 地址。

解决方案:

似乎一名黑客访问了 Fedora 背后的另一台服务器。他在那里放置了一个脚本,该脚本会发起 DDOS 或类似攻击。因此路由器超负荷运行,互联网无法正常工作……

答案1

你能更换网卡或换一个吗?有时当网卡出问题时,它们会通过向网络发送大量垃圾信息来破坏网络。

相关内容