无法与第二个 NIC 上的网络通信

2024-5-29 • tag-icon

我正在运行 XenServer 6.2，它有两个位于不同子网上的 NIC：

xenbr0 : 192.168.1.50
xenbr1 : 192.168.0.50

NIC.1.50与内部网络通信，工作正常。.0.50直接插入外部路由器，但甚至无法进行 ping。

以下也许能有所帮助：

[root@voltaire ~]# ip route
192.168.1.0/24 dev xenbr0  proto kernel  scope link  src 192.168.1.50 
192.168.0.0/24 dev xenbr1  proto kernel  scope link  src 192.168.0.50

[root@voltaire ~]# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether 00:13:3b:0e:ae:55 brd ff:ff:ff:ff:ff:ff
3: eth2: <NO-CARRIER,BROADCAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
   link/ether 00:13:3b:0e:ae:56 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
   link/ether 00:25:22:e0:a9:ce brd ff:ff:ff:ff:ff:ff
5: xenbr1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:13:3b:0e:ae:55 brd ff:ff:ff:ff:ff:ff
6: xenbr0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:25:22:e0:a9:ce brd ff:ff:ff:ff:ff:ff
7: xenbr2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:13:3b:0e:ae:56 brd ff:ff:ff:ff:ff:ff
8: vif1.0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: vif1.1: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
10: tap1.0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: tap1.1: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff

[root@voltaire ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
2: eth1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
   link/ether 00:13:3b:0e:ae:55 brd ff:ff:ff:ff:ff:ff
3: eth2: <NO-CARRIER,BROADCAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
   link/ether 00:13:3b:0e:ae:56 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 00:25:22:e0:a9:ce brd ff:ff:ff:ff:ff:ff
5: xenbr1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:13:3b:0e:ae:55 brd ff:ff:ff:ff:ff:ff
   inet 192.168.0.50/24 brd 192.168.0.255 scope global xenbr1
6: xenbr0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:25:22:e0:a9:ce brd ff:ff:ff:ff:ff:ff
   inet 192.168.1.50/24 brd 192.168.1.255 scope global xenbr0
7: xenbr2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN 
   link/ether 00:13:3b:0e:ae:56 brd ff:ff:ff:ff:ff:ff
8: vif1.0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
9: vif1.1: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 32
   link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
10: tap1.0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
11: tap1.1: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff

[root@voltaire ~]# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=128 time=10.0 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=128 time=0.718 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=128 time=0.681 ms
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2017ms
rtt min/avg/max/mdev = 0.681/3.809/10.029/4.398 ms

[root@voltaire ~]# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
From 192.168.0.50 icmp_seq=1 Destination Host Unreachable
From 192.168.0.50 icmp_seq=2 Destination Host Unreachable
From 192.168.0.50 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.0.1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4026ms, pipe 3

我花了 6 个小时浏览我能找到的每一篇文章。我应用了提到的所有修复方法，但似乎没有任何效果。

让我们从显而易见的事情开始：

我确定网线已经插好了。
我确信所有 IP 地址都是正确的并且没有冲突。
我尝试通过 iptables 设置 NAT（尽管这不是必需的，因为我没有尝试用这个盒子进行 NAT）
我尝试设置多个路由表（我觉得这也有点多余，因为我甚至无法从两个接口 ping 通）

我希望这里有人能弄清楚我错过了什么因为我已经山穷水尽了。

`iptables`为 Giedrius Rekasius

[root@voltaire ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ha-cluster 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

另外，关于路由器上 VLAN 配置的问题：我实际上使用的是单独的路由器，每个子网一个，所以我没有配置 VLAN。每个路由器负责整个 C 类。

`brctl show`致彼得

[root@voltaire ~]# brctl show
bridge name bridge            idSTP enabledinterfaces
xenbr0      0000.002522e0a9ce no    eth0
                                    vif1.0
                                    tap1.0
xenbr1      0000.00133b0eae55 no    eth1
                                    vif1.1
                                    tap1.1
xenbr2      0000.00133b0eae56 no    eth2

我不确定您所指的是哪个“xen bridge ugly hack script”，这是我第一次尝试在 XenServer 上进行网络操作，目前几乎所有内容看起来都很丑陋/黑客。

如果有帮助的话，我没有亲自创建桥接接口。我只是经历了添加接口的过程。不过，XenCenter 中的所有内容都正确显示。

答案1

显然，我首先没有介绍足够多明显的解决方案。我从未运行过sysctl -p，因此从未启用过 IP 转发。

我想正式放弃我的极客帽子。应该有比我更有资格的人来接手。

iptables为 Giedrius Rekasius

brctl show致彼得

答案1

相关内容

`iptables`为 Giedrius Rekasius

`brctl show`致彼得