Ubuntu 拒绝通过 linknet 路由公共子网的数据包

tag-icon tag-icon linux ubuntu networking routing ipv4
Ubuntu 拒绝通过 linknet 路由公共子网的数据包

我遇到了通过新 ISP 的链接网络进行路由的新概念,目前正在尝试在我的 Ubuntu 13.10 服务器上正确路由 /28。然而,这被证明是徒劳的。

这是主机的路由表:

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         84-16-221.161.3 0.0.0.0         UG    0      0        0 eth0
84.16.211.48    *               255.255.255.240 U     0      0        0 eth1
84.16.221.160   *               255.255.255.224 U     0      0        0 eth0
192.168.1.0     *               255.255.255.0   U     0      0        0 eth1

IPTables(由 UFW 管理):

root@router:/proc/sys/net/ipv4/conf/all# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-input  all  --  anywhere             anywhere
ufw-before-input  all  --  anywhere             anywhere
ufw-after-input  all  --  anywhere             anywhere
ufw-after-logging-input  all  --  anywhere             anywhere
ufw-reject-input  all  --  anywhere             anywhere
ufw-track-input  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-forward  all  --  anywhere             anywhere
ufw-before-forward  all  --  anywhere             anywhere
ufw-after-forward  all  --  anywhere             anywhere
ufw-after-logging-forward  all  --  anywhere             anywhere
ufw-reject-forward  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  all  --  anywhere             anywhere
ufw-before-output  all  --  anywhere             anywhere
ufw-after-output  all  --  anywhere             anywhere
ufw-after-logging-output  all  --  anywhere             anywhere
ufw-reject-output  all  --  anywhere             anywhere
ufw-track-output  all  --  anywhere             anywhere

ip_forwarding 已打开,并且 sysctl 中的反向路径过滤已关闭。

在 eth1 上运行 tcpdump 并尝试 ping 子网的网关(84.16.211.49,即 eth1:1 的 IP)时,我看不到任何数据包。监听 eth0,我看到以下内容:

root@router:/proc/sys/net/ipv4/conf/all# tcpdump -vvvi eth0 icmp
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
10:26:14.448663 IP (tos 0x0, ttl 51, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    isengard.localecho.net > gateway.big5.no: ICMP echo request, id 16188, seq 21, length 64
10:26:14.448714 IP (tos 0x0, ttl 64, id 1421, offset 0, flags [none], proto ICMP (1), length 84)
    gateway.big5.no > isengard.localecho.net: ICMP echo reply, id 16188, seq 21, length 64

同样,尝试从网关地址进行跟踪路由也是徒劳的:

root@router:/etc/ufw# traceroute -s 84.16.211.49 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  * * *
 2  * * *

尝试上述跟踪路由时,eth0 和 eth1 上的 tcpdump 均未显示任何内容。

我和 ISP 的网络人员一样束手无策。有人能指点一下吗?

编辑:添加评论中请求的信息。

root@router:/etc/ufw# arp -a
    84-16-211.62.3p.ntebredband.no (84.16.211.62) at <incomplete> on eth1
    ? (192.168.1.10) at 00:0c:29:9a:ca:c2 [ether] on eth1
    google-public-dns-a.google.com (8.8.8.8) at <incomplete> on eth1
    shop.big5.no (84.16.211.52) at <incomplete> on eth1
    ? (192.168.1.11) at 00:0c:29:21:7f:fc [ether] on eth1
    ? (192.168.1.150) at e0:3f:49:8f:b7:d2 [ether] on eth1
    mail.big5.no (84.16.211.50) at <incomplete> on eth1
    84-16-211.56.3p.ntebredband.no (84.16.211.56) at <incomplete> on eth1
    84-16-221.161.3p.ntebredband.no (84.16.221.161) at 84:78:ac:66:c7:bb [ether] on eth0
    gf.big5.no (84.16.211.53) at <incomplete> on eth1
    www.big5.no (84.16.211.51) at 00:0c:29:21:7f:fc [ether] on eth1
    ? (192.168.1.15) at 00:0c:29:87:05:79 [ether] on eth1
    84-16-211.57.3p.ntebredband.no (84.16.211.57) at <incomplete> on eth1
    84-16-211.54.3p.ntebredband.no (84.16.211.54) at <incomplete> on eth1
    84-16-211.60.3p.ntebredband.no (84.16.211.60) at <incomplete> on eth1
    84-16-211.58.3p.ntebredband.no (84.16.211.58) at <incomplete> on eth1
    www.vg.no (195.88.54.16) at <incomplete> on eth1
    ? (192.168.1.169) at e0:3f:49:8f:b7:dc [ether] on eth1
    84-16-211.55.3p.ntebredband.no (84.16.211.55) at <incomplete> on eth1
    84-16-211.61.3p.ntebredband.no (84.16.211.61) at <incomplete> on eth1
    84-16-211.59.3p.ntebredband.no (84.16.211.59) at <incomplete> on eth1

ip route 的输出:

default via 84.16.221.161 dev eth0
84.16.211.48/28 dev eth1  proto kernel  scope link  src 84.16.211.49
84.16.221.160/27 dev eth0  proto kernel  scope link  src 84.16.221.163
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.1

据我所知,您无法在路由中寻址虚拟接口?因此,所有内容都在 eth1 上。包括 ifconfig 输出:

eth0      Link encap:Ethernet  HWaddr 00:10:a7:25:51:64
      inet addr:84.16.221.163  Bcast:255.255.255.255  Mask:255.255.255.224
      inet6 addr: fe80::210:a7ff:fe25:5164/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:385280 errors:0 dropped:0 overruns:0 frame:0
      TX packets:502991 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:65240032 (65.2 MB)  TX bytes:131127772 (131.1 MB)

eth1      Link encap:Ethernet  HWaddr 00:07:e9:74:d4:65
      inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
      inet6 addr: fe80::207:e9ff:fe74:d465/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:472809 errors:0 dropped:0 overruns:0 frame:0
      TX packets:440901 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:53655207 (53.6 MB)  TX bytes:84637672 (84.6 MB)

eth1:1    Link encap:Ethernet  HWaddr 00:07:e9:74:d4:65
      inet addr:84.16.211.49  Bcast:84.16.211.63  Mask:255.255.255.240
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

相关内容