IP 可以内部 ping 但不能外部 ping

IP 可以内部 ping 但不能外部 ping

昨天,我的 DEBIAN 服务器宕机了,我不得不重启。之后,几个网站都无法访问,我发现 3 上的 2 个 IP 无法 ping 通。主 IP 仍然有效,连接的网站也可以工作。LAMP 没问题。

当我从外部(例如从我电脑上的 CMD 窗口) ping IP 时,它没有响应(超时)当我从内部(例如从 SSH 窗口) ping 时,它会响应。

这里是 ifconfig:

eth0      Link encap:Ethernet  HWaddr 38:60:77:59:ab:d5  
      inet adr:94.23.45.172  Bcast:94.23.45.255  Masque:255.255.255.0
      adr inet6: fe80::3a60:77ff:fe59:abd5/64 Scope:Lien
      adr inet6: 2001:41d0:2:2eac::/64 Scope:Global
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:30087 errors:0 dropped:8 overruns:0 frame:0
      TX packets:42372 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 lg file transmission:1000 
      RX bytes:3059473 (2.9 MiB)  TX bytes:42177957 (40.2 MiB)
      Interruption:20 Mémoire:fe500000-fe520000 

eth0:0    Link encap:Ethernet  HWaddr 38:60:77:59:ab:d5  
      inet adr:91.121.34.20  Bcast:91.121.34.255  Masque:255.255.255.0
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      Interruption:20 Mémoire:fe500000-fe520000 

eth0:1    Link encap:Ethernet  HWaddr 38:60:77:59:ab:d5  
      inet adr:149.202.31.242  Bcast:149.202.31.255  Masque:255.255.255.0
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      Interruption:20 Mémoire:fe500000-fe520000 

lo        Link encap:Boucle locale  
      inet adr:127.0.0.1  Masque:255.0.0.0
      adr inet6: ::1/128 Scope:Hôte
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:3952 errors:0 dropped:0 overruns:0 frame:0
      TX packets:3952 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 lg file transmission:0 
      RX bytes:591562 (577.6 KiB)  TX bytes:591562 (577.6 KiB)

我什么也没看到。你能帮忙吗?

[编辑]

当我在远处的 CMD 窗口下跟踪路线时:

有效的 IP:

C:\Users\Bruno>tracert 94.23.45.172

Détermination de l'itinéraire vers ns3453432.ip-94-23-45.eu [94.23.45.172]
avec un maximum de 30 sauts :

1    <1 ms    <1 ms    <1 ms  OpenWrt.lan [192.168.29.1]
2     1 ms     2 ms     2 ms  172.31.131.1
3    37 ms    37 ms    37 ms  10.0.131.1
4    48 ms     *        *     ovh.franceix.net [37.49.236.144]
5    48 ms    47 ms    48 ms  gsw-g1-a9.fr.eu [213.186.32.210]
6    52 ms    52 ms    52 ms  rbx-g2-a9.fr.eu [91.121.131.213]
7    51 ms    51 ms    51 ms  vss-1b-6k.fr.eu [91.121.131.74]
8    52 ms    52 ms    52 ms  ns3453432.ip-94-23-45.eu [94.23.45.172]

Itinéraire déterminé.

不起作用的IP:

C:\Users\Bruno>tracert 149.202.31.242

Détermination de l'itinéraire vers ip242.ip-149-202-31.eu [149.202.31.242]
avec un maximum de 30 sauts :

1    <1 ms    <1 ms    <1 ms  OpenWrt.lan [192.168.29.1]
2     2 ms     1 ms     1 ms  172.31.131.1
3    37 ms    36 ms    37 ms  10.0.131.1
4    47 ms     *        *     ovh.franceix.net [37.49.236.144]
5    49 ms    49 ms    48 ms  gsw-g1-a9.fr.eu [213.186.32.210]
6    52 ms    51 ms    52 ms  rbx-g2-a9.fr.eu [91.121.131.213]
7    53 ms    52 ms    53 ms  vss-1b-6k.fr.eu [91.121.131.74]
8     *        *        *     Délai d'attente de la demande dépassé.
9     *        *        *     Délai d'attente de la demande dépassé.
10     *        *        *     Délai d'attente de la demande dépassé.
11     *        *        *     Délai d'attente de la demande dépassé.
12     *        *        *     Délai d'attente de la demande dépassé.
13     *        *        *     Délai d'attente de la demande dépassé.
14     *        *     ^C

这表明目标服务器不一样:

  • ns3453432.ip-94-23-45.eu => 好的,这是我的服务器
  • ip242.ip-149-202-31.eu => NOK,我不知道这个服务器是什么?也许正常?我的提供商的 IP 服务器?

[编辑]

“ip 地址”的结果:

: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN 
link/ether 56:3d:d8:48:8f:18 brd ff:ff:ff:ff:ff:ff
3: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN 
link/ether b6:7a:a9:a6:7f:e3 brd ff:ff:ff:ff:ff:ff
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 38:60:77:59:ab:d5 brd ff:ff:ff:ff:ff:ff
inet 94.23.45.172/24 brd 94.23.45.255 scope global eth0
   valid_lft forever preferred_lft forever
inet 91.121.34.20/24 brd 91.121.34.255 scope global eth0:0
   valid_lft forever preferred_lft forever
inet 149.202.31.242/24 brd 149.202.31.255 scope global eth0:1
   valid_lft forever preferred_lft forever
inet6 2001:41d0:2:2eac::/64 scope global 
   valid_lft forever preferred_lft forever
inet6 fe80::3a60:77ff:fe59:abd5/64 scope link 
   valid_lft forever preferred_lft forever
5: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN 
link/ipip 0.0.0.0 brd 0.0.0.0
6: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN 
link/sit 0.0.0.0 brd 0.0.0.0
7: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN 
link/tunnel6 :: brd ::

不知道有没有帮助啊?

[编辑]

iptables -L

Chain INPUT (policy DROP)
target     prot opt source               destination
fail2ban-ssh  tcp  --  anywhere             anywhere             multiport     dports ssh
ACCEPT     all  --  anywhere             anywhere             state   RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2222
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8443
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:1337
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:webmin

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state     RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:2222
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ntp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:iscsi-target state NEW,ESTABLISHED

Chain fail2ban-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

和路线:

Table de routage IP du noyau
Destination     Passerelle      Genmask         Indic Metric Ref    Use Iface
default         vss-gw-6k.fr.eu 0.0.0.0         UG    0      0        0 eth0
91.121.34.0     *               255.255.255.0   U     0      0        0 eth0
94.23.45.0      *               255.255.255.0   U     0      0        0 eth0
149.202.31.0    *               255.255.255.0   U     0      0        0 eth0

相关内容