我有两台从一家公司购买的 VPS,两台 VPS 的操作系统都是 ubuntu,当我arp-scan -l在其中一台机器上运行时,我可以看到另一台机器的 IP,但我无法以任何方式访问其他机器,例如ping或ssh。
VPS1 的 IP xxx.156.28.44-45-132-133 地址:
$ ifconfig
eno16777984 Link encap:Ethernet HWaddr 00:50:56:ba:13:08
inet addr:xxx.156.28.44 Bcast:xxx.156.29.255 Mask:255.255.254.0
inet6 addr: fe80::250:56ff:feba:1308/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68581784 errors:0 dropped:395 overruns:0 frame:0
TX packets:546712 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4117524421 (4.1 GB) TX bytes:42148204 (42.1 MB)
eno33557248 Link encap:Ethernet HWaddr 00:50:56:ba:5d:c3
inet addr:xxx.156.28.45 Bcast:xxx.156.29.255 Mask:255.255.254.0
inet6 addr: fe80::250:56ff:feba:5dc3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68593610 errors:0 dropped:391 overruns:0 frame:0
TX packets:549257 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4119620083 (4.1 GB) TX bytes:51059039 (51.0 MB)
eno50336512 Link encap:Ethernet HWaddr 00:50:56:ba:11:8a
inet addr:xxx.156.28.132 Bcast:xxx.156.29.255 Mask:255.255.254.0
inet6 addr: fe80::250:56ff:feba:118a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68577854 errors:0 dropped:385 overruns:0 frame:0
TX packets:537761 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4147035543 (4.1 GB) TX bytes:38477032 (38.4 MB)
eno67115776 Link encap:Ethernet HWaddr 00:50:56:ba:7f:ff
inet addr:xxx.156.28.133 Bcast:xxx.156.29.255 Mask:255.255.254.0
inet6 addr: fe80::250:56ff:feba:7fff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68623163 errors:0 dropped:381 overruns:0 frame:0
TX packets:563315 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4187533469 (4.1 GB) TX bytes:42074769 (42.0 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:12740522 errors:0 dropped:0 overruns:0 frame:0
TX packets:12740522 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4573274548 (4.5 GB) TX bytes:4573274548 (4.5 GB)
进而:
# arp-scan -l
Interface: eno16777984, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 512 hosts (http://www.nta-monitor.com/tools/arp-scan/)
xxx.156.28.1 ec:bd:1d:ee:90:56 (Unknown)
xxx.156.28.144 00:50:56:ba:44:e4 VMware, Inc.
xxx.156.28.145 00:50:56:ba:2d:ff VMware, Inc.
xxx.156.28.213 00:50:56:ba:70:95 VMware, Inc.
4 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 512 hosts scanned in 2.328 seconds (219.93 hosts/sec). 4 responded
VPS2 的 IP xxx.156.28.144 - 145 地址:
$ ifconfig
ens160 Link encap:Ethernet HWaddr 00:50:56:ba:44:e4
inet addr:xxx.156.28.144 Bcast:xxx.156.29.255 Mask:255.255.254.0
inet6 addr: fe80::250:56ff:feba:44e4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:106955 errors:0 dropped:12 overruns:0 frame:0
TX packets:12740 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9203357 (9.2 MB) TX bytes:5273326 (5.2 MB)
ens192 Link encap:Ethernet HWaddr 00:50:56:ba:2d:ff
inet addr:xxx.156.28.145 Bcast:xxx.156.29.255 Mask:255.255.254.0
inet6 addr: fe80::250:56ff:feba:2dff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:128548 errors:0 dropped:12 overruns:0 frame:0
TX packets:29882 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:14260145 (14.2 MB) TX bytes:30421730 (30.4 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:335736 errors:0 dropped:0 overruns:0 frame:0
TX packets:335736 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:72935084 (72.9 MB) TX bytes:72935084 (72.9 MB)
进而:
# arp-scan -l
Interface: ens160, datalink type: EN10MB (Ethernet)
Starting arp-scan 1.8.1 with 512 hosts (http://www.nta-monitor.com/tools/arp-scan/)
xxx.156.28.1 ec:bd:1d:ee:90:56 (Unknown)
xxx.156.28.44 00:50:56:ba:13:08 VMware, Inc.
xxx.156.28.45 00:50:56:ba:5d:c3 VMware, Inc.
xxx.156.28.132 00:50:56:ba:11:8a VMware, Inc.
xxx.156.28.133 00:50:56:ba:7f:ff VMware, Inc.
xxx.156.28.213 00:50:56:ba:70:95 VMware, Inc.
7 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 512 hosts scanned in 2.629 seconds (194.75 hosts/sec). 6 responded
并且:
$ sudo iptables -L -n -v
Chain INPUT (policy ACCEPT 141 packets, 17067 bytes)
pkts bytes target prot opt in out source
destination
155 13020 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
75563 15M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
6344 630K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
7 588 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2293 packets, 476K bytes)
pkts bytes target prot opt in out source destination
Chain f2b-sshd (1 references)
pkts bytes target prot opt in out source destination
13 788 REJECT all -- * * 121.18.238.98 0.0.0.0/0 reject-with icmp-port-unreachable
5294 566K RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
另外,两个 VPS 上都安装了 iptables,我使用以下命令启用 ping 访问:
sudo iptables -A INPUT -p icmp -j ACCEPT
我的问题还没有解决,我对网络没有什么经验,我该如何解决这个问题呢?
答案1
sudo iptables -A 输入 -p icmp -j 接受
根据你的 INPUT 链的配置方式,这可能无法工作,因为 iptables 的工作方式尝试
sudo iptables -I INPUT -p icmp -j ACCEPT
答案2
确保 iptables 没有阻止出站 ICMP。
sudo iptables -nL OUTPUT
看到,或者一般来说,
sudo iptables -nL
查看系统上的所有表(如果您有任何防火墙软件或更复杂的配置,您可能不仅仅拥有 INPUT、OUTPUT 和 FORWARD 默认值)。
sudo arp -na
还将显示系统上的当前 arp 表。(请注意,如果主机之间没有尝试通信,arp 条目将在短时间后过期)。