问题陈述
虽然 RRAS 服务的所有虚拟机和拨号客户端都可以到达它们需要到达的地方,但是 RRAS 机器本身无法到达互联网。
设想
物理 HyperV 机器(SGHYPERV)和物理文件服务器(SGFILE1)位于防火墙后面,连接到互联网。
在 HyperV 机器上,两个子网完全在内部定义,每个子网包含多个虚拟机。此外,还有多个虚拟机与物理机器共享同一个子网。因此有三个虚拟交换机,其中一个与物理网络共享。运行 RRAS 的机器在这些子网之间路由 - 并且还提供拨号 VPN 访问。
防火墙提供 NAT;RRAS 只是以明文形式路由地址。
没有任何机器启用Windows防火墙。
网络示意图:
有效的方法:
- 物理机器可以访问互联网,以及包括 RRAS 机器在内的所有虚拟机。
- 虚拟机可以访问互联网,以及包括 RRAS 机器在内的所有其他虚拟机和物理机器。
- VPN 客户端可以访问所有虚拟机(包括 RRAS 机器)和物理机器。
- RRAS 机器本身可以访问所有虚拟机和物理机器 SGFILE1。
(“到达” 既指 ICMP Ping,也指 TCP 服务,例如 RDP、SMB、http 等)
什么不起作用
- RRAS 机器本身无法访问互联网。
- 尽管 SGHYPERV 可以正常访问 RRAS 机器,但 RRAS 机器本身无法访问物理 SGHYPERV。
来自 RRAS 计算机的路由表
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.6.42.68 10.6.42.71 261
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
172.19.101.0 255.255.255.0 On-link 172.19.101.1 261
172.19.101.1 255.255.255.255 On-link 172.19.101.1 261
172.19.101.201 255.255.255.255 On-link 172.19.101.201 270
172.19.101.202 255.255.255.255 172.19.101.202 172.19.101.201 15
172.19.101.203 255.255.255.255 172.19.101.203 172.19.101.201 15
172.19.101.204 255.255.255.255 172.19.101.204 172.19.101.201 15
172.19.101.205 255.255.255.255 172.19.101.205 172.19.101.201 15
172.19.101.206 255.255.255.255 172.19.101.206 172.19.101.201 15
172.19.101.207 255.255.255.255 172.19.101.207 172.19.101.201 15
172.19.101.208 255.255.255.255 172.19.101.208 172.19.101.201 15
172.19.101.209 255.255.255.255 172.19.101.209 172.19.101.201 15
172.19.101.210 255.255.255.255 172.19.101.210 172.19.101.201 15
172.19.101.255 255.255.255.255 On-link 172.19.101.1 261
172.19.102.0 255.255.255.0 On-link 172.19.102.1 261
172.19.102.1 255.255.255.255 On-link 172.19.102.1 261
172.19.102.100 255.255.255.255 On-link 172.19.102.1 261
172.19.102.255 255.255.255.255 On-link 172.19.102.1 261
10.6.42.64 255.255.255.224 On-link 10.6.42.71 261
10.6.42.71 255.255.255.255 On-link 10.6.42.71 261
10.6.42.75 255.255.255.255 On-link 10.6.42.71 6
10.6.42.75 255.255.255.255 10.6.42.75 172.19.102.1 261
10.6.42.75 255.255.255.255 10.6.42.75 172.19.101.1 261
10.6.42.77 255.255.255.255 On-link 10.6.42.71 261
10.6.42.95 255.255.255.255 On-link 10.6.42.71 261
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.6.42.71 261
224.0.0.0 240.0.0.0 On-link 172.19.102.1 261
224.0.0.0 240.0.0.0 On-link 172.19.101.1 261
224.0.0.0 240.0.0.0 On-link 172.19.101.201 270
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.6.42.71 261
255.255.255.255 255.255.255.255 On-link 172.19.102.1 261
255.255.255.255 255.255.255.255 On-link 172.19.101.1 261
255.255.255.255 255.255.255.255 On-link 172.19.101.201 270
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
10.6.42.75 255.255.255.255 10.6.42.71 1
0.0.0.0 0.0.0.0 10.6.42.68 Default
===========================================================================
跟踪路由(使用 WinMTR)
到默认网关(10.6.42.68)
|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| 10.6.42.68 - 0 | 21 | 21 | 0 | 0 | 1 | 0 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider
至 Google 8.8.8.8
|------------------------------------------------------------------------------------------|
| WinMTR statistics |
| Host - % | Sent | Recv | Best | Avrg | Wrst | Last |
|------------------------------------------------|------|------|------|------|------|------|
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
| No response from host - 100 | 7 | 0 | 0 | 0 | 0 | 0 |
|________________________________________________|______|______|______|______|______|______|
WinMTR v0.92 GPL V2 by Appnor MSP - Fully Managed Hosting & Cloud Provider