Ubuntu 16.04 只能 ping 自己的 IP(但 SSH 工作正常)

tag-icon tag-icon linux ubuntu networking linux-networking
Ubuntu 16.04 只能 ping 自己的 IP(但 SSH 工作正常)

我的一台 Ubuntu 服务器行为非常奇怪。我可以通过 SSH 进入它,并且可以 ping 服务器本身(在 127.0.0.1、localhost 和其 LAN IP 192.168.88.9 上)。其他传出网络流量均不工作。从 LAN 上的另一台计算机 ping 它工作正常。

ifconfig:

eno1      Link encap:Ethernet  HWaddr 00:15:c5:ea:a3:75
          inet addr:192.168.88.9  Bcast:192.168.88.255  Mask:255.255.255.0
          inet6 addr: fe80::215:c5ff:feea:a375/64 Scope:Link
          inet6 addr: fd63:9db9:9717:0:215:c5ff:feea:a375/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:518989 errors:0 dropped:105240 overruns:0 frame:0
          TX packets:116542 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:89804473 (89.8 MB)  TX bytes:9939134 (9.9 MB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:408034 errors:0 dropped:0 overruns:0 frame:0
          TX packets:408034 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:77728418 (77.7 MB)  TX bytes:77728418 (77.7 MB)

在 /etc/网络/接口:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eno1
iface eno1 inet static
    address 192.168.88.9
    gateway 192.168.88.1
    netmask 255.255.255.0
        dns-nameservers 192.168.88.1

iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:isakmp
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipsec-nat-t
ACCEPT     esp  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

UFW 已关闭...

路线-n:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.88.1    255.255.255.0   UG    0      0        0 eno1
192.168.88.0    0.0.0.0         255.255.255.0   U     0      0        0 eno1

答案1

找到了!POSTROUTING 中有一个奇怪的 iptables 规则,iptables -L 默认不显示该规则。

iptables -t nat -v -L POSTROUTING -n --line-number

Chain POSTROUTING (policy ACCEPT 20 packets, 1200 bytes)
num   pkts bytes target     prot opt in     out     source               destination
1       25  1775 SNAT       all  --  *      eno+    0.0.0.0/0            0.0.0.0/0            to:<my-external-ip>

我删除了它iptables -t nat -D POSTROUTING 1

相关内容