我有一台硬件服务器,而不是虚拟机。在其上安装了一个专有 Linux 发行版(专有 Linux 发行版来自我自己的公司 - 它基于 Centos 6.4)。
我在 10 台硬件服务器上安装了 Linux 发行版。其中 9 台的网络运行正常 - 我可以 ping 其他主机和网关 (10.213.42.1)
但在其中一个上,我根本无法 ping 通网关。我尝试编辑 ifcfg-em4 文件,删除并添加默认路由,然后 ifdown 和 ifup 接口。
问题是我无法 ping 通网关。因此,我无法访问不在 10.213.42.X 子网上的主机,而不在 10.213.42.X 子网上的主机也无法访问此服务器。
我对网关进行了 ping 操作,但失败了:
[root@per730-22 ~]# ping -c 3 -I em4 10.213.42.1
PING 10.213.42.1 (10.213.42.1) from 10.213.42.107 em4: 56(84) bytes of data.
--- 10.213.42.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
但是,如果我使用路由选项进行 ping,则对网关的 ping 操作就会成功:
[root@per730-22 ~]# ping -c 3 -I em4 -R 10.213.42.1
PING 10.213.42.1 (10.213.42.1) from 10.213.42.107 em4: 56(124) bytes of data.
64 bytes from 10.213.42.1: icmp_seq=1 ttl=255 time=1.36 ms
RR: 10.213.42.107
10.213.42.1
10.213.42.107
64 bytes from 10.213.42.1: icmp_seq=2 ttl=255 time=1.48 ms (same route)
64 bytes from 10.213.42.1: icmp_seq=3 ttl=255 time=1.38 ms (same route)
--- 10.213.42.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.365/1.411/1.485/0.068 ms
这是我的路线表:
[root@per730-22 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.213.42.1 0.0.0.0 UG 100 0 0 em4
10.213.42.0 0.0.0.0 255.255.255.0 U 100 0 0 em4
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
上面的路由表和其他9台没有这个问题的主机上的路由表是一样的。
是否有某个网络端口或进程关闭,从而导致 ping 失败?防火墙已禁用。但是有没有办法(Centos 方式)来检查是否可以在此有问题的主机上收到来自网关的 ping 响应?
====附录====
我可以在主机上下载 RPM,然后使用 USB 记忆棒将其复制到问题主机,从而在问题主机上安装 tcpdump。
我在执行 ping 操作时打开了 tcpdump。作为控制主体,我还在 ping 网关没有问题的主机上打开了 tcpdump。
这是控制主机。它访问网关没有任何问题,您可以看到 ICMP 请求发出并返回了回复。
[root@per730-20 ~]# tcpdump -i em4 host 10.213.42.1 -s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em4, link-type EN10MB (Ethernet), capture size 262144 bytes
16:01:45.276511 ARP, Request who-has 10.213.42.92 (Broadcast) tell 10.213.42.1, length 46
16:01:45.276998 ARP, Request who-has 10.213.42.51 (Broadcast) tell 10.213.42.1, length 46
16:01:45.277412 ARP, Request who-has 10.213.42.73 (Broadcast) tell 10.213.42.1, length 46
16:01:46.189569 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 1, length 64
16:01:46.189714 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 1, length 64
16:01:46.281455 ARP, Request who-has 10.213.42.60 (Broadcast) tell 10.213.42.1, length 46
16:01:47.191247 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 2, length 64
16:01:47.191427 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 2, length 64
16:01:48.192302 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 3, length 64
16:01:48.192476 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 3, length 64
16:01:49.192285 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 4, length 64
16:01:49.192464 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 4, length 64
16:01:50.192285 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 5, length 64
16:01:50.192468 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 5, length 64
16:01:51.192909 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 6, length 64
16:01:51.193091 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 6, length 64
16:01:52.192288 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 7, length 64
16:01:52.192448 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 7, length 64
16:01:53.192285 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 8, length 64
16:01:53.192466 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 8, length 64
16:01:54.193412 IP per730-20-pub > 10.213.42.1: ICMP echo request, id 33554, seq 9, length 64
16:01:54.193594 IP 10.213.42.1 > per730-20-pub: ICMP echo reply, id 33554, seq 9, length 64
这是问题主机。您可以看到 ICMP 请求已发出,但没有收到 ICMP 回复。
[root@per730xd-11 opt]# tcpdump -i em4 host 10.213.42.1 -s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em4, link-type EN10MB (Ethernet), capture size 262144 bytes
15:45:19.992715 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 1, length 64
15:45:20.991775 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 2, length 64
15:45:21.991799 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 3, length 64
15:45:22.991805 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 4, length 64
15:45:23.991835 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 5, length 64
15:45:24.991807 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 6, length 64
15:45:24.995807 ARP, Request who-has 10.213.42.1 tell per730xd-11-pub, length 28
15:45:24.997735 ARP, Reply 10.213.42.1 is-at 00:00:5e:00:01:01 (oui IANA), length 46
15:45:25.991793 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 7, length 64
15:45:26.991831 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 8, length 64
15:45:27.991800 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 9, length 64
15:45:28.991793 IP per730xd-11-pub > 10.213.42.1: ICMP echo request, id 49616, seq 10, length 64
我还使用“-e”选项运行了 tcpdump,以再次检查是否使用了正确的接口 (em4) MAC 地址。确实如此。接口的 MAC(以太数)是发送 ICMP 请求的目标 MAC。网关的 MAC 也与 ARP 表中的条目匹配。
我不明白为什么我没有收到 ICMP 请求。iptables 已被刷新。Selinux 已禁用。firewalld 已禁用。是否有我必须为 ping 设置的端口?