这里有一个奇怪的问题...我正在使用 OpenVZ 并且有 3 个容器。我的设置运行良好 3 年,昨天发生了一些事情,我似乎无法在一个容器上找到问题。其他 2 个按预期运行。
这是我的 openvz 设置
[root@node1 ~]# vzlist -a
CTID NPROC STATUS IP_ADDR HOSTNAME
101 133 running 67.212.65.43 serveur1.***.com
102 139 running 67.212.65.44 serveur2.***.com
103 187 running 67.212.65.45 serveur3.***.com
故障容器位于 67.212.65.43 上,其他 2 个运行正常,我的提供商告诉我 67.212.65.43 上一切正常
[root@node1 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
67.212.65.44 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
67.212.65.45 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
67.212.65.46 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
67.212.65.43 0.0.0.0 255.255.255.255 UH 0 0 0 venet0
67.212.65.40 0.0.0.0 255.255.255.248 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 67.212.65.41 0.0.0.0 UG 0 0 0 eth0
我可以通过输入以下内容进入故障容器:
vzctl 输入 101
这是我迄今为止尝试过的:
[root@serveur1 /]# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
[root@serveur1 /]# traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
send: Operation not permitted
[root@serveur1 /]# nslookup 8.8.8.8
;; connection timed out; no servers could be reached
我尝试执行 iptables -F 但没有解决任何问题。当前规则是:
[root@serveur1 etc]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
Chain ALLOWIN (0 references)
target prot opt source destination
Chain ALLOWOUT (0 references)
target prot opt source destination
Chain DENYIN (0 references)
target prot opt source destination
Chain DENYOUT (0 references)
target prot opt source destination
Chain INVALID (0 references)
target prot opt source destination
Chain INVDROP (0 references)
target prot opt source destination
Chain LOCALINPUT (0 references)
target prot opt source destination
Chain LOCALOUTPUT (0 references)
target prot opt source destination
Chain LOGDROPIN (0 references)
target prot opt source destination
Chain LOGDROPOUT (0 references)
target prot opt source destination
Chain cpanel-dovecot-solr (0 references)
target prot opt source destination
Chain f2b-sshd (0 references)
target prot opt source destination
我开始检查我的服务器网络配置...但就像我说的,它运行良好三年了...我迷失了,需要帮助来找到问题所在。
解析.conf:
由 NetworkManager 生成
名称服务器 8.8.8.8 名称服务器 8.8.4.4
是否配置
[root@serveur1 etc]# ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 60 bytes 4200 (4.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60 bytes 4200 (4.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP> mtu 1500
inet 127.0.0.1 netmask 255.255.255.255 broadcast 0.0.0.0 destination 127.0.0.1
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 0 (UNSPEC)
RX packets 45325 bytes 2970128 (2.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 51 bytes 14395 (14.0 KiB)
TX errors 0 dropped 2 overruns 0 carrier 0 collisions 0
venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP> mtu 1500
inet 67.212.65.43 netmask 255.255.255.255 broadcast 67.212.65.43 destination 67.212.65.43
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 0 (UNSPEC)
一切似乎都设置正确...让我知道您需要什么额外信息,我将发布编辑。
答案1
好的,我找到了解决方法。刷新 iptables 规则后,我需要像这样重新创建它们:
iptables -P INPUT ACCEPT
iptables -F OUTPUT
iptables -F FORWARD
执行此操作后,服务器再次开始响应。希望此操作对以后遇到该错误的人有所帮助。