我正在尝试诊断无头 ubuntu (16.04) 服务器上的连接问题,因此我有第二个以太网接口(称为“eth1”),我可以使用它从我的笔记本电脑启动终端 ssh 会话。禁用该接口上的出站连接的最佳方法是什么,以便终端仍然有效,但出站请求只会转到我正在调试的另一个接口?
我觉得使用 ufw 规则丢弃出站数据包并不是正确的答案,因为 tcp/ip 堆栈仍会尝试使用已知良好的 eth1 接口,并且它只会丢弃它的数据包,而不一定会重新路由到我希望流量去往的 eth0。
输出ip a s
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 40:8d:5c:14:04:e3 brd ff:ff:ff:ff:ff:ff
3: wlp7s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 48:51:b7:84:10:66 brd ff:ff:ff:ff:ff:ff
4: enx0050b6294caf: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:b6:29:4c:af brd ff:ff:ff:ff:ff:ff
inet 10.2.10.102/24 brd 10.2.10.255 scope global dynamic enx0050b6294caf
valid_lft 4183sec preferred_lft 4183sec
inet6 fe80::b104:ac65:6a10:caf1/64 scope link
valid_lft forever preferred_lft forever
5: enx0050b6b50965: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:b6:b5:09:65 brd ff:ff:ff:ff:ff:ff
inet 10.3.10.100/24 brd 10.3.10.255 scope global dynamic enx0050b6b50965
valid_lft 6832sec preferred_lft 6832sec
inet6 fe80::5809:6749:217a:20dc/64 scope link
valid_lft forever preferred_lft forever
6: enx0050b6b50963: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:50:b6:b5:09:63 brd ff:ff:ff:ff:ff:ff
inet 10.1.10.207/24 brd 10.1.10.255 scope global enx0050b6b50963
valid_lft forever preferred_lft forever
inet6 2603:3024:20b:2200:2565:531b:cc3c:2128/64 scope global temporary dynamic
valid_lft 318817sec preferred_lft 18007sec
inet6 2603:3024:20b:2200:250:b6ff:feb5:963/64 scope global mngtmpaddr dynamic
valid_lft 318817sec preferred_lft 318817sec
inet6 fe80::250:b6ff:feb5:963/64 scope link
valid_lft forever preferred_lft forever
7: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:9a:df:18:e8 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
输出ip r s
default via 10.2.10.10 dev enx0050b6294caf proto static metric 100
default via 10.3.10.10 dev enx0050b6b50965 proto static metric 101
default via 10.1.10.1 dev enx0050b6b50963 metric 800
10.1.10.0/24 dev enx0050b6b50963 proto kernel scope link src 10.1.10.207
10.2.10.0/24 dev enx0050b6294caf proto kernel scope link src 10.2.10.102 metric 100
10.3.10.0/24 dev enx0050b6b50965 proto kernel scope link src 10.3.10.100 metric 100
169.254.0.0/16 dev enx0050b6294caf scope link metric 1000
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown