某些网站在路由接口上没有响应

某些网站在路由接口上没有响应

我有一个界面WG0,由连接到服务器的 machineA 上运行的 WireGuard 客户端生成的 WireGuard 接口。一切按预期运行。

我路由来自WG0eth3- 机器 A 上的 LAN 接口 - 使用 netfilter (iptables/ip6tables)。机器 B(连接到eth3,减去与某些网站的连接,例如 duckduckgo.com。

从机器A我可以执行以下操作:

> wget https://duckduckgo.com
--2020-11-17 17:24:30--  https://duckduckgo.com/
Resolving duckduckgo.com (duckduckgo.com)... 52.142.124.215
Connecting to duckduckgo.com (duckduckgo.com)|52.142.124.215|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 5763 (5.6K) [text/html]
Saving to: ‘index.html’

但是从 machineB 我得到:

> wget https://duckduckgo.com
--2020-11-17 18:25:35--  https://duckduckgo.com/
Resolving duckduckgo.com (duckduckgo.com)... 52.142.124.215
Connecting to duckduckgo.com (duckduckgo.com)|52.142.124.215|:443... connected.

仅此而已。DNS 似乎不是问题所在。我的 netfilter 中的 *filter 策略有:

:OUTPUT ACCEPT [0:0]

所以我不认为被阻止的是出站流量。

另一个例子是 Jitsi - 来自 machineA:

> wget https://meet.jit.si
--2020-11-17 17:39:49--  https://meet.jit.si/
Resolving meet.jit.si (meet.jit.si)... 2a05:d014:fc7:5402:5179:fc03:7ea9:eceb, 2a05:d014:fc7:5401:eb50:330e:f554:5477, 76.223.28.75, ...
Connecting to meet.jit.si (meet.jit.si)|2a05:d014:fc7:5402:5179:fc03:7ea9:eceb|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’

index.html                        [ <=>                                           ]  50.43K  --.-KB/s    in 0.04s   

2020-11-17 17:39:49 (1.19 MB/s) - ‘index.html’ saved [51639]

来自机器B:

> wget https://meet.jit.si
--2020-11-17 18:40:07--  https://meet.jit.si/
Resolving meet.jit.si (meet.jit.si)... 13.248.156.98, 76.223.28.75, 2a05:d014:fc7:5401:eb50:330e:f554:5477, ...
Connecting to meet.jit.si (meet.jit.si)|13.248.156.98|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
index.html: Permission denied

Cannot write to ‘index.html’ (Success).

我不明白为什么我应该在机器B上设置‘权限被拒绝’。

我在这里不寻求明确的答案,只是想帮助确定研究领域。有人知道还有什么可以研究的地方吗?

相关内容