我最近获得了安装有 Red Hat 8 的 VPS 的访问权限。我需要启用传出流量才能安装某些东西,但目前这不起作用。以下是我尝试过的一些命令:
# ping google.com
--- google.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2029ms
# traceroute --tcp google.com
traceroute to google.com (172.217.167.110), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
# iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我省略了该INPUT链,因为它具有潜在可识别的规则。
如果我添加一条接受所有内容的新规则,它无济于事:
iptables -I OUTPUT -p all -j ACCEPT
# iptables -L
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
# nft list ruleset
table ip6 filter {
chain INPUT {
type filter hook input priority filter; policy accept;
ip6 saddr fe80::/10 ip6 daddr fe80::/10 counter packets 0 bytes 0 accept
meta l4proto icmp counter packets 0 bytes 0 accept
meta l4proto ipv6-icmp counter packets 4 bytes 388 accept
iifname "lo" counter packets 64 bytes 3178 accept
meta l4proto tcp ip6 saddr 2001:388:608c:8a6:250:56ff:feba:6e26 counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr 2001:388:608c:8a6:250:56ff:feba:1c7b counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr 2001:388:608c:8a6:250:56ff:feba:7d6f counter packets 0 bytes 0 accept
iifname != "lo" ip6 daddr ::1 counter packets 0 bytes 0 reject
ct state related,established counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr 2001:388:608c:4c80::/60 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr 2001:388:608c::/48 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr fdfd:eb1a:eb10::/44 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr fe80::/10 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr 2001:388:608c:8d0:250:56ff:feb5:3aee tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr 2001:388:608c:8d0:16fe:b5ff:fe91:3685 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr 2001:388:608c:8d0:250:56ff:feb5:4296 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip6 saddr 2001:388:608c:8d0:250:56ff:feb5:22f7 tcp dport 22 counter packets 0 bytes 0 accept
counter packets 0 bytes 0 drop
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
}
chain OUTPUT {
type filter hook output priority filter; policy accept;
}
}
table ip raw {
chain PREROUTING {
type filter hook prerouting priority raw; policy accept;
}
chain OUTPUT {
type filter hook output priority raw; policy accept;
}
}
table ip mangle {
chain PREROUTING {
type filter hook prerouting priority mangle; policy accept;
}
chain INPUT {
type filter hook input priority mangle; policy accept;
}
chain FORWARD {
type filter hook forward priority mangle; policy accept;
}
chain OUTPUT {
type route hook output priority mangle; policy accept;
}
chain POSTROUTING {
type filter hook postrouting priority mangle; policy accept;
}
}
table ip nat {
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
}
chain INPUT {
type nat hook input priority 100; policy accept;
}
chain POSTROUTING {
type nat hook postrouting priority srcnat; policy accept;
}
chain OUTPUT {
type nat hook output priority -100; policy accept;
}
}
table ip filter {
chain INPUT {
type filter hook input priority filter; policy accept;
meta l4proto icmp counter packets 0 bytes 0 accept
iifname "lo" counter packets 2 bytes 100 accept
iifname != "lo" ip daddr 127.0.0.0/8 counter packets 0 bytes 0 reject
meta l4proto tcp ip saddr 130.194.12.225 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.12.229 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 10.21.7.22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.12.242 counter packets 0 bytes 0 accept
ct state related,established counter packets 131542 bytes 31134584 accept
ip saddr 172.16.5.192/26 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.20.70 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.20.71 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.20.72 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.20.73 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 10.0.0.0/8 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.0.0/16 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 169.254.0.0/16 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 172.16.0.0/20 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 49.127.0.0/17 tcp dport 22 counter packets 1 bytes 60 accept
meta l4proto tcp ip saddr 130.194.19.9 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.19.14 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.19.15 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.19.82 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.19.83 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.19.7 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.19.28 tcp dport 22 counter packets 0 bytes 0 accept
meta l4proto tcp ip saddr 130.194.19.45 tcp dport 22 counter packets 0 bytes 0 accept
counter packets 0 bytes 0 drop
}
chain FORWARD {
type filter hook forward priority filter; policy accept;
}
chain OUTPUT {
type filter hook output priority filter; policy accept;
}
}
还有其他命令可以尝试诊断此问题吗?我所附的信息是否能说明为什么传出流量全部丢失?