我的虚拟机无法与内部网络上的任何机器通信。
dev@backup-php:~$ ping 10.142.0.2
PING 10.142.0.2 (10.142.0.2) 56(84) bytes of data.
外部通讯正在运行...
dev@backup-php:~$ ping google.com
PING google.com (108.177.11.139) 56(84) bytes of data.
64 bytes from vz-in-f139.1e100.net (108.177.11.139): icmp_seq=1 ttl=115 time=0.891 ms
64 bytes from vz-in-f139.1e100.net (108.177.11.139): icmp_seq=2 ttl=115 time=0.400 ms
64 bytes from vz-in-f139.1e100.net (108.177.11.139): icmp_seq=3 ttl=115 time=0.349 ms
64 bytes from vz-in-f139.1e100.net (108.177.11.139): icmp_seq=4 ttl=115 time=0.349 ms
我在 Google Cloud 平台上进行了连接测试,无法将软件包传送到同一项目中的其他虚拟机。
ens4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet 10.142.0.3 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 fe80::4001:aff:fe8e:3 prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:8e:00:03 txqueuelen 1000 (Ethernet)
RX packets 14661413 bytes 86730632435 (86.7 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12709627 bytes 3144695304 (3.1 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 50394070 bytes 5964161206 (5.9 GB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 50394070 bytes 5964161206 (5.9 GB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
我在默认网络规则中允许内部流量的范围为 10.142.0.0/20
PC 防火墙规则:
lojavirtualmorana@cloudshell:~ (sacred-reality-163718)$ gcloud compute firewall-rules list --filter network=default --format="table(
name,
network,
direction,
priority,
sourceRanges.list():label=SRC_RANGES,
destinationRanges.list():label=DEST_RANGES,
allowed[].map().firewall_rule().list():label=ALLOW,
denied[].map().firewall_rule().list():label=DENY,
sourceTags.list():label=SRC_TAGS,
sourceServiceAccounts.list():label=SRC_SVC_ACCT,
targetTags.list():label=TARGET_TAGS,
targetServiceAccounts.list():label=TARGET_SVC_ACCT
)"
NAME: administrativo-redmine
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 0.0.0.0/0
DEST_RANGES:
ALLOW: tcp:8080,tcp:3000
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_SVC_ACCT:
NAME: allow-rsync
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 10.128.0.2
DEST_RANGES:
ALLOW: tcp:873
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS:
TARGET_SVC_ACCT:
NAME: cloudflare
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 103.21.244.0/22,103.22.200.0/22,103.31.4.0/22,104.16.0.0/12,108.162.192.0/18,131.0.72.0/22,141.101.64.0/18,162.158.0.0/15,172.64.0.0/13,173.245.48.0/20,188.114.96.0/20,190.93.240.0/20,197.234.240.0/22,198.41.128.0/17,104.24.2.115,104.16.0.0/13,104.24.0.0/14
DEST_RANGES:
ALLOW: tcp:80,tcp:443
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS: enable-cloudflare
TARGET_SVC_ACCT:
NAME: default-allow-http
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 0.0.0.0/0
DEST_RANGES:
ALLOW: tcp:80
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS: http-server
TARGET_SVC_ACCT:
NAME: default-allow-https
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 0.0.0.0/0
DEST_RANGES:
ALLOW: tcp:443
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS: https-server
TARGET_SVC_ACCT:
NAME: default-allow-icmp
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 65534
SRC_RANGES: 0.0.0.0/0
DEST_RANGES:
ALLOW: icmp
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS:
TARGET_SVC_ACCT:
NAME: default-allow-internal
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 65534
SRC_RANGES: 10.142.0.0/20,10.128.0.0/9
DEST_RANGES:
ALLOW: tcp:0-65535,udp:0-65535,icmp
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS:
TARGET_SVC_ACCT:
NAME: default-allow-ssh
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 65534
SRC_RANGES: 187.9.141.186,187.9.141.187,10.128.0.2,177.141.230.225,10.8.0.4,177.141.30.194,191.209.29.159,187.9.141.188,187.9.61.122,10.142.0.2,179.209.36.222,189.68.32.26,187.56.159.138,189.46.96.5,152.249.201.231,201.27.66.85,187.122.124.66,201.0.179.243,189.46.134.202,201.0.178.6,201.0.180.115,191.181.156.247,201.52.147.114,189.38.153.159,191.181.159.124,191.193.206.128,152.254.210.27,152.254.210.6,187.116.105.193,189.121.201.219,191.193.177.46,201.52.146.186,179.113.110.51,138.97.221.122,177.62.156.84,189.121.202.35,189.201.203.122,191.193.17.181,179.93.229.126,179.113.132.170,177.103.123.64,179.213.198.93,179.113.42.127,179.113.131.252,179.113.130.10,179.113.21.23,189.33.65.254,179.113.22.136,189.33.66.254,152.254.211.250,152.254.211.43,179.246.218.226,201.1.207.246,200.173.172.57,200.173.160.95,200.7.113.255,201.1.207.197,179.209.140.199,200.173.52.74,177.22.203.131,179.241.208.51,200.173.168.150,187.26.160.24,189.110.165.36,200.7.123.200,200.7.123.67,177.56.186.104,187.24.193.117,187.68.217.127,187.68.217.87,200.7.121.5,187.122.24.240,200.173.86.110,200.173.167.52,152.250.59.88,200.7.121.196,177.115.161.38,152.250.58.109,201.0.34.27,201.43.145.206,177.170.183.233,187.122.32.180,201.68.96.115,200.207.108.203,187.56.164.159,201.68.126.84,201.0.36.94,168.197.26.88,35.190.135.164,10.142.0.3
DEST_RANGES:
ALLOW: tcp:22
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS:
TARGET_SVC_ACCT:
NAME: ftp
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 0.0.0.0/0,187.9.141.186
DEST_RANGES:
ALLOW: all
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS:
TARGET_SVC_ACCT:
NAME: grafada
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 187.9.141.186,187.9.141.188
DEST_RANGES:
ALLOW: tcp:3000
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS:
TARGET_SVC_ACCT:
NAME: http-redash
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 10.128.0.2,64.18.0.0/20,64.233.160.0/19,66.102.0.0/20,66.249.80.0/20,72.14.192.0/18,74.125.0.0/16,173.194.0.0/16,207.126.144.0/20,209.85.128.0/17,216.239.32.0/19,187.9.141.186,187.9.141.187,191.209.29.159,177.141.230.225
DEST_RANGES:
ALLOW: tcp:80
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS: http-redash-1
TARGET_SVC_ACCT:
NAME: mysql
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 187.9.141.186,187.9.141.187,191.209.29.159,10.128.0.2,10.128.0.4,177.141.30.194,187.9.61.122,187.9.141.188,10.128.0.3,10.128.0.5,179.232.121.207,104.198.176.248,177.32.11.244,179.209.36.222,10.128.0.10,189.68.32.26,189.46.96.5,189.110.33.110,152.249.201.231,201.27.66.85,187.122.124.66,189.46.134.202,177.189.86.9,179.247.142.199,177.144.191.95,179.209.36.133,191.193.55.73,191.181.156.247,10.128.0.17,10.128.0.19,10.142.0.2,191.19.59.126,201.52.147.114,189.78.21.241,177.25.89.184,191.181.159.124,191.193.206.128,201.43.210.93,152.254.210.27,152.254.210.6,187.116.105.193,191.19.56.210,189.121.201.219,189.121.201.99,177.62.156.84,189.121.202.35,152.254.210.10,189.201.203.122,179.113.21.104,191.193.17.181,179.93.229.126,191.19.59.115,179.247.255.33,179.110.15.67,179.213.198.93,191.193.105.121,179.113.132.170,179.113.110.157,179.113.42.127,179.113.131.252,179.113.130.10,179.113.21.23,189.33.65.254,179.113.22.136,189.33.66.254,10.142.0.7,179.113.58.3,179.246.210.92,200.173.160.95,200.7.113.255,187.26.162.38,200.173.179.145,200.173.173.218,201.1.205.213,177.46.170.221,201.1.207.197,200.173.50.209,179.209.140.199,200.173.168.150,187.26.73.116,187.26.160.24,189.110.165.36,200.7.123.200,200.7.123.67,177.56.186.104,187.24.193.117,187.68.217.127,187.68.217.87,200.7.121.5,187.122.24.240,200.173.86.110,200.173.169.72,200.173.167.52,152.250.59.88,200.7.121.196,177.115.161.38,152.250.58.109,201.0.34.27,201.43.145.206,177.189.119.109,201.43.212.146,187.122.32.180,201.68.96.115,200.207.108.203,187.56.164.159,201.26.195.133,177.189.119.111,201.0.36.94
DEST_RANGES:
ALLOW: tcp:3306,tcp:5432
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS:
TARGET_SVC_ACCT:
NAME: mysql-cuponagem
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 0.0.0.0/0
DEST_RANGES:
ALLOW: tcp:3306,tcp:22
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS: http-cuponagem
TARGET_SVC_ACCT:
NAME: mysql-gs
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 64.18.0.0/20,64.233.160.0/19,66.102.0.0/20,66.249.80.0/20,72.14.192.0/18,74.125.0.0/16,173.194.0.0/16,207.126.144.0/20,209.85.128.0/17,216.239.32.0/19,177.141.230.225,189.8.89.162,191.209.29.159
DEST_RANGES:
ALLOW: tcp:3306,tcp:5432
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS:
TARGET_SVC_ACCT:
NAME: opencart-1-tcp-443
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 0.0.0.0/0
DEST_RANGES:
ALLOW: tcp:443
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS: opencart-1-tcp-443
TARGET_SVC_ACCT:
NAME: opencart-1-tcp-80
NETWORK: default
DIRECTION: INGRESS
PRIORITY: 1000
SRC_RANGES: 0.0.0.0/0
DEST_RANGES:
ALLOW: tcp:80
DENY:
SRC_TAGS:
SRC_SVC_ACCT:
TARGET_TAGS: opencart-1-tcp-80
TARGET_SVC_ACCT:
lojavirtualmorana@cloudshell:~ (sacred-reality-163718)$
我无法 ping 通 IP 10.142.0.2,但可以 ping 通 IP 10.142.0.4
dev@backup-php:~$ ping 10.142.0.4
PING 10.142.0.4 (10.142.0.4) 56(84) bytes of data.
64 bytes from 10.142.0.4: icmp_seq=1 ttl=64 time=2.08 ms
64 bytes from 10.142.0.4: icmp_seq=2 ttl=64 time=0.424 ms
64 bytes from 10.142.0.4: icmp_seq=3 ttl=64 time=0.417 ms
64 bytes from 10.142.0.4: icmp_seq=4 ttl=64 time=0.445 ms