我为一个网络接口分配了多个 IP 地址,每个 IP 地址对应不同的出站 IP。
:~# curl --接口 112.73.59.255 ip.sb 157.119.73.25
使用上述命令,我发现返回的公网IP不是预期的112.73.59.255,而是157.119.73.25。
tcpdump 数据包捕获显示,传输的数据包中的实际源 IP 是 157.119.73.25。
为什么使用curl --interface交换机不使用指定的 IP 地址 (112.73.59.255)?哪些潜在原因可能导致此现象?
附加信息:
tcpdump 的输出:
root@ecs3ccc8a9bc987:~# tcpdump -i any host ip.sb
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
18:09:12.298128 IP 157.119.73.25.12769 > 104.26.13.31.http: Flags [S], seq 3876101966, win 42340, options [mss 1460,nop,nop,sackOK,nop,wscale 11], length 0
18:09:12.301316 IP 104.26.13.31.http > 157.119.73.25.12769: Flags [S.], seq 4171085408, ack 3876101967, win 64240, options [mss 1400,nop,nop,sackOK,nop,wscale 13], length 0
18:09:12.301354 IP 157.119.73.25.12769 > 104.26.13.31.http: Flags [.], ack 1, win 21, length 0
18:09:12.301574 IP 157.119.73.25.12769 > 104.26.13.31.http: Flags [P.], seq 1:70, ack 1, win 21, length 69: HTTP: GET / HTTP/1.1
18:09:12.304574 IP 104.26.13.31.http > 157.119.73.25.12769: Flags [.], ack 70, win 7, length 0
18:09:12.541657 IP 104.26.13.31.http > 157.119.73.25.12769: Flags [P.], seq 1:579, ack 70, win 8, length 578: HTTP: HTTP/1.1 200 OK
18:09:12.541716 IP 157.119.73.25.12769 > 104.26.13.31.http: Flags [.], ack 579, win 21, length 0
18:09:12.542392 IP 157.119.73.25.12769 > 104.26.13.31.http: Flags [F.], seq 70, ack 579, win 21, length 0
18:09:12.545676 IP 104.26.13.31.http > 157.119.73.25.12769: Flags [F.], seq 579, ack 71, win 8, length 0
18:09:12.545711 IP 157.119.73.25.12769 > 104.26.13.31.http: Flags [.], ack 580, win 21, length 0
ip route 的输出:
root@ecs3ccc8a9bc987:/etc/netplan# ip route
default via 157.119.73.1 dev ens3 proto static
10.0.0.0/8 via 10.101.0.1 dev ens2 proto static
10.101.0.0/24 dev ens2 proto kernel scope link src 10.101.0.48
112.73.32.0/24 dev ens3 proto kernel scope link src 112.73.32.5
112.73.34.0/24 dev ens3 proto kernel scope link src 112.73.34.137
112.73.37.0/24 dev ens3 proto kernel scope link src 112.73.37.100
112.73.38.0/24 dev ens3 proto kernel scope link src 112.73.38.105
112.73.42.0/24 dev ens3 proto kernel scope link src 112.73.42.200
112.73.47.0/24 dev ens3 proto kernel scope link src 112.73.47.227
112.73.48.0/24 dev ens3 proto kernel scope link src 112.73.48.186
112.73.49.0/24 dev ens3 proto kernel scope link src 112.73.49.100
112.73.50.0/24 dev ens3 proto kernel scope link src 112.73.50.224
112.73.52.0/24 dev ens3 proto kernel scope link src 112.73.52.112
112.73.54.0/24 dev ens3 proto kernel scope link src 112.73.54.235
112.73.57.0/24 dev ens3 proto kernel scope link src 112.73.57.7
112.73.58.0/24 dev ens3 proto kernel scope link src 112.73.58.110
112.73.59.0/24 dev ens3 proto kernel scope link src 112.73.59.190
112.73.60.0/24 dev ens3 proto kernel scope link src 112.73.60.252
112.73.61.0/24 dev ens3 proto kernel scope link src 112.73.61.104
112.73.62.0/24 dev ens3 proto kernel scope link src 112.73.62.236
157.119.73.0/25 dev ens3 proto kernel scope link src 157.119.73.25
157.119.74.0/25 dev ens3 proto kernel scope link src 157.119.74.48
157.119.74.128/25 dev ens3 proto kernel scope link src 157.119.74.140
ip a 的输出:
root@ecs3ccc8a9bc987:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether 52:54:00:0b:a7:e5 brd ff:ff:ff:ff:ff:ff
inet 10.101.0.48/24 brd 10.101.0.255 scope global ens2
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe0b:a7e5/64 scope link
valid_lft forever preferred_lft forever
3: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq state UP group default qlen 1000
link/ether 52:54:00:c3:29:87 brd ff:ff:ff:ff:ff:ff
inet 157.119.73.25/25 brd 157.119.73.127 scope global ens3
valid_lft forever preferred_lft forever
inet 157.119.74.140/25 brd 157.119.74.255 scope global ens3
valid_lft forever preferred_lft forever
inet 157.119.74.48/25 brd 157.119.74.127 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.50.224/24 brd 112.73.50.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.58.110/24 brd 112.73.58.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.38.105/24 brd 112.73.38.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.57.7/24 brd 112.73.57.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.49.100/24 brd 112.73.49.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.48.186/24 brd 112.73.48.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.52.112/24 brd 112.73.52.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.42.200/24 brd 112.73.42.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.34.137/24 brd 112.73.34.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.61.104/24 brd 112.73.61.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.60.252/24 brd 112.73.60.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.54.235/24 brd 112.73.54.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.47.227/24 brd 112.73.47.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.62.236/24 brd 112.73.62.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.32.5/24 brd 112.73.32.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.37.100/24 brd 112.73.37.255 scope global ens3
valid_lft forever preferred_lft forever
inet 112.73.59.190/24 brd 112.73.59.255 scope global ens3
valid_lft forever preferred_lft forever
inet 157.119.73.27/25 brd 157.119.73.127 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 157.119.73.87/25 brd 157.119.73.127 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 157.119.74.162/25 brd 157.119.74.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.48.243/24 brd 112.73.48.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.47.232/24 brd 112.73.47.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.58.52/24 brd 112.73.58.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.52.19/24 brd 112.73.52.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.50.253/24 brd 112.73.50.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.61.192/24 brd 112.73.61.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.37.41/24 brd 112.73.37.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.52.227/24 brd 112.73.52.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.48.114/24 brd 112.73.48.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet 112.73.59.255/24 brd 112.73.59.255 scope global secondary ens3
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fec3:2987/64 scope link
valid_lft forever preferred_lft forever
接口配置文件(/etc/netplan/...):
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
ethernets:
ens2:
addresses:
- 10.101.0.48/24
match:
macaddress: 52:54:00:0b:a7:e5
mtu: 1500
routes:
- to: 10.0.0.0/8
via: 10.101.0.1
set-name: ens2
ens3:
addresses:
- 157.119.73.25/25
- 157.119.73.27/25
- ...
- 112.73.59.190/24 # Commented out during troubleshooting
- 112.73.59.255/24
match:
macaddress: 52:54:00:c3:29:87
mtu: 1500
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
routes:
- to: 0.0.0.0/0
via: 157.119.73.1
set-name: ens3
- 112.73.59.190/24在接口配置文件中注释掉该行并重新应用 ( netplan apply) 后,问题不再存在。该curl --interface 112.73.59.255 ip.sb命令现在正确返回公共 IP 112.73.59.255。即使在取消注释该行并重新应用 ( netplan apply) 后,此行为仍然保持一致。