所以我有这个 Web 服务器,它正在接受传入流量并能够提供回复。但是,如果服务器必须发起任何类型的流量(icmp/tcp..),它就会失败:它已经运行了 600 多天,不确定这有什么关系。
症状:
root@server:~# ping -vv 10.0.10.80
ping: socket: Permission denied, attempting raw socket...
ping: socket: Permission denied, attempting raw socket...
connect: Invalid argument
root@server:~# strace -e socket ping 8.8.8.8
socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP) = 3
socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6) = 4
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
connect: Invalid argument
+++ exited with 2 +++
root@server:~# telnet 193.162.159.97 80
Trying 193.162.159.97...
telnet: Unable to connect to remote host: Invalid argument
root@server:~# curl http://193.162.159.97
curl: (7) Couldn't connect to server
root@server:~# curl -vv http://193.162.159.97
* Rebuilt URL to: http://193.162.159.97/
* Trying 193.162.159.97...
* TCP_NODELAY set
* Immediate connect fail for 193.162.159.97: Invalid argument
* Closing connection 0
curl: (7) Couldn't connect to server
环境:
root@server:~# ufw status
Status: inactive
root@server:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@server:~# iptables -nvL
Chain INPUT (policy ACCEPT 3265 packets, 274K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2486 packets, 484K bytes)
pkts bytes target prot opt in out source destination
root@server:~# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"
root@server:~# netstat -rn4
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.11.1 0.0.0.0 UG 0 0 0 ens160
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
我还对此服务器上 sysctl 的“net.ipv4”输出进行了比较,并在一个正在运行的服务器上找到了差异,但没有发现任何可能的差异。
这是怎么回事?我该如何解决?
更新!我刚刚尝试过这个:
root@server:~# ping 10.8.1.235
connect: Invalid argument
root@server:~# route add -host 10.8.1.235 gw 192.168.11.1
root@server:~# ping 10.8.1.235
PING 10.8.1.235 (10.8.1.235) 56(84) bytes of data.
64 bytes from 10.8.1.235: icmp_seq=1 ttl=61 time=4.75 ms
64 bytes from 10.8.1.235: icmp_seq=2 ttl=61 time=4.78 ms
^C
--- 10.8.1.235 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 4.751/4.766/4.782/0.070 ms
我的路由表:
root@server:~# route -vn -4
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.11.1 0.0.0.0 UG 100 0 0 ens160
10.8.1.235 192.168.11.1 255.255.255.255 UGH 0 0 0 ens160
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
答案1
我怀疑这个虚拟机最初使用的是 dhcp,默认路由也是通过 dhcp 安装的。一旦我添加了一条新的(相同的)默认路由:route add -net 0.0.0.0/0 gw 192.168.11.1,一切就会重新开始正常工作……
不幸的是,目前我不允许重新启动此服务器,因此我们需要看看这是否能永久解决这个问题。
我想了解如何查看有关我现在拥有的两条默认路线的更多详细信息,因为原始路线可能无法正常工作。