系统信息:
ubuntu 服务器 CLI 仅限 22.04.3 LTS。内核 5.15.0-88-generic
我使用 zerotier 网络连接到我的服务器。一切正常,然后我可能更改了某些内容,也可能没有,但当我尝试更新时,它不起作用。Curl 只是冻结,apt 无法连接到任何东西,网络超时。我认为它可能使用了错误的网络,但配置看起来不错。
此外,还有一些针对 443、80 和 3000 端口的附加后路由设置,我删除了它,因为我认为这可能是问题所在。也许我之前添加了它,不知道。还看不到 192.168.2.1 的 Web 界面。它 100% 开启,因为 nmap 显示开放端口,我之前确实连接过,但现在使用 curl 看不到它。
nslookup、ping 有效,其他一切无效。
我的系统是ubuntu linux。时间还可以
sudo iptables -L -n
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
DOCKER all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 10.1.0.0/16 0.0.0.0/0 /* generated for MicroK8s pods */
ACCEPT all -- 0.0.0.0/0 10.1.0.0/16 /* generated for MicroK8s pods */
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- 0.0.0.0/0 0.0.0.0/0
这里 eno4 是我的主网络接口,zth6rjzumt 是 zerotier 网络
ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eno3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 14:18:77:31:40:c5 brd ff:ff:ff:ff:ff:ff
altname enp1s0f0
3: eno4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc mq state UP group default qlen 1000
link/ether 14:18:77:31:40:c6 brd ff:ff:ff:ff:ff:ff
altname enp1s0f1
inet 192.168.2.2/24 metric 100 brd 192.168.2.255 scope global dynamic eno4
valid_lft 322sec preferred_lft 322sec
5: zth6rjzumt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether d6:f9:1e:bc:f7:e9 brd ff:ff:ff:ff:ff:ff
inet 10.243.145.1/16 brd 10.243.255.255 scope global zth6rjzumt
valid_lft forever preferred_lft forever
11: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:b3:c3:6a:59 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
26: cali1fc61b2214e@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns cni-1a155d71-1741-922e-9e68-ef823c07b36d
27: cali79a33944d72@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns cni-c52d1bb3-8de5-87e5-efee-b3201ca1f0c6
30: vxlan.calico: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc noqueue state UNKNOWN group default
link/ether 66:19:5e:5e:13:6a brd ff:ff:ff:ff:ff:ff
inet 10.1.70.192/32 scope global vxlan.calico
valid_lft forever preferred_lft forever
DNS 似乎没有问题,应该也没有问题
也尝试禁用 ipv6,但没有任何改变。
我也确实更改了路由器配置,但防火墙看起来正常,并且我能够 ping 通,所以这应该不是问题。
路由
default via 192.168.2.1 dev eno4 proto dhcp src 192.168.2.2 metric 100
blackhole 10.1.70.192/26 proto 80
10.1.70.248 dev cali1fc61b2214e scope link
10.1.70.249 dev cali79a33944d72 scope link
10.243.0.0/16 dev zth6rjzumt proto kernel scope link src 10.243.145.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.2.0/24 dev eno4 proto kernel scope link src 192.168.2.2 metric 100
192.168.2.1 dev eno4 proto dhcp scope link src 192.168.2.2 metric 100
ip 地址显示
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eno3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 14:18:77:31:40:c5 brd ff:ff:ff:ff:ff:ff
altname enp1s0f0
3: eno4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc mq state UP group default qlen 1000
link/ether 14:18:77:31:40:c6 brd ff:ff:ff:ff:ff:ff
altname enp1s0f1
inet 192.168.2.2/24 metric 100 brd 192.168.2.255 scope global dynamic eno4
valid_lft 486sec preferred_lft 486sec
5: zth6rjzumt: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 2800 qdisc fq_codel state UNKNOWN group default qlen 1000
link/ether d6:f9:1e:bc:f7:e9 brd ff:ff:ff:ff:ff:ff
inet 10.243.145.1/16 brd 10.243.255.255 scope global zth6rjzumt
valid_lft forever preferred_lft forever
11: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:b3:c3:6a:59 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
30: vxlan.calico: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc noqueue state UNKNOWN group default
link/ether 66:19:5e:5e:13:6a brd ff:ff:ff:ff:ff:ff
inet 10.1.70.192/32 scope global vxlan.calico
valid_lft forever preferred_lft forever
46: cali1fc61b2214e@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns cni-4aa48182-009f-e169-b53b-74e75be994f1
47: cali79a33944d72@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1350 qdisc noqueue state UP group default
link/ether ee:ee:ee:ee:ee:ee brd ff:ff:ff:ff:ff:ff link-netns cni-920a93e9-8949-9f1a-a296-cbc045c3b3ff