Marat Gainutdinov's questions

使用 TAP 设备在 Linux 上桥接

您好，我有以下架构：

为了能够 ping 远程主机，在我的情况下是分离主机 1，我启动了桥接设备 br0，它在服务器上结合了 tap0 + eth2，并将本地网络（192.168.111.0/24）与远程 openvpn 客户端（vpn2）桥接，但是仍然没有运气，请你建议我做错了什么

我可以 ping：vpn1 -> vpn2 vpn2 -> vpn1 vpn1 -> separatehost1 我无法从 vpn2（客户端）ping 单独的host1，反之亦然（目标主机无法访问）。

服务器配置文件

#Server config
proto udp
port 1194
persist-key
persist-tun
keepalive 10 60
tls-auth /etc/openvpn/movpn/ta.key 0
remote-cert-tls client
dh /etc/openvpn/movpn/dh2048.pem
ca /etc/openvpn/movpn/ca.crt
cert /etc/openvpn/movpn/server.crt
key /etc/openvpn/movpn/server.key
user nobody
group nogroup
# use ‘group nogroup’ on Debian/Ubuntu
verb 3
daemon
log-append /var/log/openvpn.log
#client-to-client
dev tap0
server-bridge 192.168.111.101 255.255.255.0 192.168.111.128 192.168.111.200

所有模式都是使用 Vagrantfile + net.ipv4.ip_forward = 1 创建的。

调出br0界面的脚本：

 #!/bin/bash
 br="br0"
 tap="tap0"
 eth="eth2"
 br_ip="192.168.111.101"
 br_netmask="255.255.255.0"
 br_broadcast="192.168.111.255"
 # Create the tap adapter
 openvpn --mktun --dev $tap
 # Create the bridge and add interfaces
 brctl addbr $br
 brctl addif $br $eth
 brctl addif $br $tap
 # Configure the bridge
 ifconfig $tap 0.0.0.0 promisc up
 ifconfig $eth 0.0.0.0 promisc up
 ifconfig $br $br_ip netmask $br_netmask broadcast $br_broadcast

根据我的故障排除，服务器没有将icmp数据包转发到separatehost1，我不知道为什么......

root@vpn1:/etc/openvpn/movpn# ip -d link show br0
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff promiscuity 0 
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q bridge_id 8000.8:0:27:6c:77:40 designated_root 8000.8:0:27:6c:77:40 root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_timer    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  150.00 vlan_default_pvid 1 vlan_stats_enabled 0 group_fwd_mask 0 group_address 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcast_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 
root@vpn1:/etc/openvpn/movpn# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:b4:26:99 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:db:97:af brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff
11: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP mode DEFAULT group default qlen 100
    link/ether d6:df:32:8a:b0:5e brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff

root@separatehosts1:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:b4:26:99 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 76182sec preferred_lft 76182sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:a5:4b:55 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.102/24 brd 192.168.111.255 scope global eth1
       valid_lft forever preferred_lft forever

root@vpn1:/etc/openvpn/movpn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:b4:26:99 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 75325sec preferred_lft 75325sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:db:97:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.33.101/24 brd 192.168.33.255 scope global eth1
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a00:27ff:fe6c:7740/64 scope link 
       valid_lft forever preferred_lft forever
11: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 100
    link/ether d6:df:32:8a:b0:5e brd ff:ff:ff:ff:ff:ff
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 08:00:27:6c:77:40 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.101/24 brd 192.168.111.255 scope global br0
       valid_lft forever preferred_lft forever
root@vpn2:/etc/openvpn/movpn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:b4:26:99 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
       valid_lft 75777sec preferred_lft 75777sec
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 08:00:27:d8:ad:47 brd ff:ff:ff:ff:ff:ff
    inet 192.168.33.102/24 brd 192.168.33.255 scope global eth1
       valid_lft forever preferred_lft forever
9: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/ether 2a:2f:98:b3:34:81 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.128/24 brd 192.168.111.255 scope global tap0
       valid_lft forever preferred_lft forever

我想我在配置过程中错过了一些东西。Ping 仍然显示主机不可访问

我的目标是从 10.0.0.99 访问远程主机 10.0.0.2。

更新： 在玩了不同的 AllowedIP 之后，我终于得到了预期的流量。

我是 Logstash 的新手，我想将 nginx 消息存储在 RabbitMQ 队列中，如下所示：

Nginx 日志 -(输入)-> Logstash -(输出)-> RabbitMQ

日志存储配置：

filter {
   grok {
      match => { "message" => "%{IPORHOST:remote_ip} - %{DATA:user_name} \[%{HTTPDATE:access_time}\] \"%{WORD:http_method} %{DATA:url} HTTP/%{NUMBER:http_version}\" %{NUMBER:response_code} %{NUMBER:body_sent_bytes} \"%{DATA:referrer}\" \"%{DATA:agent}\"" }
   }
}
output {
  rabbitmq {
    exchange => "nginx_app"
    host => "localhost"
    exchange_type => "topic"
    persistent => true
    passive => true
    heartbeat => 10
    arguments => {"x-ha-policy" => "all" }
    codec => "plain"
    port => 5672
  }
}

在 RabbitMQ Web 控制台中调试期间，我看到以下内容：消息对 RabbitMQ 可见，但当我使用简单的 python 脚本将消息添加到队列中时，它不会同时将它们保存在队列中（所有内容都已保存）， 输入图像描述这里

我的配置有什么问题？为什么 RabbitMQ 不保存消息？

先感谢您！

连接到 Internet 网关 (VM1) 的 VM2 无法访问 Internet (VirtualBox)

我在具有有线互联网连接的 Linux (Ubuntu) 上安装了 VirtualBox VM。我想通过VM1（Gate Linux）将我的VM2（Server linux）连接到互联网，我尝试了多种方法，请参见附图，但仍然没有运气VM2仍然无法通过Gate Linux访问互联网，当我运行traceroute时服务器 Linux 它的输出大多数互联网请求都在 Gate Linux 上停止。你能帮我在virtualbox环境中配置internet Gate Linux吗？ 在此处输入图像描述