在 OVH 中，我有 2 个 ProxMox 服务器，每个服务器都包含一个防火墙和一些其他主机。我正在尝试使用 OVH vRack 进行他们之间的私人通信，但它不起作用。

以下是我的网络摘要：

目标是从 PRD2FRM201 访问 PRD1FRM206，反之亦然。

主机

• PRD1FRM206 - PVE01 服务器中的主机
• PRD1FWL100 - PVE01 服务器中的防火墙
• PRD2FRM201 - PVE02 服务器中的主机
• PRD2FWL100 - PVE02 服务器中的防火墙
• PVE01 和 PVE02 - ProxMox 专用服务器，均托管在 OVH 中，由 OVH VRack 互连

PVE01 网络配置：

# Server pag-01
# network interfaces
#
# Author:       Gilberto Martins
# Creation:     03/19/2021
# ================================
    auto lo
    iface lo inet loopback

    auto enp5s0f0
    iface enp5s0f0 inet manual
    auto enp5s0f1
    iface enp5s0f1 inet manual

    # Internet Interface
    auto vmbr0
    iface vmbr0 inet dhcp
      # Internet Interface
      bridge-ports enp5s0f0
      bridge-stp off
      bridge-fd 0

    # Tools Network
    auto vmbr1
    iface vmbr1 inet manual
      # Rede Tools - 172.21.10.0/27
      bridge-ports dummy1
      bridge-stp off
      bridge-fd 0

    # WebPRD Network
    auto vmbr2
    iface vmbr2 inet manual
      # Rede WebPRD - 172.21.20.0/27
      bridge-ports dummy2
      bridge-stp off
      bridge-fd 0

    # WebHML Network
    auto vmbr3
    iface vmbr3 inet manual
      # Rede WebHML - 172.21.30.0/27
      bridge-ports dummy3
      bridge-stp off
      bridge-fd 0

    # Interface PrivateNetwork
#    auto vmbr4
#    iface vmbr4 inet static
      # Rede VRack - NAO USAR
#      address 192.168.0.10/31
#      bridge-ports enp5s0f1
#      bridge-stp off
#      bridge-fd 0

    # WebSites Network
    auto vmbr5
    iface vmbr5 inet manual
      # Rede WebSites - 172.21.40.0/27
      bridge-ports dummy4
      bridge-stp off
      bridge-fd 0

PVE01当前接口：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp5s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether KK:KK:KK:KK:KK:KK brd ff:ff:ff:ff:ff:ff
3: enp5s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr4 state UP group default qlen 1000
    link/ether YY:YY:YY:YY:YY:YY brd ff:ff:ff:ff:ff:ff
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether UU:UU:UU:UU:UU:UU brd ff:ff:ff:ff:ff:ff
    inet 9.9.9.9/24 brd 9.9.9.255 scope global dynamic vmbr0
       valid_lft 56089sec preferred_lft 56089sec
    inet6 zz99::zz22:zzbb:zzhh:zzkk/64 scope link 
       valid_lft forever preferred_lft forever
5: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 2a:30:fb:a2:d2:f1 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::30c0:14ff:fea4:abfd/64 scope link 
       valid_lft forever preferred_lft forever
6: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 96:b3:67:f5:c3:cd brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a849:97ff:fe6c:14e9/64 scope link 
       valid_lft forever preferred_lft forever
7: vmbr3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 5e:99:bd:90:12:24 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e033:5fff:fe6d:222a/64 scope link 
       valid_lft forever preferred_lft forever
8: vmbr4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether AA:AA:AA:AA:AA:AA brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a242:3fff:fe47:3cfb/64 scope link 
       valid_lft forever preferred_lft forever
9: tap201i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether 2a:30:fb:a2:d2:f1 brd ff:ff:ff:ff:ff:ff
10: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 1a:61:72:52:5b:a0 brd ff:ff:ff:ff:ff:ff
11: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether 56:16:5b:14:ce:e3 brd ff:ff:ff:ff:ff:ff
12: tap100i2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether 96:b3:67:f5:c3:cd brd ff:ff:ff:ff:ff:ff
13: tap100i3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr3 state UNKNOWN group default qlen 1000
    link/ether 5e:99:bd:90:12:24 brd ff:ff:ff:ff:ff:ff
14: tap100i4: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr4 state UNKNOWN group default qlen 1000
    link/ether ae:84:54:57:7f:46 brd ff:ff:ff:ff:ff:ff
15: tap203i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether aa:dd:66:e9:fd:74 brd ff:ff:ff:ff:ff:ff
17: tap204i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether ce:6b:9e:cb:ca:25 brd ff:ff:ff:ff:ff:ff
18: tap205i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether f2:76:a3:12:48:da brd ff:ff:ff:ff:ff:ff
19: tap206i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether be:92:f0:2e:54:2b brd ff:ff:ff:ff:ff:ff
21: tap402i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether 5a:4b:71:1c:b1:6e brd ff:ff:ff:ff:ff:ff
22: tap403i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether ba:0a:25:76:01:6e brd ff:ff:ff:ff:ff:ff
23: tap301i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr3 state UNKNOWN group default qlen 1000
    link/ether 9e:2c:dd:7b:fb:8a brd ff:ff:ff:ff:ff:ff
24: tap302i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr3 state UNKNOWN group default qlen 1000
    link/ether 6e:50:73:30:67:ae brd ff:ff:ff:ff:ff:ff
25: tap303i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr3 state UNKNOWN group default qlen 1000
    link/ether ae:96:60:a4:bc:21 brd ff:ff:ff:ff:ff:ff
26: veth900i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether fe:92:fa:19:f1:93 brd ff:ff:ff:ff:ff:ff link-netnsid 0
29: tap304i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr3 state UNKNOWN group default qlen 1000
    link/ether f2:14:af:70:17:42 brd ff:ff:ff:ff:ff:ff
31: tap404i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether 8e:3e:76:76:fb:29 brd ff:ff:ff:ff:ff:ff
32: tap401i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether e2:af:68:37:ed:7e brd ff:ff:ff:ff:ff:ff
33: dummy4: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr5 state UNKNOWN group default qlen 1000
    link/ether c2:7e:27:1c:0c:af brd ff:ff:ff:ff:ff:ff
34: vmbr5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether c2:7e:27:1c:0c:af brd ff:ff:ff:ff:ff:ff
    inet6 fe80::c07e:27ff:fe1c:caf/64 scope link 
       valid_lft forever preferred_lft forever
35: tap100i5: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr5 state UNKNOWN group default qlen 1000
    link/ether 92:cb:02:fe:5f:86 brd ff:ff:ff:ff:ff:ff
42: tap501i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr5 state UNKNOWN group default qlen 1000
    link/ether 8a:80:41:55:95:0c brd ff:ff:ff:ff:ff:ff
49: tap202i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether c6:2e:7c:40:b8:02 brd ff:ff:ff:ff:ff:ff

PVE02 网络配置：

# Server pag-02
# network interfaces
#
# Author:       Gilberto Martins
# Creation:     06/08/2021
# ================================

    auto lo
    iface lo inet loopback
    auto eno1
    iface eno1 inet manual
    auto eno2
    iface eno2 inet manual
    
    # Internet Interface 
    auto vmbr0
    iface vmbr0 inet dhcp
      # Interface externa - NAO USAR
      bridge-ports eno1
      bridge-stp off
      bridge-fd 0
    
    # Tools Network
    auto vmbr1
    iface vmbr1 inet manual
      # Tools Network - 172.22.10.0/27
      bridge-ports dummy1
      bridge-stp off
      bridge-fd 0
    
    # DataBase Network
    auto vmbr2
    iface vmbr2 inet manual
      # DataBase Network - 172.22.20.0/27
      bridge-ports dummy2
      bridge-stp off
      bridge-fd 0

    # VRack Network
#    auto vmbr3
#    iface vmbr3 inet static
      # VRack Network
#      address 192.168.0.11/31
#      bridge-ports eno2
#      bridge-stp off
#      bridge-fd 0

PVE02当前接口：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr0 state UP group default qlen 1000
    link/ether d0:50:99:fb:24:13 brd ff:ff:ff:ff:ff:ff
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master vmbr3 state UP group default qlen 1000
    link/ether d0:50:99:fb:24:12 brd ff:ff:ff:ff:ff:ff
4: enp0s20f0u8u3c2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 26:fc:24:e9:66:dc brd ff:ff:ff:ff:ff:ff
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether RR:RR:RR:RR:RR:RR brd ff:ff:ff:ff:ff:ff
    inet 4.4.4.4/24 brd 4.4.4.255 scope global dynamic vmbr0
       valid_lft 73446sec preferred_lft 73446sec
    inet6 fe80::d250:99ff:fefb:2413/64 scope link 
       valid_lft forever preferred_lft forever
6: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ba:32:c1:5c:c7:77 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::ccf5:5bff:fead:bf80/64 scope link 
       valid_lft forever preferred_lft forever
7: vmbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 46:c7:8c:94:01:4b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::58d2:51ff:fe31:6516/64 scope link 
       valid_lft forever preferred_lft forever
8: vmbr3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d0:50:99:fb:24:12 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::d250:99ff:fefb:2412/64 scope link 
       valid_lft forever preferred_lft forever
13: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UNKNOWN group default qlen 1000
    link/ether 9a:de:c5:ba:40:80 brd ff:ff:ff:ff:ff:ff
14: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr1 state UNKNOWN group default qlen 1000
    link/ether ba:32:c1:5c:c7:77 brd ff:ff:ff:ff:ff:ff
15: tap100i2: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether 46:c7:8c:94:01:4b brd ff:ff:ff:ff:ff:ff
16: tap100i3: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr3 state UNKNOWN group default qlen 1000
    link/ether a2:e9:f1:ba:f1:a9 brd ff:ff:ff:ff:ff:ff
17: tap301i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether 66:ba:b1:22:e8:22 brd ff:ff:ff:ff:ff:ff
18: tap302i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether e2:f8:74:ad:e4:77 brd ff:ff:ff:ff:ff:ff
19: tap303i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether 3e:b1:f0:42:8d:75 brd ff:ff:ff:ff:ff:ff
20: tap304i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr2 state UNKNOWN group default qlen 1000
    link/ether 52:7a:ec:b5:46:4b brd ff:ff:ff:ff:ff:ff
21: veth201i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr201i0 state UP group default qlen 1000
    link/ether fe:0c:f2:09:62:fe brd ff:ff:ff:ff:ff:ff link-netnsid 0
22: fwbr201i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ae:fd:8d:06:38:c5 brd ff:ff:ff:ff:ff:ff
23: fwpr201p0@fwln201i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr1 state UP group default qlen 1000
    link/ether 52:58:a1:6d:db:00 brd ff:ff:ff:ff:ff:ff
24: fwln201i0@fwpr201p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr201i0 state UP group default qlen 1000
    link/ether ae:fd:8d:06:38:c5 brd ff:ff:ff:ff:ff:ff

PRD1FWL100 网络配置：

# This is the network config written by 'subiquity'
#
# Author:       Gilberto Martins
# Modified:     03/19/2021
# ===============================

network:
  ethernets:
    # External IP
    ens18:
      # IP and Gateway have been intentionally changed
      addresses:
      - 1.1.1.1/32
      gateway4: 1.1.1.254
      # OVH mandatory routes
      routes:
      - to: 1.1.1.154/32
        via: 1.1.1.1
      - to: 0.0.0.0/0
        via: 1.1.1.1
      nameservers:
        addresses:
          - 172.21.10.2
        search:
          - kprd1
    # Tools Network
    ens19:
      addresses:
      - 172.21.10.1/27
    # WebPrd Network
    ens20:
      addresses:
      - 172.21.20.1/27
    # WebHml Network
    ens21:
      addresses:
      - 172.21.30.1/27
    # Vrack Network (RFC 3021)
    ens22:
      addresses:
      - 172.30.0.0/31
      routes:
        # Tools network at kprd2
      - to: 172.22.10.0/27
        via: 172.30.0.0
        # Database network at kprd2
      - to: 172.22.20.0/27
        via: 172.30.0.0
        # VRack <-> VRack 
      - to: 172.30.0.1
        via: 172.30.0.0
    # WebServer Network
    ens23:
      addresses:
      - 172.21.50.1/27
  version: 2

PRD1FWL100当前接口：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether XS:XS:XS:XS:XS:XS brd ff:ff:ff:ff:ff:ff
    inet 9.9.9.9/32 scope global ens18
       valid_lft forever preferred_lft forever
    inet6 fe80::ff:fe41:b0ec/64 scope link 
       valid_lft forever preferred_lft forever
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 22:a9:69:cd:9a:08 brd ff:ff:ff:ff:ff:ff
    inet 172.21.10.1/27 brd 172.21.10.31 scope global ens19
       valid_lft forever preferred_lft forever
    inet6 fe80::20a9:69ff:fecd:9a08/64 scope link 
       valid_lft forever preferred_lft forever
4: ens20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 96:c5:9a:8e:13:0d brd ff:ff:ff:ff:ff:ff
    inet 172.21.20.1/27 brd 172.21.20.31 scope global ens20
       valid_lft forever preferred_lft forever
    inet6 fe80::94c5:9aff:fe8e:130d/64 scope link 
       valid_lft forever preferred_lft forever
5: ens21: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 36:b2:5a:cc:a4:91 brd ff:ff:ff:ff:ff:ff
    inet 172.21.30.1/27 brd 172.21.30.31 scope global ens21
       valid_lft forever preferred_lft forever
    inet6 fe80::34b2:5aff:fecc:a491/64 scope link 
       valid_lft forever preferred_lft forever
6: ens22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 92:5b:ab:3c:75:2f brd ff:ff:ff:ff:ff:ff
    inet 172.30.0.0/31 scope global ens22
       valid_lft forever preferred_lft forever
    inet6 fe80::905b:abff:fe3c:752f/64 scope link 
       valid_lft forever preferred_lft forever
7: ens23: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 9a:a2:c1:97:59:54 brd ff:ff:ff:ff:ff:ff
    inet 172.21.50.1/27 brd 172.21.50.31 scope global ens23
       valid_lft forever preferred_lft forever
    inet6 fe80::98a2:c1ff:fe97:5954/64 scope link 
       valid_lft forever preferred_lft forever
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.10.1.1/29 brd 10.10.1.7 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::ece8:6abc:f8bd:d5f4/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

PRD1FWL100 当前路由表

注意：外部地址已被隐藏

user@prd1fwl100:~$ ip route 
default via 9.9.9.9 dev ens18 proto static 
10.10.1.0/29 dev tun0 proto kernel scope link src 10.10.1.1 
9.9.9.9 via 8.8.8.8 dev ens18 proto static 
172.21.10.0/27 dev ens19 proto kernel scope link src 172.21.10.1 
172.21.20.0/27 dev ens20 proto kernel scope link src 172.21.20.1 
172.21.30.0/27 dev ens21 proto kernel scope link src 172.21.30.1 
172.21.50.0/27 dev ens23 proto kernel scope link src 172.21.50.1 
172.22.10.0/27 via 172.30.0.0 dev ens22 proto static 
172.22.20.0/27 via 172.30.0.0 dev ens22 proto static 
172.30.0.1 via 172.30.0.0 dev ens22 proto static 

user@prd1fwl100:~$ ip route show table local
broadcast 10.10.1.0 dev tun0 proto kernel scope link src 10.10.1.1 
local 10.10.1.1 dev tun0 proto kernel scope host src 10.10.1.1 
broadcast 10.10.1.7 dev tun0 proto kernel scope link src 10.10.1.1 
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 
local 9.9.9.9 dev ens18 proto kernel scope host src 9.9.9.9
broadcast 172.21.10.0 dev ens19 proto kernel scope link src 172.21.10.1 
local 172.21.10.1 dev ens19 proto kernel scope host src 172.21.10.1 
broadcast 172.21.10.31 dev ens19 proto kernel scope link src 172.21.10.1 
broadcast 172.21.20.0 dev ens20 proto kernel scope link src 172.21.20.1 
local 172.21.20.1 dev ens20 proto kernel scope host src 172.21.20.1 
broadcast 172.21.20.31 dev ens20 proto kernel scope link src 172.21.20.1 
broadcast 172.21.30.0 dev ens21 proto kernel scope link src 172.21.30.1 
local 172.21.30.1 dev ens21 proto kernel scope host src 172.21.30.1 
broadcast 172.21.30.31 dev ens21 proto kernel scope link src 172.21.30.1 
broadcast 172.21.50.0 dev ens23 proto kernel scope link src 172.21.50.1 
local 172.21.50.1 dev ens23 proto kernel scope host src 172.21.50.1 
broadcast 172.21.50.31 dev ens23 proto kernel scope link src 172.21.50.1 
local 172.30.0.0 dev ens22 proto kernel scope host src 172.30.0.0 

PRD2FWL100 网络配置：

# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    version: 2
    ethernets:
        # Internet interface
        eth0:
            # Sensitive addressing information have been intentionally changed
            addresses:
            - 3.3.3.3/32
            gateway4: 3.3.3.254
            match:
              macaddress: XX:XX:XX:XX:XX:XX
            # OVH mandatory routes
            routes:
            - to: 3.3.3.3/32
              via: 3.3.3.8
            - to: 0.0.0.0/0
              via: 3.3.3.8
            nameservers:
              addresses:
                - 172.22.10.2
              search:
                - kprd2
            set-name: eth0
        # Tools interface
        eth1:
            addresses:
            - 172.22.10.1/27
            match:
                macaddress: 6a:6d:d1:0a:de:10
            nameservers:
                addresses:
                - 172.22.10.2
                search:
                - kprd2
            set-name: eth1
        # Database interface
        eth2:
            addresses:
            - 172.22.20.1/27
            match:
                macaddress: aa:89:70:41:ed:22
            set-name: eth2
        # VRack Network
        eth3:
            addresses:
            - 172.30.0.1/31
            match:
                macaddress: ZZ:ZZ:ZZ:ZZ:ZZ:ZZ
            routes:
              # Tools network at kprd1
            - to: 172.21.10.0/27
              via: 172.30.0.1
              # WebPrd network at kprd1
            - to: 172.21.20.0/27
              via: 172.30.0.1
              # WebHml network at kprd1
            - to: 172.21.30.0/27
              via: 172.30.0.1
              # WebServer network at kprd1
            - to: 172.21.50.0/27
              via: 172.30.0.1
              # VRack <-> VRack 
            - to: 172.30.0.0
              via: 172.30.0.1
            set-name: eth3

PRD2FWL100当前接口：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether FE:FE:FE:FE:FE brd ff:ff:ff:ff:ff:ff
    inet 7.7.7.7/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::ff:fe92:ec0/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 6a:6d:d1:0a:de:10 brd ff:ff:ff:ff:ff:ff
    inet 172.22.10.1/27 brd 172.22.10.31 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::686d:d1ff:fe0a:de10/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether aa:89:70:41:ed:22 brd ff:ff:ff:ff:ff:ff
    inet 172.22.20.1/27 brd 172.22.20.31 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::a889:70ff:fe41:ed22/64 scope link 
       valid_lft forever preferred_lft forever
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether d6:9f:c5:e4:93:9d brd ff:ff:ff:ff:ff:ff
    inet 172.30.0.1/31 scope global eth3
       valid_lft forever preferred_lft forever
    inet6 fe80::d49f:c5ff:fee4:939d/64 scope link 
       valid_lft forever preferred_lft forever
6: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.10.2.1/29 brd 10.10.2.7 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::d63:c98b:2e1:ad3d/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever

PRD2FWL100 路由表

注意：外部地址已被隐藏

user@prd2fwl100:~$ ip route
default via 144.217.125.8 dev eth0 proto static 
10.10.2.0/29 dev tun0 proto kernel scope link src 10.10.2.1 
9.9.9.9 via 8.8.8.8 dev eth0 proto static 
172.21.10.0/27 via 172.30.0.1 dev eth3 proto static 
172.21.20.0/27 via 172.30.0.1 dev eth3 proto static 
172.21.30.0/27 via 172.30.0.1 dev eth3 proto static 
172.21.50.0/27 via 172.30.0.1 dev eth3 proto static 
172.22.10.0/27 dev eth1 proto kernel scope link src 172.22.10.1 
172.22.20.0/27 dev eth2 proto kernel scope link src 172.22.20.1 
172.30.0.0 via 172.30.0.1 dev eth3 proto static 

user@prd2fwl100:~$ ip route show table local
broadcast 10.10.2.0 dev tun0 proto kernel scope link src 10.10.2.1 
local 10.10.2.1 dev tun0 proto kernel scope host src 10.10.2.1 
broadcast 10.10.2.7 dev tun0 proto kernel scope link src 10.10.2.1 
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1 
local 8.8.8.8 dev eth0 proto kernel scope host src 8.8.8.8 
broadcast 172.22.10.0 dev eth1 proto kernel scope link src 172.22.10.1 
local 172.22.10.1 dev eth1 proto kernel scope host src 172.22.10.1 
broadcast 172.22.10.31 dev eth1 proto kernel scope link src 172.22.10.1 
broadcast 172.22.20.0 dev eth2 proto kernel scope link src 172.22.20.1 
local 172.22.20.1 dev eth2 proto kernel scope host src 172.22.20.1 
broadcast 172.22.20.31 dev eth2 proto kernel scope link src 172.22.20.1 
local 172.30.0.1 dev eth3 proto kernel scope host src 172.30.0.1 

PRD1FRM206 网络配置：

# This file is generated from information provided by the datasource.  Changes
# to it will not persist across an instance reboot.  To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
    version: 2
    ethernets:
        eth0:
            addresses:
            - 172.21.10.7/27
            gateway4: 172.21.10.1
            match:
                macaddress: ca:7a:03:34:a0:43
            nameservers:
                addresses:
                - 172.21.10.2
                search:
                - kprd1
            set-name: eth0

PRD2FRM201 网络配置：

PRD2FRM201 是一个 LXC 主机，在 ProxMox 具有以下配置：

• IP 172.22.10.2/27
• 网关 172.22.10.1
• 网桥 vmbr1

通讯测试：

从 PRD2FWL100，我可以 ping PRD1FRM206 之前的所有跃点：

user@prd2fwl100:~$ ping 172.30.0.0 -c1
PING 172.30.0.0 (172.30.0.0) 56(84) bytes of data.
64 bytes from 172.30.0.0: icmp_seq=1 ttl=64 time=0.671 ms

--- 172.30.0.0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.671/0.671/0.671/0.000 ms

user@prd2fwl100:~$ ping 172.21.10.1 -c1
PING 172.21.10.1 (172.21.10.1) 56(84) bytes of data.
64 bytes from 172.21.10.1: icmp_seq=1 ttl=64 time=0.822 ms

--- 172.21.10.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.822/0.822/0.822/0.000 ms

但我无法 ping 或 arping PRD1FRM206：

user@prd2fwl100:~$ ping 172.21.10.7 -c1
PING 172.21.10.7 (172.21.10.7) 56(84) bytes of data.
From 172.30.0.1 icmp_seq=1 Destination Host Unreachable

--- 172.21.10.7 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

user@prd2fwl100:~$ arping 172.21.10.7 -c1
ARPING 172.21.10.7 from 172.30.0.1 eth3
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

接下来，我将尝试 ping 从 PRD2FRM201 到 PRD1FRM206 的所有 IP：

user@PRD2FRM201:~$ sudo ping 172.22.10.1 -c1
PING 172.22.10.1 (172.22.10.1) 56(84) bytes of data.
64 bytes from 172.22.10.1: icmp_seq=1 ttl=64 time=0.134 ms

--- 172.22.10.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.134/0.134/0.134/0.000 ms

user@PRD2FRM201:~$ sudo ping 172.30.0.1 -c1
PING 172.30.0.1 (172.30.0.1) 56(84) bytes of data.
64 bytes from 172.30.0.1: icmp_seq=1 ttl=64 time=0.159 ms

--- 172.30.0.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.159/0.159/0.159/0.000 ms

同样，有一个地方我不能更进一步：

user@PRD2FRM201:~$ sudo ping 172.30.0.0 -c1
PING 172.30.0.0 (172.30.0.0) 56(84) bytes of data.

--- 172.30.0.0 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms

user@PRD2FRM201:~$ sudo arping 172.30.0.0 -c1
ARPING 172.30.0.0 from 172.22.10.2 eth0
Sent 1 probes (1 broadcast(s))
Received 0 response(s)

我必须做什么才能解决这个问题？

我必须将备份从 Linux MariaDB 恢复到 Windows MariaDB，PowerBI 网关将在其中导入其数据。“mariabackup”是 MariaDB 的物理备份工具。但要恢复它，目标文件夹 ( %programfiles%\MariaDB 10.3\data\) 必须为空。

由于rmdir /S /Q "%programfiles%\MariaDB 10.3\data\将删除“数据”目录（我不想要的！！！），我一直在努力避免在以下脚本（uncompress.bat）中出现这种不需要的行为：

rem Uncompress the backup sent by the linux server
rem and imports it to MariaDB
rem Gilberto Martins - 19/11/2021

rem Uncompress the backup
rem The backup path is "mnt\external01\"
tar -xf c:\users\mariabkp\bkp.tgz -C c:\users\mariabkp\

rem Stop MariaDB
net stop mysql

rem Prepare the Backup for Restoration
"C:\Program Files\MariaDB 10.3\bin\mariabackup.exe" --prepare --target-dir="c:\users\mariabkp\mnt\external01\backup"\

rem Erase the Database files
del /q "C:\Program Files\MariaDB 10.3\data\*.*"
FOR /D %p IN ("c:\Program Files\MariaDB 10.3\data\*") DO rmdir "%p" /s /q

rem Import backup to MariaDB
"C:\Program Files\MariaDB 10.3\bin\mariabackup.exe" --move-back --target-dir="c:\users\mariabkp\mnt\external01\backup"\

rem Restore MariaDB conf file
copy "c:\Users\Administrator\my.ini" "c:\Program Files\MariaDB 10.3\data" /y

rem Start MariaDB
net start mysql

我工作得很好，直到我必须删除要恢复的文件，正如您在前面看到的那样：

Microsoft Windows [Version 10.0.17763.1935]
(c) 2018 Microsoft Corporation. All rights reserved.

C:\Users\Administrator>uncompress.bat

C:\Users\Administrator>rem Uncompress the backup sent by the linux server

C:\Users\Administrator>rem and imports it to MariaDB

C:\Users\Administrator>rem Gilberto Martins - 19/11/2021

C:\Users\Administrator>rem Uncompress the backup

C:\Users\Administrator>rem The backup path is "mnt\external01\backup"

C:\Users\Administrator>tar -xf c:\users\mariabkp\bkp.tgz -C c:\users\mariabkp\

C:\Users\Administrator>rem Stop MariaDB

C:\Users\Administrator>net stop mysql
The MySQL service is stopping.
The MySQL service was stopped successfully.


C:\Users\Administrator>rem Prepare the Backup for Restoration

C:\Users\Administrator>"C:\Program Files\MariaDB 10.3\bin\mariabackup.exe" --prepare --target-dir="c:\users\mariabkp\mnt\external01\backup"\
C:\Program Files\MariaDB 10.3\bin\mariabackup.exe based on MariaDB server 10.3.31-MariaDB Win64 (AMD64)
[00] 2021-11-22 16:26:29 cd to c:\users\mariabkp\mnt\external01\backup\
[00] 2021-11-22 16:26:29 open files limit requested 0, set to 0
[00] 2021-11-22 16:26:29 This target seems to be not prepared yet.
[00] 2021-11-22 16:26:29 mariabackup: using the following InnoDB configuration for recovery:
[00] 2021-11-22 16:26:29 innodb_data_home_dir = .
[00] 2021-11-22 16:26:29 innodb_data_file_path = ibdata1:12M:autoextend
[00] 2021-11-22 16:26:29 innodb_log_group_home_dir = .
[00] 2021-11-22 16:26:29 Starting InnoDB instance for recovery.
[00] 2021-11-22 16:26:29 mariabackup: Using 104857600 bytes for buffer pool (set by --use-memory parameter)
2021-11-22 16:26:29 0 [Note] InnoDB: Mutexes and rw_locks use Windows interlocked functions
2021-11-22 16:26:29 0 [Note] InnoDB: Uses event mutexes
2021-11-22 16:26:29 0 [Note] InnoDB: Compressed tables use zlib 1.2.11
2021-11-22 16:26:29 0 [Note] InnoDB: Number of pools: 1
2021-11-22 16:26:29 0 [Note] InnoDB: Using SSE2 crc32 instructions
2021-11-22 16:26:29 0 [Note] InnoDB: Initializing buffer pool, total size = 100M, instances = 1, chunk size = 100M
2021-11-22 16:26:29 0 [Note] InnoDB: Completed initialization of buffer pool
2021-11-22 16:26:29 0 [Note] InnoDB: Starting crash recovery from checkpoint LSN=7032026737757
2021-11-22 16:26:29 0 [Note] InnoDB: Starting final batch to recover 68 pages from redo log.
[00] 2021-11-22 16:26:30 Last binlog file , position 0
[00] 2021-11-22 16:26:31 completed OK!

C:\Users\Administrator>rem Erase the Database files

C:\Users\Administrator>del /q "C:\Program Files\MariaDB 10.3\data\*.*"
\Program was unexpected at this time.

C:\Users\Administrator>FOR /D \Program Files\MariaDB 10.3\data\*") DO rmdir "p" /s /q

C:\Users\Administrator>

我的问题：

1. 为什么\Program was unexpected at this time.当我尝试时出现消息del /q "C:\Program Files\MariaDB 10.3\data\*.*"

2. 为什么原始指令FOR /D %p IN ("c:\Program Files\MariaDB 10.3\data\*") DO rmdir "%p" /s /q回显为FOR /D \Program Files\MariaDB 10.3\data\*") DO rmdir "p" /s /q？看起来（但我不确定）它可能与“%p”变量有关。

3. 为什么剩下的指令（导入备份、恢复 my.ini 和启动 MariaDB）没有执行？

我不得不承认，我是 Windows 脚本的新手。而且我认为没有必要为一个脚本安装完整的 Python3！

更新：我试图在“准备备份以进行恢复”之前“擦除数据库文件”，但我得到了相同的结果，即它在“FOR”指令处停止。

根据此图，两个 PVE 中的每一个都有 1 个用于防火墙的 VM 和几个其他 VM，它们组织在子网中，使用 RFC1918 进行寻址

为了更好地理解，这是网络寻址：

PVE01 - Net 01 - 172.1.10.0/27
PVE01 - Net 02 - 172.1.20.0/27
PVE01 - Net 03 - 172.1.30.0/27

PVE02 - Net 01 - 172.2.10.0/27
PVE02 - Net 02 - 172.2.20.0/27
PVE02 - Net 03 - 172.2.30.0/27

实际上，结构中的任何服务器都能够与任何其他服务器通信进入同一个 PVE。目标是让服务器 A 的任何 VM 与服务器 B 的任何 VM 通信，反之亦然。两个 PVE 已经连接到 OVH Web Manager 中的同一个 VRack（这是我按照 OVH 文档可以做的最好的）

我希望两个防火墙都通过 VRack 进行通信。有人做过这样的配置吗？如果是这样，是否有任何文档可以帮助我了解如何配置这两个接口？