所以我有这个网络服务器,它接受传入的流量并能够回复回复。但是,如果服务器必须启动任何类型的流量(icmp/tcp..),它就会失败:它已经运行了 > 600 天,不确定这有什么关系..
症状:
root@server:~# ping -vv 10.0.10.80
ping: socket: Permission denied, attempting raw socket...
ping: socket: Permission denied, attempting raw socket...
connect: Invalid argument
root@server:~# strace -e socket ping 8.8.8.8
socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP) = 3
socket(AF_INET6, SOCK_DGRAM, IPPROTO_ICMPV6) = 4
socket(AF_INET, SOCK_DGRAM, IPPROTO_IP) = 5
connect: Invalid argument
+++ exited with 2 +++
root@server:~# telnet 193.162.159.97 80
Trying 193.162.159.97...
telnet: Unable to connect to remote host: Invalid argument
root@server:~# curl http://193.162.159.97
curl: (7) Couldn't connect to server
root@server:~# curl -vv http://193.162.159.97
* Rebuilt URL to: http://193.162.159.97/
* Trying 193.162.159.97...
* TCP_NODELAY set
* Immediate connect fail for 193.162.159.97: Invalid argument
* Closing connection 0
curl: (7) Couldn't connect to server
环境:
root@server:~# ufw status
Status: inactive
root@server:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@server:~# iptables -nvL
Chain INPUT (policy ACCEPT 3265 packets, 274K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2486 packets, 484K bytes)
pkts bytes target prot opt in out source destination
root@server:~# iptables -nvL -t nat
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=18.04
DISTRIB_CODENAME=bionic
DISTRIB_DESCRIPTION="Ubuntu 18.04.1 LTS"
root@server:~# netstat -rn4
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.11.1 0.0.0.0 UG 0 0 0 ens160
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
我还在这个和一个工作服务器上对 sysctl 的“net.ipv4”输出做了一个差异,我找不到任何可能的差异..
这里发生了什么?我该如何解决?
更新!!!我刚试过这个:
root@server:~# ping 10.8.1.235
connect: Invalid argument
root@server:~# route add -host 10.8.1.235 gw 192.168.11.1
root@server:~# ping 10.8.1.235
PING 10.8.1.235 (10.8.1.235) 56(84) bytes of data.
64 bytes from 10.8.1.235: icmp_seq=1 ttl=61 time=4.75 ms
64 bytes from 10.8.1.235: icmp_seq=2 ttl=61 time=4.78 ms
^C
--- 10.8.1.235 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 4.751/4.766/4.782/0.070 ms
我的路由表:
root@server:~# route -vn -4
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.11.1 0.0.0.0 UG 100 0 0 ens160
10.8.1.235 192.168.11.1 255.255.255.255 UGH 0 0 0 ens160
192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 ens160
我的怀疑是这个VM最初使用的是dhcp,而默认路由是由dhcp安装的。一旦我添加了一个新的(相同的)默认路由: route add -net 0.0.0.0/0 gw 192.168.11.1 然后一切又开始工作了......
不幸的是,这不是我目前允许重新启动的服务器,所以我们需要看看这是否能永久解决这个问题。
我想了解如何查看有关我现在拥有的两条默认路由的更多详细信息,因为原始路由可能无法正常工作。