freshjerky's questions

我无法在我的 ubuntu 服务器的 lan 端和 wan 端之间路由数据包。我正在寻求帮助。我的服务器上有 5 个以太网端口 - 1 个板载（eth0，用于 wan）和 4 个在 PCI 卡中（eth1-eth4，绑定在一起作为 bond0，用于 lan）。任何帮助表示赞赏。提前致谢。

来自通过 DHCP 获得 IP 的直接连接的 Windows 机器的一些 ping 测试。

C:\用户\麦克>ipconfig

Windows IP Configuration


Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : servo.firewall
   Link-local IPv6 Address . . . . . : fe80::ec54:579a:a4b5:991f%9
   IPv4 Address. . . . . . . . . . . : 10.10.10.108
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.10.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.pa.comcast.net

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.servo.firewall:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : servo.firewall

C:\Users\mike>ping 10.10.10.1 <- 服务器

Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=15ms TTL=64
Reply from 10.10.10.1: bytes=32 time<1ms TTL=64
Reply from 10.10.10.1: bytes=32 time=1ms TTL=64
Reply from 10.10.10.1: bytes=32 time<1ms TTL=64

Ping statistics for 10.10.10.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 15ms, Average = 4ms

C:\Users\mike>ping 10.0.0.1 <- WAN 上的当前网关地址

Pinging 10.0.0.1 with 32 bytes of data: 
Control-C
^C

C:\Users\mike>ping yahoo.com <- DNS 测试

Ping request could not find host yahoo.com. Please check the name and try again.

C:\Users\mike>ping 8.8.8.8 <- public ip test

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out. 
Request timed out.

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

以下是我编辑以尝试使其正常工作的信息。

/etc/default/ufw

DEFAULT_FORWARD_POLICY="ACCEPT"

/etc/ufw/sysctl.conf

net.ipv4.ip_forward=1
net/ipv6/conf/default/forwarding=1
net/ipv6/conf/all/forwarding=1

/etc/ufw/before.rules

# NAT table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Forward traffic through eth0 - Change to match you out-interface
-A POSTROUTING -s 10.10.10.0/24 -o eth0 -j MASQUERADE

# don't delete the 'COMMIT' line or these nat table rules won't
# be processed
COMMIT

/etc/网络/接口

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet manual
bond-master bond0

auto eth2
iface eth2 inet manual
bond-master bond0

auto eth3
iface eth3 inet manual
bond-master bond0

auto eth4
iface eth4 inet manual
bond-master bond0

auto bond0
iface bond0 inet static
address 10.10.10.1
netmask 255.255.255.0
bond-mode broadcast
bond-miimon 100
bond-slaves eth1 eth2 eth3 eth4
post-up iptables-restore < /etc/iptables.up.rules
post-up ip6tables-restore < /etc/ip6tables.up.rules

如果配置

bond0     Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          inet addr:10.10.10.1  Bcast:10.10.10.255  Mask:255.255.255.0
          inet6 addr: fe80::226:55ff:fedc:d84f/64 Scope:Link
          UP BROADCAST MASTER MULTICAST  MTU:1500  Metric:1
          RX packets:3209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1362 errors:0 dropped:2 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:439418 (439.4 KB)  TX bytes:148509 (148.5 KB)

docker0   Link encap:Ethernet  HWaddr 02:42:d7:46:11:85
          inet addr:172.17.0.1  Bcast:0.0.0.0  Mask:255.255.0.0
          inet6 addr: fe80::42:d7ff:fe46:1185/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23734 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:536 (536.0 B)  TX bytes:1631564 (1.6 MB)

eth0      Link encap:Ethernet  HWaddr 44:8a:5b:cd:95:56
          inet addr:10.0.0.201  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: fe80::468a:5bff:fecd:9556/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:362525 errors:0 dropped:0 overruns:0 frame:0
          TX packets:134713 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:91216243 (91.2 MB)  TX bytes:48392528 (48.3 MB)

eth1      Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:34 Memory:fe920000-fe940000

eth2      Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:40 Memory:fe900000-fe920000

eth3      Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:42 Memory:fe720000-fe740000

eth4      Link encap:Ethernet  HWaddr 00:26:55:dc:d8:4f
          UP BROADCAST SLAVE MULTICAST  MTU:1500  Metric:1
          RX packets:3209 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1362 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:439418 (439.4 KB)  TX bytes:148509 (148.5 KB)
          Interrupt:44 Memory:fe700000-fe720000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:48953 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48953 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:8562847 (8.5 MB)  TX bytes:8562847 (8.5 MB)

vethdcf53dc Link encap:Ethernet  HWaddr 42:f9:a6:0e:bc:7a
          inet6 addr: fe80::40f9:a6ff:fe0e:bc7a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23750 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:648 (648.0 B)  TX bytes:1634701 (1.6 MB)

sudo iptables -t nat -L -v

Chain PREROUTING (policy ACCEPT 2629 packets, 1186K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 125 packets, 32492 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 368 packets, 32186 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 368 packets, 32186 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  any    eth0    10.10.10.0/24        anywhere

Chain DOCKER (0 references)
 pkts bytes target     prot opt in     out     source               destination

当我对电子邮件运行 spamassassin 命令时，它会正确地将电子邮件识别为垃圾邮件，并且看起来好像已添加了标题。但是该文件实际上并未更新，并且标题保持不变。由于我在这里的声誉，我无法发布命令的实际输出。任何帮助表示赞赏。谢谢你。

首先，/etc/spamassassin/local.cf 有 'report_safe 0'

基本上，例如，我在一封电子邮件上运行以下命令。

mike@servo:/mnt/filestore/mail/mike$ spamassassin INBOX/cur/1476677884_0.3597.servo\,U\=678\,FMD5\=7e33429f656f1e6e9d79b29c3f82c57e:2\,

其结果包括带有可见 X-Spam 标头的整个电子邮件。在这种情况下，以“X-Spam-Status: Yes, score=24.0 required=5.0”为例。

然后我只是用“更多”查看文件。但 X-Spam 标头不可见。什么都没有改变。

mike@servo:/mnt/filestore/mail/mike$ 更多 INBOX/cur/1476677884_0.3597.servo\,U\=678\,FMD5\=7e33429f656f1e6e9d79b29c3f82c57e:2\,

编辑：我还想指出，使用 spamc 命令而不是 spamassassin 会产生相同的结果。除非我完全弄错了这应该如何表现 - 命令实际上应该写入文件而不仅仅是输出结果，对吗？- 那么也许这是一个许可问题？安装 spamassassin 的用户似乎是 debian-spamd，我所有的邮件都存储为 -rw-rw-r-- mike:mike。但是，我找不到任何日志来证明权限错误。