debian – Linux路由器：ping不回路

概述我有一个Debian盒子,我正在尝试将其设置为路由器和Ubuntu盒子,我将其用作客户端. 我的问题是,当Ubuntu客户端尝试ping Internet上的服务器时,所有数据包都会丢失(但是,正如您在下面看到的那样,它们似乎没有问题地转到服务器并返回). 我在Ubuntu Box中这样做： # ping -I eth1 my.remote-server.comPING my.remote-se 我有一个Debian盒子,我正在尝试将其设置为路由器和Ubuntu盒子,我将其用作客户端.

我的问题是,当Ubuntu客户端尝试Ping Internet上的服务器时,所有数据包都会丢失(但是,正如您在下面看到的那样,它们似乎没有问题地转到服务器并返回).

我在Ubuntu Box中这样做：

@H_404_6@# Ping -I eth1 my.remote-server.comPing my.remote-server.com (X.X.X.X) from 10.1.1.12 eth1: 56(84) bytes of data.^C--- my.remote-server.com Ping statistics ---13 packets transmitted,0 received,100% packet loss,time 12094ms

(为了隐私,我更改了远程服务器的名称和IP).

从Debian路由器我看到：

@H_404_6@# tcpdump -i eth1 -qtln icmptcpdump: verbose output suppressed,use -v or -vv for full protocol decodeListening on eth1,link-type EN10MB (Ethernet),capture size 65535 bytesIP X.X.X.X > 10.1.1.12: ICMP echo reply,ID 305,seq 7,length 64IP 10.1.1.12 > X.X.X.X: ICMP echo request,seq 8,length 64IP X.X.X.X > 10.1.1.12: ICMP echo reply,seq 9,seq 10,seq 11,length 64^C9 packets captured9 packets received by filter0 packets dropped by kernel# tcpdump -i eth2 -qtln icmptcpdump: verbose output suppressed,use -v or -vv for full protocol decodeListening on eth2,capture size 65535 bytesIP 192.168.1.10 > X.X.X.X: ICMP echo request,ID 360,seq 213,length 64IP X.X.X.X > 192.168.1.10: ICMP echo reply,length 64IP 192.168.1.10 > X.X.X.X: ICMP echo request,seq 214,seq 215,seq 216,seq 217,length 64^C10 packets captured10 packets received by filter0 packets dropped by kernel

在远程服务器上,我看到：

@H_404_6@# tcpdump -i eth0 -qtln icmptcpdump: verbose output suppressed,use -v or -vv for full protocol decodeListening on eth0,capture size 96 bytesIP Y.Y.Y.Y > X.X.X.X: ICMP echo request,seq 1,length 64IP X.X.X.X > Y.Y.Y.Y: ICMP echo reply,length 64IP Y.Y.Y.Y > X.X.X.X: ICMP echo request,seq 2,seq 3,seq 4,seq 5,seq 6,length 6418 packets captured228 packets received by filter92 packets dropped by kernel

这里“X.X.X.X”是我的远程服务器的IP,“Y.Y.Y.Y”是我本地网络的公共IP.
所以,我的理解是Ping数据包来自Ubuntu框(10.1.1.12),
到路由器(10.1.1.1),从那里到下一个路由器(192.168.1.1)并到达远程服务器(X.X.X.X).然后他们一直回到Debian路由器,但他们从未到达Ubuntu盒子.

我错过了什么？

这是Debian路由器设置：

@H_404_6@# ifconfigeth1 link encap:Ethernet HWaddr 94:0c:6d:82:0d:98 inet addr:10.1.1.1 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::960c:6dff:fe82:d98/64 Scope:link UP broADCAST RUNNING MulTICAST MTU:1500 Metric:1 RX packets:105761 errors:0 dropped:0 overruns:0 frame:0 TX packets:48944 errors:0 dropped:0 overruns:0 carrIEr:0 collisions:0 txqueuelen:1000 RX bytes:40298768 (38.4 MiB) TX bytes:44831595 (42.7 MiB) Interrupt:19 Base address:0x6000 eth2 link encap:Ethernet HWaddr 6c:f0:49:a4:47:38 inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::6ef0:49ff:fea4:4738/64 Scope:link UP broADCAST RUNNING MulTICAST MTU:1500 Metric:1 RX packets:38335992 errors:0 dropped:0 overruns:0 frame:0 TX packets:37097705 errors:0 dropped:0 overruns:0 carrIEr:1 collisions:0 txqueuelen:1000 RX bytes:4260680226 (3.9 GiB) TX bytes:3759806551 (3.5 GiB) Interrupt:27 eth3 link encap:Ethernet HWaddr 94:0c:6d:82:c8:72 UP broADCAST MulTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrIEr:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:20 Base address:0x2000 lo link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:3408 errors:0 dropped:0 overruns:0 frame:0 TX packets:3408 errors:0 dropped:0 overruns:0 carrIEr:0 collisions:0 txqueuelen:0 RX bytes:358445 (350.0 KiB) TX bytes:358445 (350.0 KiB)tun0 link encap:Unspec HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINtopOINT RUNNING NOARP MulTICAST MTU:1500 Metric:1 RX packets:2767779 errors:0 dropped:0 overruns:0 frame:0 TX packets:1569477 errors:0 dropped:0 overruns:0 carrIEr:0 collisions:0 txqueuelen:100 RX bytes:3609469393 (3.3 GiB) TX bytes:96113978 (91.6 MiB)# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.8.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo10.8.0.0 10.8.0.2 255.255.255.0 UG 0 0 0 tun0192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth210.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth10.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth2# arp -n # Note: Here I have changed all the different MACs except the ones corresponding to the Ubuntu Box (on 10.1.1.12 and 192.168.1.12)Address HWtype HWaddress Flags Mask Iface192.168.1.118 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.72 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.94 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.102 ether NN:NN:NN:NN:NN:NN C eth210.1.1.12 ether 00:1e:67:15:2b:f0 C eth1192.168.1.86 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.2 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.61 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.64 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.116 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.91 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.52 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.93 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.87 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.92 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.100 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.40 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.53 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.1 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.83 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.89 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.12 ether 00:1e:67:15:2b:f1 C eth2192.168.1.77 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.66 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.90 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.65 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.41 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.78 ether NN:NN:NN:NN:NN:NN C eth2192.168.1.123 ether NN:NN:NN:NN:NN:NN C eth2# iptables -L -nChain input (policy ACCEPT)target prot opt source destination Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination # iptables -L -n -t natChain PREROUTING (policy ACCEPT)target prot opt source destination Chain POSTROUTING (policy ACCEPT)target prot opt source destination MASQUERADE all -- 10.1.1.0/24 !10.1.1.0/24 MASQUERADE all -- !10.1.1.0/24 10.1.1.0/24 Chain OUTPUT (policy ACCEPT)target prot opt source destination

这是Ubuntu盒子：

@H_404_6@# ifconfigeth0 link encap:Ethernet HWaddr 00:1e:67:15:2b:f1 inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21e:67ff:fe15:2bf1/64 Scope:link UP broADCAST RUNNING MulTICAST MTU:1500 Metric:1 RX packets:28785139 errors:0 dropped:0 overruns:0 frame:0 TX packets:19050735 errors:0 dropped:0 overruns:0 carrIEr:0 collisions:0 txqueuelen:1000 RX bytes:32068182803 (32.0 GB) TX bytes:6061333280 (6.0 GB) Interrupt:16 Memory:b1a00000-b1a20000 eth1 link encap:Ethernet HWaddr 00:1e:67:15:2b:f0 inet addr:10.1.1.12 Bcast:10.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::21e:67ff:fe15:2bf0/64 Scope:link UP broADCAST RUNNING MulTICAST MTU:1500 Metric:1 RX packets:285086 errors:0 dropped:0 overruns:0 frame:0 TX packets:12719 errors:0 dropped:0 overruns:0 carrIEr:0 collisions:0 txqueuelen:1000 RX bytes:30817249 (30.8 MB) TX bytes:2153228 (2.1 MB) Interrupt:16 Memory:b1900000-b1920000 lo link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:86048 errors:0 dropped:0 overruns:0 frame:0 TX packets:86048 errors:0 dropped:0 overruns:0 carrIEr:0 collisions:0 txqueuelen:0 RX bytes:11426538 (11.4 MB) TX bytes:11426538 (11.4 MB)# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth00.0.0.0 10.1.1.1 0.0.0.0 UG 100 0 0 eth110.1.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth110.8.0.0 192.168.1.10 255.255.255.0 UG 0 0 0 eth0169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 eth0192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth0# arp -n# Note: Here I have changed all the different MACs except the ones corresponding to the Debian Box (on 10.1.1.1 and 192.168.1.10)Address HWtype HWaddress Flags Mask Iface192.168.1.70 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.90 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.97 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.103 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.13 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.120 (incomplete) eth0192.168.1.111 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.118 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.51 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.102 (incomplete) eth0192.168.1.64 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.52 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.74 (incomplete) eth0192.168.1.94 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.121 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.72 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.87 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.91 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.71 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.78 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.83 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.88 (incomplete) eth0192.168.1.82 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.98 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.100 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.93 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.73 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.11 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.85 (incomplete) eth0192.168.1.112 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.89 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.65 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.81 ether NN:NN:NN:NN:NN:NN C eth010.1.1.1 ether 94:0c:6d:82:0d:98 C eth1192.168.1.53 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.116 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.61 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.10 ether 6c:f0:49:a4:47:38 C eth0192.168.1.86 (incomplete) eth0192.168.1.119 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.66 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.1 ether NN:NN:NN:NN:NN:NN C eth0192.168.1.1 ether NN:NN:NN:NN:NN:NN C eth1192.168.1.92 ether NN:NN:NN:NN:NN:NN C eth0# iptables -L -nChain input (policy ACCEPT)target prot opt source destination Chain FORWARD (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination # iptables -L -n -t natChain PREROUTING (policy ACCEPT)target prot opt source destination Chain input (policy ACCEPT)target prot opt source destination Chain OUTPUT (policy ACCEPT)target prot opt source destination Chain POSTROUTING (policy ACCEPT)target prot opt source destination

编辑：按照Patrick的建议,我做了一个tcpdump con Ubuntu框,我看到了这个：

@H_404_6@# tcpdump -i eth1 -qtln icmptcpdump: verbose output suppressed,capture size 65535 bytesIP 10.1.1.12 > X.X.X.X: ICMP echo request,ID 21967,length 64^C12 packets captured12 packets received by filter0 packets dropped by kernel

所以问题是：如果所有数据包似乎都来了,为什么Ping报告100％丢包？

解决方法 从您在评论中的问题：

On the Remote Server I see requests and replIEs. But on the Debian router I don’t see anything… on none of the interfaces! My guess is that Now,the Ubuntu Box is talking directly to the router on 192.168.1.1 THOUGH sending requests with IP 10.1.1.12,so it can’t route back. But why??

从ubuntu服务器：

@H_404_6@# route -nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0 <---0.0.0.0 10.1.1.1 0.0.0.0 UG 100 0 0 eth1

在您捕获此路由表时,您有一个较低的度量标准默认值,通过eth0指向您的路由器192.168.1.1(即不是debian机器).始终遵循较低的度量标准默认值,这意味着Ubuntu希望将所有未连接的流量直接发送到192.168.1.1.

如果您有停机时间,请删除该默认值

@H_404_6@route del default gw 192.168.1.1 dev eth0

我仍在酝酿更大的问题(原始的嗅探器痕迹显示了对Ubuntu的Ping回复：eth1,但 *** 作系统没有接受Ping).你可以从Ubuntu Ping：eth1并同时捕获Debian：eth2来强制Ubuntu再次通过Debian发送所有流量后演示NAT发生了什么？

总结

以上是内存溢出为你收集整理的debian – Linux路由器：ping不回路全部内容，希望文章能够帮你解决debian – Linux路由器：ping不回路所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。