谁遇到过这样的怪现像?请求帮助|Linux系统专区人人网,QQ空间,登陆,renren,注册,校内,刷人气

离线隔壁臭啊.

初中三年级

发帖: 2117

C币: -235085

威望: 407

贡献值: 1

银元: -3

铜钱: 4779

人人网人气币: 0

只看楼主倒序阅读使用道具楼主发表于: 2009-05-01

一台linux作网关,所.有电脑均可正常上网,可正常ping(网关,任意地址都正常).;          婚庆

但该台linux ping任.何地址均无法ping通,甚至连ping127.0.0..1也无法ping通域名

查看了hosts文件,.正常;na.meserver配置正常;域名

ifconfig如下:

lo        Link. encap:Loca.l Loopback  <性病>
          inet a.ddr:127.0.0.1 . Mask:255.0.0.0             汽车
  .        UP LOOPBACK RUNNING  .MTU:16436  Metric:1外贸
       .   RX packets:9 errors:0 dropped:0 overruns:0 fr.ame:0教育
       .   TX packets:9 errors:0 dropped:0 overruns:.0 carrier:0          婚庆
      .    colli.sions:0 txqueuelen:0 .
        .  RX bytes:984 (984.0 b)  TX. bytes:984 (984.0 b)              乙肝

使用iptables做了些限制,但估计不是.这.个原因吧?--- 印刷

连127.0.0.1都不通

请帮看看是怎么回事,谢谢!!

评价一下你浏览此帖子的感受

分享到 淘江湖新浪 QQ微博 QQ空间开心人人豆瓣网易微博百度鲜果白社会飞信

离线sinxyz.

初中三年级

发帖: 2007

C币: -60545

威望: 390

贡献值: 1

银元: 0

铜钱: 4476

人人网人气币: 0

只看该作者沙发发表于: 2010-04-13

ping127.0.0.1不通是你作了限制吧

查看你的 /proc/sys/net/ipv4/icmp_echo_ignore_all 如果是0，则可以ping通，如果是1则ping不通

[ 本帖最后由 yuio654 于 2007-6-28 15:21 编辑 ]

离线愤怒的土豆.

初中三年级

发帖: 1998

C币: -193550

威望: 372

贡献值: 1

银元: -2

铜钱: 4466

人人网人气币: 0

只看该作者板凳发表于: 2010-04-13

看了,该文件是0

不止127.0.0.1不通,而是所有ip全部不通

但通这台网关机上网的所有电脑都很正常

[ 本帖最后由 deep2001 于 2007-6-28 15:38 编辑 ]

离线心只有之.

初中三年级

发帖: 2032

C币: -60525

威望: 390

贡献值: 1

银元: -5

铜钱: 4497

人人网人气币: 0

只看该作者地板发表于: 2010-04-13

帖结果
ifconfig -a
iptables-save

另外找一下开机都启动了那些程序。

离线stonys.

初中三年级

发帖: 2088

C币: -193243

威望: 404

贡献值: 1

银元: -2

铜钱: 4686

人人网人气币: 0

只看该作者 4楼发表于: 2010-04-13

ifconfig -a的结果（外网地址以XXXX代替，外网广播地址以XXX255代替）：

eth0 Link encap:Ethernet HWaddr 00:10:5A:5EB:1E

          inet addr:192.168.1.254  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:359424 errors:0 dropped:0 overruns:0 frame:0
          TX packets:291329 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:348952094 (332.7 Mb)  TX bytes:84176244 (80.2 Mb)
          Interrupt:5 Base address:0xe400

eth1      Link encap:Ethernet  HWaddr 00:01:02:97:9DF

          inet addr:192.168.2.254  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1788739 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1614261 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:394482732 (376.2 Mb)  TX bytes:1366247939 (1302.9 Mb)
          Interrupt:5 Base address:0xe800

eth1:0    Link encap:Ethernet  HWaddr 00:01:02:97:9DF

          inet addr:10.162.16.126  Bcast:10.162.16.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882654 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027802 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260231 (1339.2 Mb)  TX bytes:684999823 (653.2 Mb)
          Interrupt:5 Base address:0xe800

eth2      Link encap:Ethernet  HWaddr 00:04:76:71:3C:64
          inet addr:XXXX  Bcast:XXX255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882654 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027802 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260231 (1339.2 Mb)  TX bytes:684999823 (653.2 Mb)
          Interrupt:5 Base address:0xec00

eth2:0    Link encap:Ethernet  HWaddr 00:04:76:71:3C:64
          inet addr:XXXX  Bcast:XXX255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882654 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027802 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260231 (1339.2 Mb)  TX bytes:684999823 (653.2 Mb)
          Interrupt:5 Base address:0xec00

eth2:1    Link encap:Ethernet  HWaddr 00:04:76:71:3C:64
          inet addr:XXXX  Bcast:XXX255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882655 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027804 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260297 (1339.2 Mb)  TX bytes:685002835 (653.2 Mb)
          Interrupt:5 Base address:0xec00

eth2:2    Link encap:Ethernet  HWaddr 00:04:76:71:3C:64
          inet addr:XXXX  Bcast:XXX255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882655 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027804 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260297 (1339.2 Mb)  TX bytes:685002835 (653.2 Mb)
          Interrupt:5 Base address:0xec00

eth2:3    Link encap:Ethernet  HWaddr 00:04:76:71:3C:64
          inet addr:XXXX  Bcast:XXX255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882655 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027804 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260297 (1339.2 Mb)  TX bytes:685002835 (653.2 Mb)
          Interrupt:5 Base address:0xec00

eth2:4    Link encap:Ethernet  HWaddr 00:04:76:71:3C:64
          inet addr:XXXX  Bcast:XXX255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882655 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027805 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260297 (1339.2 Mb)  TX bytes:685002895 (653.2 Mb)
          Interrupt:5 Base address:0xec00

eth2:5    Link encap:Ethernet  HWaddr 00:04:76:71:3C:64
          inet addr:XXXX  Bcast:XXX255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882655 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027805 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260297 (1339.2 Mb)  TX bytes:685002895 (653.2 Mb)
          Interrupt:5 Base address:0xec00

eth2:6    Link encap:Ethernet  HWaddr 00:04:76:71:3C:64
          inet addr:XXXX  Bcast:XXX255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1882656 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2027806 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1404260363 (1339.2 Mb)  TX bytes:685004401 (653.2 Mb)
          Interrupt:5 Base address:0xec00

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:101 errors:0 dropped:0 overruns:0 frame:0
          TX packets:101 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12027 (11.7 Kb)  TX bytes:12027 (11.7 Kb)
---------------------------------------------------------------

主要的iptables配置：

iptables -F
iptables -X
iptables -Z
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:0 --dport 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:1 --dport 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:2 --dport 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:3 --dport 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:4 --dport 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:5 --dport 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:6 --dport 80 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 22 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:0 --dport 22 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:1 --dport 22 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:2 --dport 22 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:3 --dport 22 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:4 --dport 22 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:5 --dport 22 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 23 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:0 --dport 23 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:1 --dport 23 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:2 --dport 23 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:3 --dport 23 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:4 --dport 23 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 53 -j ACCEPT
iptables -A INPUT -p UDP -i eth2 --dport 53 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 110 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 443 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 21 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:0 --dport 21 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:1 --dport 21 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:2 --dport 21 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:3 --dport 21 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:4 --dport 21 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:5 --dport 21 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 6001 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 6002 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 6003 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 6004 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 6005 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 6006 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 6007 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 7002 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:1 --dport 7002 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:1 --dport 3389 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 3389 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 7890 -j ACCEPT
iptables -A INPUT -p TCP -i eth1 --dport 8001 -j ACCEPT
iptables -A INPUT -p icmp -i eth1 -j ACCEPT
iptables -A INPUT -p TCP -i eth1 --dport 23 -j ACCEPT
iptables -A INPUT -p TCP -i eth1 --dport 21 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 8115 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 8116 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:2 --dport 8005 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 7001 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 8089 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:0 --dport 7001 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:0 --dport 8089 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:0 --dport 3389 -j ACCEPT
iptables -A INPUT -p TCP -i eth2:0 --dport 88 -j ACCEPT
iptables -A INPUT -p TCP -i eth2 --dport 8080 -j ACCEPT

arp -H ether -i eth1 -f

iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.162.16.0/24 -j MASQUERADE

[ 本帖最后由 deep2001 于 2007-6-28 17:23 编辑 ]

离线pon1pon.

初中三年级

发帖: 2175

C币: -313393

威望: 404

贡献值: 3

银元: -3

铜钱: 4936

人人网人气币: 0

只看该作者 5楼发表于: 2010-04-13

请帮仔细看看是什么回事，谢谢了!

离线janezhang.

初中三年级

发帖: 2088

C币: -235397

威望: 404

贡献值: 1

银元: -2

铜钱: 4730

人人网人气币: 0

只看该作者 6楼发表于: 2010-04-13

这是ping 127.0.0.1的结果，按ctrl+c中断：

[root@mygateway etc]# ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.

--- 127.0.0.1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5013ms

ping 192.168.2.254的结果：
[root@mygateway etc]# ping 192.168.2.254
PING 192.168.2.254 (192.168.2.254) 56(84) bytes of data.

--- 192.168.2.254 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4013ms

离线zybt.

初中三年级

发帖: 2081

C币: -235379

威望: 364

贡献值: 1

银元: -2

铜钱: 4606

人人网人气币: 0

只看该作者 7楼发表于: 2010-04-13

貌似是你自己把自己drop了，然后却允许别人input,是么？

离线junsan.

初中三年级

发帖: 2098

C币: -198917

威望: 360

贡献值: 1

银元: -6

铜钱: 4659

人人网人气币: 0

只看该作者 8楼发表于: 2010-04-13

两个问题

1、INPUT 默认是 DROP，你只允许了进入的，但没有允许自己发出的包的回包，因此自己发起 ping 的时候没能有回包进入自己从而导致无法 ping 通
iptables -I INPUT -i lo -j ACCEPT
iptables -I INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
上面两条应该可以解决你的问题

2、iptables.c 的代码如下
匹配接口部分
                if (fw->ip.iniface[0] != '\0') {
                        strcat(iface, fw->ip.iniface);
                }
                else if (format & FMT_NUMERIC) strcat(iface, "*");
                else strcat(iface, "any");
                printf(FMT(" %-6s ","in %s "), iface);

ipt_entry 结构体定义
struct ipt_entry
{
        struct ipt_ip ip;

        /* Mark with fields that we care about. */
        unsigned int nfcache;

        /* Size of ipt_entry + matches */
        u_int16_t target_offset;
        /* Size of ipt_entry + matches + target */
        u_int16_t next_offset;

        /* Back pointer */
        unsigned int comefrom;

        /* Packet and byte counters. */
        struct ipt_counters counters;

        /* The matches (if any), then the target. */
        unsigned char elems[0];
};

ipt_ip 结构体定义
/* Yes, Virginia, you have to zero the padding. */
struct ipt_ip {
        /* Source and destination IP addr */
        struct in_addr src, dst;
        /* Mask for src and dest IP addr */
        struct in_addr smsk, dmsk;
        char iniface[IFNAMSIZ], outiface[IFNAMSIZ];
        unsigned char iniface_mask[IFNAMSIZ], outiface_mask[IFNAMSIZ];

        /* Protocol, 0 = ANY */
        u_int16_t proto;

        /* Flags word */
        u_int8_t flags;
        /* Inverse flags */
        u_int8_t invflags;
};

iptables 取到的是真实的物理设备名字，而非 alias 别名，你前面做的很多针对 eth2:n 的规则是多此一举的
若要做到精确匹配，应该把 -i eth2:2 这样的匹配换成 -d xxxx

[ 本帖最后由 platinum 于 2007-6-28 17:38 编辑 ]

离线nxbbs.

初中三年级

发帖: 2019

C币: -139325

威望: 383

贡献值: 1

银元: -4

铜钱: 4555

人人网人气币: 0

只看该作者 9楼发表于: 2010-04-13

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state EASTABLISHED -j ACCEPT
然后再看看


	http://www.csuboy.com 访问内容超出本站范围，不能确定是否安全


	关闭您还没有登录，快捷通道只有在登录后才能使用。立即登录还没有帐号？赶紧注册一个


	关闭选中1篇全选

帖子

[问题求助]谁遇到过这样的怪现像?请求帮助 [复制链接]