服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 子网B可以击中A,但反之亦然
Intereting Posts
Windows 2003 GPO不复制 .htaccess将完整的URL传递到其他PHP链接为$ _GET build立Infinibandnetworking – 错误的路线 容易还原Windows 2008备份到另一台服务器? 如何禁止试图以sshlogin的IP Linux服务器挂起,在哪里寻找可能的原因? 思科ASA:单个接口上的多个静态IP 使用VPN在ASA 5505的后面连接到工作组计算机 如果我从Azure门户中将虚拟机(VM)的大小从小到大更改,是否会丢失所有数据和托pipe的网站? 当我拥有的是2台物理服务器时,什么是故障转移的良好解决scheme? Crontab – 如何确定由cron启动的当前活动进程 SQL Server Management Studio连接无法通过COM错误 Traceroute显示奇怪的path。 负载均衡路由器是负责这个? Ubuntu EC2上的Apache2没有读取envvars 切换静态IP寻址后,我无法从我的ec2实例访问互联网

子网B可以击中A,但反之亦然

我试图创build一个使用pfsense与Tinc VPN连接在一起的多站点networking。 这是我目前的拓扑结构: 

Router A Router B **************** **************** * * * * * 10.0.0.1/16 *--------* 10.1.0.1/16 * * * * * **************** **************** | | | | **************** **************** * * * * * 10.0.0.11/16 * * 10.1.0.16/16 * * * * * **************** **************** Node 1 My Desktop

我的桌面和两台路由器都可以打到networking上的每一台机器,但是节点1只能打路由器A.

路由器B目前正在Verizon路由器的VPN端口转发。 链接build立。 虽然,我怀疑这是这个问题的根源。

我已经三重检查了我的pfsenseconfiguration,它们是相同的。 我真的不确定是什么阻止节点1与networking的其他部分通信。 我已经基本上打开了一切。 我有任何规则的所有接口,但节点1找不到路由。

如果它是相关的,路由器A和节点1通过Vultr托pipe在云中。 我启用了私有networking,并且节点1正在从路由器A上的DHCP服务器请求地址。Vultr确实在具有相同子网的10.XXX空间中分配了私有IP。 我的IP空间可能与他们的冲突吗? Vultr不部署网关,他们分配的IP完全是静态的。

您可以在专用networking上使用任何您喜欢的IP。 我们默认分配一个IP,但是如果你喜欢,你可以忽略它,并使用其他IP。

我真的不知道为什么节点1不能打到另一个子网,我希望有人能帮我弄清楚。

10.1.0.16 

 bkvaluemeal@Formula:~$ ping -c 3 10.1.0.1 PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data. 64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=0.330 ms 64 bytes from 10.1.0.1: icmp_seq=2 ttl=64 time=0.319 ms 64 bytes from 10.1.0.1: icmp_seq=3 ttl=64 time=0.305 ms --- 10.1.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.305/0.318/0.330/0.010 ms bkvaluemeal@Formula:~$ ping -c 3 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1: icmp_seq=1 ttl=63 time=9.82 ms 64 bytes from 10.0.0.1: icmp_seq=2 ttl=63 time=8.86 ms 64 bytes from 10.0.0.1: icmp_seq=3 ttl=63 time=38.0 ms --- 10.0.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 8.864/18.925/38.085/13.553 ms bkvaluemeal@Formula:~$ ping -c 3 10.0.0.11 PING 10.0.0.11 (10.0.0.11) 56(84) bytes of data. 64 bytes from 10.0.0.11: icmp_seq=1 ttl=62 time=11.5 ms 64 bytes from 10.0.0.11: icmp_seq=2 ttl=62 time=10.5 ms 64 bytes from 10.0.0.11: icmp_seq=3 ttl=62 time=9.37 ms --- 10.0.0.11 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 9.370/10.482/11.555/0.892 ms bkvaluemeal@Formula:~$ ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether e0:3f:49:ad:81:03 brd ff:ff:ff:ff:ff:ff inet 10.1.0.16/16 brd 10.1.255.255 scope global dynamic eno1 valid_lft 6915sec preferred_lft 6915sec inet6 fe80::20dc:2028:faee:5420/64 scope link valid_lft forever preferred_lft forever 3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 54:27:1e:55:ae:33 brd ff:ff:ff:ff:ff:ff inet 192.168.1.163/24 brd 192.168.1.255 scope global dynamic wlp3s0 valid_lft 76214sec preferred_lft 76214sec inet6 fe80::d9de:6606:5307:968b/64 scope link valid_lft forever preferred_lft forever 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000 link/ether 52:54:00:d1:33:dd brd ff:ff:ff:ff:ff:ff 6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:82:c6:99:06 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever

10.1.0.1 

 PING 10.1.0.16 (10.1.0.16): 56 data bytes 64 bytes from 10.1.0.16: icmp_seq=0 ttl=64 time=0.177 ms 64 bytes from 10.1.0.16: icmp_seq=1 ttl=64 time=0.312 ms 64 bytes from 10.1.0.16: icmp_seq=2 ttl=64 time=0.194 ms --- 10.1.0.16 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.177/0.228/0.312/0.060 ms PING 10.0.0.1 (10.0.0.1): 56 data bytes 64 bytes from 10.0.0.1: icmp_seq=0 ttl=64 time=8.926 ms 64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=8.335 ms 64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=8.290 ms --- 10.0.0.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 8.290/8.517/8.926/0.290 ms PING 10.0.0.11 (10.0.0.11): 56 data bytes 64 bytes from 10.0.0.11: icmp_seq=0 ttl=63 time=11.052 ms 64 bytes from 10.0.0.11: icmp_seq=1 ttl=63 time=9.573 ms 64 bytes from 10.0.0.11: icmp_seq=2 ttl=63 time=9.913 ms --- 10.0.0.11 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 9.573/10.179/11.052/0.632 ms

10.0.0.1 

 PING 10.1.0.16 (10.1.0.16): 56 data bytes 64 bytes from 10.1.0.16: icmp_seq=0 ttl=63 time=8.307 ms 64 bytes from 10.1.0.16: icmp_seq=1 ttl=63 time=9.256 ms 64 bytes from 10.1.0.16: icmp_seq=2 ttl=63 time=9.109 ms --- 10.1.0.16 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 8.307/8.891/9.256/0.417 ms PING 10.1.0.1 (10.1.0.1): 56 data bytes 64 bytes from 10.1.0.1: icmp_seq=0 ttl=64 time=8.618 ms 64 bytes from 10.1.0.1: icmp_seq=1 ttl=64 time=8.579 ms 64 bytes from 10.1.0.1: icmp_seq=2 ttl=64 time=8.702 ms --- 10.1.0.1 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 8.579/8.633/8.702/0.051 ms PING 10.0.0.11 (10.0.0.11): 56 data bytes 64 bytes from 10.0.0.11: icmp_seq=0 ttl=64 time=1.142 ms 64 bytes from 10.0.0.11: icmp_seq=1 ttl=64 time=2.385 ms 64 bytes from 10.0.0.11: icmp_seq=2 ttl=64 time=2.053 ms --- 10.0.0.11 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 1.142/1.860/2.385/0.525 ms

10.0.0.11 

 root@node1:~# ping -c 3 10.0.0.1 PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data. 64 bytes from 10.0.0.1 icmp_seq=1 ttl=64 time=1.10 ms 64 bytes from 10.0.0.1 icmp_seq=2 ttl=64 time=1.04 ms 64 bytes from 10.0.0.1 icmp_seq=3 ttl=64 time=0.749 ms --- 10.0.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 0.749/0.968/1.106/0.156 ms root@node1:~# ping -c 3 10.1.0.1 PING 10.1.0.1 (10.1.0.1) 56(84) bytes of data. --- 10.1.0.1 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2042ms root@node1:~# ping -c 3 10.1.0.16 PING 10.1.0.16 (10.1.0.16) 56(84) bytes of data. --- 10.1.0.16 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2048ms root@node1:~# ip address 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether XX:XX:XX:XX:XX:XX brd XX:XX:XX:XX:XX:XX inet 45.77.XX/23 brd 45.77.XX scope global ens3 valid_lft forever preferred_lft forever inet6 2001:19f0:X:X:X:X:X:X/64 scope global mngtmpaddr dynamic valid_lft 2591544sec preferred_lft 604344sec inet6 fe80::5400:X:X:X/64 scope link valid_lft forever preferred_lft forever 3: ens7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 5a:01:01:3c:13:c8 brd ff:ff:ff:ff:ff:ff inet 10.0.0.11/16 brd 10.0.255.255 scope global ens7 valid_lft forever preferred_lft forever inet6 fe80::5801:1ff:fe3c:13c8/64 scope link valid_lft forever preferred_lft forever 4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default link/ether 02:42:65:df:2f:a1 brd ff:ff:ff:ff:ff:ff inet 172.17.0.1/16 scope global docker0 valid_lft forever preferred_lft forever inet6 fe80::42:65ff:fedf:2fa1/64 scope link valid_lft forever preferred_lft forever

路由器一个NAT映射

路由器B NAT映射

防火墙浮动规则

防火墙pkg_tinc规则

防火墙WAN规则

防火墙LAN规则

路由器A的IPv4路由

路由器B IPv4路由

“从一侧, 桌面 – >节点1,但不是从节点1 – >桌面启动时 – 这个声明,如果准确,消除了路由问题的所有可能性。

为了能够从Desktop-> Node1工作,您还必须从Node1-> Desktop收到回复。 这表明一切安装在VPN和路由罚款。

相反,这是一个防火墙问题。 因为在路由器B上丢弃来自节点1的ping,而路由器B可以ping桌面,所以防火墙问题可能在路由器B上。路由器B允许出站和“相关”连接,但不允许入站连接。

根据你发布的信息,我不得不说,这与你所说的“防火墙局域网规则”有关。 将其更改为任何/任何/任何/任何(或任何)进行testing。 防火墙规则是不明确的,所以我不能说这样或那样。

编辑:

我们发现节点1有两个networking接口。 一个在IP地址为10.0.0.11的“专用networking”上,另一个在公共IP地址和默认网关上。 另外,NAT规则导致stream量通过VPN隧道进行NAT。 因此,桌面可以成功PING节点1,因为到达节点1的stream量似乎来自10.0.0.1。 但是当从Node1尝试PING Desktop时,Node1没有到10.1.0.0/16的路由。

一旦我们清理了Node1上的路由表,并在Router A和B上将NAT规则设置为自动,一切按预期开始工作。