我正在尝试学习IPIP隧道,并在两个虚拟机的独立公共云中安装以下设置。 隧道和路线似乎有效,但我无法ping ipiptun机器上的ipiptun接口地址。
我相信有一种方法可以在没有Netfilter规则的情况下实现这一点,并且没有创build任何。 我错过了什么来完成这个?
机器A:公网IP是34.209.xx
# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc pfifo_fast state UP group default qlen 1000 link/ether 0a:a2:d5:b4:41:5c brd ff:ff:ff:ff:ff:ff inet 172.31.5.73/20 brd 172.31.15.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::8a2:d5ff:feb4:415c/64 scope link valid_lft forever preferred_lft forever 12: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1 link/sit 0.0.0.0 brd 0.0.0.0 14: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1 link/ipip 0.0.0.0 brd 0.0.0.0 23: ipiptun@eth0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 8981 qdisc noqueue state UNKNOWN group default qlen 1 link/ipip 34.209.xx peer 104.199.xx inet 9.42.2.1/32 scope global ipiptun valid_lft forever preferred_lft forever # ip route show default via 172.31.0.1 dev eth0 9.42.1.0/24 dev eth0 scope link 172.31.0.0/20 dev eth0 proto kernel scope link src 172.31.5.73 # iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination
机器B:公网ip是104.199.xx
# ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc mq state UP group default qlen 1000 link/ether 42:01:0a:8a:00:03 brd ff:ff:ff:ff:ff:ff inet 10.138.0.3/32 brd 10.138.0.3 scope global ens4 valid_lft forever preferred_lft forever inet6 fe80::4001:aff:fe8a:3/64 scope link valid_lft forever preferred_lft forever 3: tunl0@NONE: <NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000 link/ipip 0.0.0.0 brd 0.0.0.0 5: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 11: ipiptun@ens4: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1440 qdisc noqueue state UNKNOWN group default qlen 1000 link/ipip 104.199.xx peer 34.209.xx inet 9.42.1.1/32 scope global ipiptun valid_lft forever preferred_lft forever # ip route show default via 10.138.0.1 dev ens4 9.42.2.0/24 dev ens4 scope link 10.138.0.1 dev ens4 scope link # iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination
从任何一方Pinging只是挂起
# ping 9.42.2.1 PING 9.42.2.1 (9.42.2.1) 56(84) bytes of data.