我有一个有两个IP地址的服务器。 主IP地址是81.21.136.5。 我后来用ifconfig eth0:1 81.21.136.8 up添加了81.21.136.8。
一切正常。 除此之外,某些地址是无法访问的。 我不能从我的服务器到达这些地址,这些机器根本无法以类似的方式到达我的服务器。 如果我用ifconfig eth0:1 down删除eth0:1
说实话,我不确定发生了什么问题。
首先让我给你看一个随机工作地址的“正常”(略)跟踪路由:
[~]# traceroute arp242.net traceroute to arp242.net (94.142.245.225), 30 hops max, 40 byte packets 1 son-er-dc1.signet.nl (81.21.136.254) 0.681 ms 0.540 ms 0.820 ms 2 ams-er8-sara.v92.signet.nl (217.21.246.50) 12.668 ms 14.177 ms 14.856 ms 3 amsix.true.nl (195.69.144.171) 1.973 ms 2.212 ms 2.208 ms [...etc...]
现在一个traceroute到一个“破”的地址:
[~]# traceroute 81.204.228.205 traceroute to 81.204.228.205 (81.204.228.205), 30 hops max, 40 byte packets 1 vps-aragorn0.signet.nl (81.21.136.8) 3002.364 ms !H 3002.368 ms !H 3002.067 ms !H
第一步从81.21.136.8开始。 为什么? 为什么只有(就在我可以弄清楚)这个特定的地址块呢?
将eth0:1状态设置为down后,这是(完全)跟踪路由到同一“破碎”地址:
[~]# traceroute 81.204.228.205 traceroute to 81.204.228.205 (81.204.228.205), 30 hops max, 40 byte packets 1 son-er-dc1.signet.nl (81.21.136.254) 0.610 ms 0.791 ms 0.842 ms 2 ams-er8-sara.v92.signet.nl (217.21.246.50) 2.169 ms 3.123 ms 3.996 ms 3 iawxsrt-rt2.bb21.wxs.nl (195.69.144.62) 4.554 ms 4.554 ms 4.508 ms 4 nl-rt-dc2-gsi-cr01b.kpn.net (213.75.64.187) 4.351 ms nl-rt-dc2-isp-cr01a.wxs.nl (213.75.64.25) 4.425 ms nl-rt-dc2-gsi-cr01b.kpn.net (213.75.64.23) 4.207 ms 5 nl-asd-dc2-gsi-cr01a.kpn.net (213.75.64.67) 4.499 ms 4.983 ms 4.499 ms 6 213.75.14.140 (213.75.14.140) 4.983 ms nl-asd-dc2-gsi-br01a.kpn.net (213.75.14.1) 4.499 ms nl-asd-dc2-isp-bb21.wxs.nl (213.75.14.76) 4.983 ms 7 iawxsrt-dc2-acc04.wxs.nl (213.75.1.70) 4.983 ms 213.75.1.14 (213.75.1.14) 4.951 ms 213.75.1.62 (213.75.1.62) 4.685 ms
任何意见将不胜感激!
有关系统configuration的一些信息:
[~]% uname -a Linux vps-aragorn0 2.6.18-238.9.1.el5 #1 SMP Tue Apr 12 18:10:13 EDT 2011 x86_64 x86_64 x86_64 GNU/Linux [/etc]% cat /etc/issue CentOS release 5.6 (Final) Kernel \r on an \m [~]# netstat -r Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 81.21.136.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 81.0.0.0 * 255.0.0.0 U 0 0 0 eth0 default son-er-dc1.sign 0.0.0.0 UG 0 0 0 eth0 [~]# service iptables status Table: filter Chain INPUT (policy DROP) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2844 8 ACCEPT tcp -- 80.246.203.133 0.0.0.0/0 tcp dpt:3306 9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain RH-Firewall-1-INPUT (0 references) num target prot opt source destination [~]# ifconfig -a eth0 Link encap:Ethernet HWaddr 52:54:00:23:6C:9F inet addr:81.21.136.5 Bcast:81.21.136.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:63276899 errors:0 dropped:1113 overruns:0 frame:0 TX packets:28898565 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6736496489 (6.2 GiB) TX bytes:30255467302 (28.1 GiB) Interrupt:10 Base address:0xa000 eth0:1 Link encap:Ethernet HWaddr 52:54:00:23:6C:9F inet addr:81.21.136.8 Bcast:81.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0xa000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4656156 errors:0 dropped:0 overruns:0 frame:0 TX packets:4656156 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:7034068633 (6.5 GiB) TX bytes:7034068633 (6.5 GiB)
你的路由表中有这个:
81.0.0.0 * 255.0.0.0 U 0 0 0 eth0
在eth0:0上为IP地址指定一个正确的networking掩码,否则它似乎在使用/8networking掩码,因此每个到以81开头的IP地址的连接将被视为在相同的广播域内,并且请求将不会被发送到默认网关,而是试图连接,就好像它在与您的networking接口在同一地区。
将eth0:0上的IP地址的networking掩码更改为正确的IP地址将解决此问题。