我有一个使用iptables(充当防火墙)的机器(Fedora)。 该系统工作了很长时间,但现在有一个问题。 互联网连接失败。 我仔细看了看,发现如果机器启动了,或者如果连接到路由器,networking中的每个人都无法连接互联网。 局域网中的通讯工作正常(其他网卡)。 我在哪里可以find问题?
如果我查看交换机(在Fedora和路由器之间),如果服务器连接到路由器,则活动LED始终闪烁。
iptables -L -n
Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 eth2-DMZ all -- 0.0.0.0/0 0.0.0.0/0 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0 eth0-internal-INPUT all -- 0.0.0.0/0 0.0.0.0/0 LOG all -- 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix `REJECT FILTER:' REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (1 references) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 ww.ww.77.104/29 tcp dpt:80 state NEW ACCEPT tcp -- 0.0.0.0/0 ww.ww.77.104/29 tcp dpt:443 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10001 state NEW ACCEPT tcp -- xx.yy.133.130 0.0.0.0/0 tcp state NEW,ESTABLISHED ACCEPT tcp -- zz.104.19.111 0.0.0.0/0 tcp state NEW,ESTABLISHED REJECT tcp -- 0.0.0.0/0 !ww.ww.77.104/29 tcp dpt:80 reject-with icmp-port-unreachable REJECT all -- aa.251.23.91 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- bb.30.3.184 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- cc.10.104.163 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- dd.53.170.29 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- ee.120.230.6 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- ff.109.225.231 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- gg.95.43.173 0.0.0.0/0 reject-with icmp-port-unreachable Chain eth0-internal-INPUT (1 references) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:111 state NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:111 state NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:2049 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2049 state NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:4000:4003 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:4000:4003 state NEW,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5901 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:12489 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp spt:80 Chain eth2-DMZ (1 references) target prot opt source destination ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED icmp type 8 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpts:161:162 state NEW,RELATED,ESTABLISHED ACCEPT tcp -- 192.168.10.0/24 0.0.0.0/0 tcp state NEW,ESTABLISHED ACCEPT tcp -- 192.168.11.0 0.0.0.0/0 tcp state NEW,ESTABLISHED ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5666 state NEW 路线-n
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface ww.ww.77.104 0.0.0.0 255.255.255.248 U 0 0 0 eth1 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.10.0 192.168.3.2 255.255.255.0 UG 0 0 0 eth2 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2 0.0.0.0 ww.ww.77.105 0.0.0.0 UG 0 0 0 eth1
cat / proc / sys / net / ipv4 / ip_forward
1
我掩盖了正式的IP地址。
解:
似乎黑客可以访问Fedora后面的另一台服务器。 在那里,他放置了一个制作DDOS的脚本或类似的东西。 因此,路由器过度训练,互联网工作了…
你可以更换网卡或尝试一个不同的? 有时候,当网卡坏了的时候,可能会因为垃圾而淹没networking。