我的VPS有问题。 简单的例子:
<?php $ip = $_SERVER['REMOTE_ADDR']; Echo "User IP : " . $ip; ?> 该代码应显示用户IP地址,但显示的是HN IP地址(不是VPS IP地址)。
再次当我通过SSHlogin到虚拟容器时,login的IP是硬件节点的IP。
类似的问题在这里: OpenVZ主机是源IP地址,而不是实际的网民?
这是openVZconfiguration:
# Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.all.forwarding = 1 # Controls source route verification net.ipv4.conf.all.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 1 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Controls the maximum size of a message, in bytes kernel.msgmnb = 65536 # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 # Disable proxy arp net.ipv4.conf.default.proxy_arp = 0 # We do not want all our interfaces to send redirects net.ipv4.conf.default.send_redirects = 1 net.ipv4.conf.all.send_redirects = 0 net.ipv4.ip_conntrack_max=32760
IPTablesconfiguration
[root@nod1 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere all -- clienti.alba.rdsnet.ro anywhere all -- anywhere clienti.alba.rdsnet.ro all -- clienti.alba.rdsnet.ro anywhere all -- anywhere clienti.alba.rdsnet.ro all -- clienti.alba.rdsnet.ro anywhere all -- anywhere clienti.alba.rdsnet.ro Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s mtp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:f tp ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:h ttps REJECT all -- anywhere anywhere reject-with icmp-ho
有人可以帮帮我吗 ? 另外,我不是一个专家,所以如果有人可以一步一步解释,我会很感激。
你能不能粘贴你的iptablesconfiguration的输出? 你有没有尝试杰里·图宁(Jerry Tunin)提出的潜在解决scheme?
iptables -t nat -L iptables -t mangle -L
好的,这就是我所做的。 我已经停止了iptables服务,并从/ etc / sysconfig / iptables中删除了mangle和nat部分。 按照Adam的指示,我已经在文件/ etc / sysconfig / vz的“## IPv4 iptables kernel modules”一行中删除了“iptable_mangle”。 我做了:
iptables -t nat -L iptables -t mangle -L
我已经重新启动了iptables服务,并解决了问题。
现在我可以在服务器日志中select我的私有IP:D
许多人都感谢亚当指出了这一切。
祝你好运!
您可能在所有VPS机器上都有回环设备,因此请尝试将其从整体configuration中删除,或者为了进行testing,请访问VPS并键入:
ifconfigclosures
再次检查传出的IP。
最好的问候,B.Bozhev
您的HN中是否有一个代理将请求发送到CT中的服务器?
如果这是你的情况,你应该告诉你的代理将客户IP转发到你的CT服务器,然后读取X-Forwarding-For头。