无法ping通其中一个networking接口

build立

ubuntu linux VM（虚拟机）configuration了两个接口， eth0和eth1 。

eth0在桥接networking上并直接连接到外部networking。

eth1在“natnetworking”上，也连接到外部networking。

• 如何find我的VPN网关？
• 在主机操作系统上将端口从一个桥接接口转发到访客容器
• 基于networking的Juniper SRX路由
• VPC内部路由
• 为多个NICconfigurationiproute2并进行validation

问题

无法通过eth0 ping通。 能够通过TCP连接到主机。

ping -I eth0 -c2 google.com PING google.com (172.217.1.238) from 10.254.185.16 eth0: 56(84) bytes of data. From company.com (10.254.185.16) icmp_seq=1 Destination Host Unreachable From company.com (10.254.185.16) icmp_seq=2 Destination Host Unreachable --- google.com ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1008ms pipe 2 telnet -b 10.254.185.16 google.com 80 Trying 172.217.1.238... Connected to google.com. Escape character is '^]'. 

ping通过eth1工作正常，这是默认路由。

 ping -I eth1 -c2 google.com PING google.com (172.217.1.238) from 10.0.2.4 eth1: 56(84) bytes of data. 64 bytes from lax17s02-in-f14.1e100.net (172.217.1.238): icmp_seq=1 ttl=49 time=11.5 ms 64 bytes from lax17s02-in-f14.1e100.net (172.217.1.238): icmp_seq=2 ttl=49 time=11.3 ms --- google.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1000ms rtt min/avg/max/mdev = 11.310/11.446/11.582/0.136 ms 

细节

默认路由是通过eth1。

 route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 10.0.2.1 0.0.0.0 UG 0 0 0 eth1 10.0.2.0 * 255.255.255.0 U 0 0 0 eth1 10.254.184.0 * 255.255.248.0 U 0 0 0 eth0 192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0 ip route default via 10.0.2.1 dev eth1 10.0.2.0/24 dev eth1 proto kernel scope link src 10.0.2.4 10.254.184.0/21 dev eth0 proto kernel scope link src 10.254.185.16 192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 

eth0通过另一个路由表进行configuration

 ip route show table eth0 default via 10.254.184.1 dev eth0 10.254.184.0/21 dev eth0 scope link src 10.254.185.16 ifconfig eth0 eth0 Link encap:Ethernet HWaddr 08:00:27:6f:a1:e6 inet addr:10.254.185.16 Bcast:10.254.191.255 Mask:255.255.248.0 inet6 addr: fe80::a00:27ff:fe6f:a1e6/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2123 errors:0 dropped:0 overruns:0 frame:0 TX packets:1280 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:237141 (237.1 KB) TX bytes:225214 (225.2 KB) iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:bootpc 

IP规则

 ip rule 0: from all lookup local 32763: from all to 10.246.240.0/20 lookup eth0 32764: from 10.246.240.0/20 lookup eth0 32765: from 10.246.242.68 lookup eth0 32766: from all lookup main 32767: from all lookup default 

Traceroute输出

 traceroute -T r2d2.company.com traceroute to r2d2.company.com (10.254.194.217), 30 hops max, 60 byte packets 1 nambi-ubuntu-dell-t5600.company.com (10.254.194.217) 13.181 ms 13.164 ms 13.142 ms traceroute -I r2d2.company.com traceroute to r2d2.company.com (10.246.20.141), 30 hops max, 60 byte packets 1 10.0.2.1 (10.0.2.1) 0.178 ms 0.139 ms 0.137 ms 2 * * * 3 te1-30-sjl1-2-cc01.company.com (10.246.100.81) 3.193 ms 3.174 ms 3.520 ms 4 te1-2-sjl2-2-cd02.companyy.com (10.246.100.62) 2.771 ms 2.853 ms 2.835 ms 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * 

 ip rule add from 10.254.185.16/32 lookup eth0