Centos7 单网卡多 IP, 指定出口 IP 无效

2020-03-15 18:36:57 +08:00
 holinhot
ens160: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:ab:2b:b2 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.3/29 brd 192.168.1.3 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.1.4/29 brd 192.168.1.4 scope global secondary ens160:1
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fead:db2b/64 scope link
valid_lft forever preferred_lft forever

curl --interface 192.168.1.4 http://192.168.1.254/ip.php
{
"ip": "192.168.1.3"
}
* About to connect() to 192.168.1.254 port 80 (#0)
* Trying 192.168.1.254...
* Name '192.168.1.4' family 2 resolved to '192.168.1.4' family 2
* Local port: 0
* Connected to 192.168.1.254 (192.168.1.254) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.1.254
> Accept: */*
>
< HTTP/1.1 200 OK

非常奇怪啊,我用 python 绑定出口 ip 也不行,无论是 python 还是 curl 都没有任何报错。
2570 次点击
所在节点    Linux
5 条回复
holinhot
2020-03-15 18:38:30 +08:00
以前这样用过是可以的,不知道现在为什么无效了
holinhot
2020-03-15 18:44:06 +08:00
路由表
192.168.1.0/29 dev ens160 proto kernel scope link src 192.168.1.3
169.254.0.0/16 dev ens160 scope link metric 1002
holinhot
2020-03-15 18:44:54 +08:00
default via192.168.1.1 dev ens160
192.168.1.0/29 dev ens160 proto kernel scope link src 192.168.1.3
169.254.0.0/16 dev ens160 scope link metric 1002
holinhot
2020-03-15 18:52:29 +08:00
已搞定似乎 softether 自动创建的 iptables 规则破坏了出口 ip

[root@centos7 network-scripts]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW mark match 0x64

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW
ACCEPT all -- anywhere anywhere ctstate NEW

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_public (2 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW mark match 0x65
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:vop ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ddi-tcp-1 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:55555 ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:isakmp ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:l2tp ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:personal-agent ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:54321 ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination
julyclyde
2020-03-16 21:09:27 +08:00
不要用 iptables -L 查看
推荐 iptables-save (注意没有空格)

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/653037

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX