Centos7 单网卡多 IP, 指定出口 IP 无效

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

Distributions

› Ubuntu

› Fedora

› CentOS

中文资源站

› 网易开源镜像站

这是一个创建于 1710 天前的主题，其中的信息可能已经有所发展或是发生改变。

ens160: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:ab:2b:b2 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.3/29 brd 192.168.1.3 scope global ens160
valid_lft forever preferred_lft forever
inet 192.168.1.4/29 brd 192.168.1.4 scope global secondary ens160:1
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fead:db2b/64 scope link
valid_lft forever preferred_lft forever

curl --interface 192.168.1.4 http://192.168.1.254/ip.php
{
"ip": "192.168.1.3"
}
* About to connect() to 192.168.1.254 port 80 (#0)
* Trying 192.168.1.254...
* Name '192.168.1.4' family 2 resolved to '192.168.1.4' family 2
* Local port: 0
* Connected to 192.168.1.254 (192.168.1.254) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.1.254
> Accept: */*
>
< HTTP/1.1 200 OK

非常奇怪啊，我用 python 绑定出口 ip 也不行，无论是 python 还是 curl 都没有任何报错。

5 条回复 • 2020-03-16 21:09:27 +08:00

holinhot

2020-03-15 18:38:30 +08:00

以前这样用过是可以的，不知道现在为什么无效了

holinhot

2020-03-15 18:44:06 +08:00

路由表
192.168.1.0/29 dev ens160 proto kernel scope link src 192.168.1.3
169.254.0.0/16 dev ens160 scope link metric 1002

holinhot

2020-03-15 18:44:54 +08:00

default via192.168.1.1 dev ens160
192.168.1.0/29 dev ens160 proto kernel scope link src 192.168.1.3
169.254.0.0/16 dev ens160 scope link metric 1002

holinhot

2020-03-15 18:52:29 +08:00

已搞定似乎 softether 自动创建的 iptables 规则破坏了出口 ip

[root@centos7 network-scripts]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere

Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_public all -- anywhere anywhere [goto]
FWDI_public all -- anywhere anywhere [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_public all -- anywhere anywhere [goto]
FWDO_public all -- anywhere anywhere [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain FORWARD_direct (1 references)
target prot opt source destination

Chain FWDI_public (2 references)
target prot opt source destination
FWDI_public_log all -- anywhere anywhere
FWDI_public_deny all -- anywhere anywhere
FWDI_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Chain FWDI_public_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW mark match 0x64

Chain FWDI_public_deny (1 references)
target prot opt source destination

Chain FWDI_public_log (1 references)
target prot opt source destination

Chain FWDO_public (2 references)
target prot opt source destination
FWDO_public_log all -- anywhere anywhere
FWDO_public_deny all -- anywhere anywhere
FWDO_public_allow all -- anywhere anywhere

Chain FWDO_public_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW
ACCEPT all -- anywhere anywhere ctstate NEW

Chain FWDO_public_deny (1 references)
target prot opt source destination

Chain FWDO_public_log (1 references)
target prot opt source destination

Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_public all -- anywhere anywhere [goto]
IN_public all -- anywhere anywhere [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination

Chain INPUT_direct (1 references)
target prot opt source destination

Chain IN_public (2 references)
target prot opt source destination
IN_public_log all -- anywhere anywhere
IN_public_deny all -- anywhere anywhere
IN_public_allow all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate NEW mark match 0x65
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:vop ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ddi-tcp-1 ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:55555 ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:isakmp ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:l2tp ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipsec-nat-t ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:personal-agent ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:54321 ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination

julyclyde

2020-03-16 21:09:27 +08:00

不要用 iptables -L 查看
推荐 iptables-save （注意没有空格）