我有一个简单的网络,有三个运行CentOS 2.6的Linux系统。
Linux 1(eth1:192.138.14.1)-----(eth4:192.138.14.4)Linux 2(eth2:192.138.4.3)------(eth3:192.138.4.2)Linux 3
我无法从Linux ping Linux 3.但我能ping的是从Linux 1到Linux 2(eth2)以及从Linux 3到Linux 2(eth4)。这意味着从Linux 1,我能够ping 192.138.4.3而不是192.138.4.2。
以下是Linux1中route -n命令的输出
Linux1# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.138.14.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.138.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.135.18.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1005 0 0 eth3
0.0.0.0 10.135.18.1 0.0.0.0 UG 0 0 0 eth0
在Linux 2中:
Linux2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.138.15.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.138.14.0 192.138.14.4 255.255.255.0 UG 0 0 0 eth4
192.138.14.0 0.0.0.0 255.255.255.0 U 0 0 0 eth4
192.138.4.0 192.138.4.3 255.255.255.0 UG 0 0 0 eth2
192.138.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.135.18.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.138.16.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 1005 0 0 eth3
169.254.0.0 0.0.0.0 255.255.0.0 U 1006 0 0 eth4
0.0.0.0 10.135.18.1 0.0.0.0 UG 0 0 0 eth0
在Linux 3中:
Linux3# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.138.14.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
192.138.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3
10.135.18.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1005 0 0 eth3
0.0.0.0 10.135.18.1 0.0.0.0 UG 0 0 0 eth0
我在Linux 2中启用了IP转发
Linux2# vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
Linux2#: sysctl -p
sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_sack = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
Linux 2中iptables -L的结果:
Linux2# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
要从Linux 1 ping Linux3,我应该在iptables中添加icmp的特定规则吗?如果没有,我错过了什么?
答案 0 :(得分:1)
我想问题是你不在同一个网络上。当linux1尝试将数据包发送到192.138.4.2时,它会查看路由表并看到它应该转到eth1。但它也看到没有GW,所以它假设数据包在同一个网络上。所以它发送一个192.138.4.2的arp请求但没有得到答案。 您可以通过在linux 1上运行“tcpdump -i eth1 arp”来验证我的假设,并看到您发送请求并且看不到响应。您也可以输入'arp'并查看您的条目不完整。 所以基本上你的路由表应该包含一个GW,其中数据包将被路由。 例如,而不是 192.138.4.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 应该是这样的 192.138.4.0 192.138.14.4 255.255.255.0 UG 0 0 0 eth1 另一方面也一样。