Вопросы Теги

Не могу пинговать eth1 через eth0

У меня есть две виртуальные машины с установленной CentOS 7. Каждая виртуальная машина имеет две сетевые карты и два IP-адреса.

ip конфигурация VM1:

    eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:0b:03:33 brd ff:ff:ff:ff:ff:ff
    inet 172.255.255.5/30 brd 172.255.255.7 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::4f07:27f6:5839:d257/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
    eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:4b:2f:58 brd ff:ff:ff:ff:ff:ff
    inet 10.11.111.254/21 brd 10.11.111.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::d64c:aeee:1111:16d5/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

маршрут VM1:

10.11.104.0/21 dev eth1 proto kernel scope link src 10.111.111.254 metric 101
172.255.255.4/30 dev eth0 proto kernel scope link src 172.255.255.5 metric 100

ip конфигурация VM2:

   eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:7a:3c:e7 brd ff:ff:ff:ff:ff:ff
    inet 172.255.255.6/30 brd 172.255.255.7 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::35e3:6bb7:918e:6bca/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
   eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc pfifo_fast state UP group default qlen 1000
    link/ether fa:16:3e:25:38:9a brd ff:ff:ff:ff:ff:ff
    inet 10.10.1.210/24 brd 10.10.1.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::5ec3:f912:51a5:761c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

маршрут VM2:

10.10.1.0/24 dev eth1 proto kernel scope link src 10.10.1.210 metric 101
172.255.255.4/30 dev eth0 proto kernel scope link src 172.255.255.6 metric 100

Я могу пинговать с VM1 (172.255.255.5, 10.11.111.254) на 172.255.255.6 и могу пинговать с VM2 (172.255.255.6, 10.10.1.210) на 172.255.255.5.

Проблема в том, что я хочу пинговать с VM1(172.255.255.5, 10.11.111.254) на 10.10.1.210, поэтому я добавляю маршрут в VM1

ip route add 10.10.1.210 via 172.255.255.6

маршрут VM1:

10.10.1.210 via 172.255.255.6 dev eth0
10.11.104.0/21 dev eth1 proto kernel scope link src 10.111.111.254 metric 101
172.255.255.4/30 dev eth0 proto kernel scope link src 172.255.255.5 metric 100

Но я все еще не могу пинговать с VM1 на 10.10.1.210.

Итак, где я ошибаюсь?

Кстати, я отключил SELinux и firewalld на всех своих машинах.

  1. ip route get 10.10.1.210:

    10.10.1.210 via 172.255.255.6 dev eth0 src 172.255.255.5 cache

  2. tcpdump -e -nn -i eth0 'icmp' на VM1:

    20:47:00.147549 fa:16:3e:0b:03:33 > fa:16:3e:7a:3c:e7, ethertype IPv4 (0x0800), length 98: 172.255.255.5 > 10.10.1.210: ICMP echo request, id 4116, seq 48, length 64 20:47:01.147541 fa:16:3e:0b:03:33 > fa:16:3e:7a:3c:e7, ethertype IPv4 (0x0800), length 98: 172.255.255.5 > 10.10.1.210: ICMP echo request, id 4116, seq 49, length 64 20:47:02.147543 fa:16:3e:0b:03:33 > fa:16:3e:7a:3c:e7, ethertype IPv4 (0x0800), length 98: 172.255.255.5 > 10.10.1.210: ICMP echo request, id 4116, seq 50, length 64 20:47:03.147551 fa:16:3e:0b:03:33 > fa:16:3e:7a:3c:e7, ethertype IPv4 (0x0800), length 98: 172.255.255.5 > 10.10.1.210: ICMP echo request, id 4116, seq 51, length 64

  3. VM1, iptables-save -c :

    *security
:INPUT ACCEPT [5440:12841065]
:FORWARD ACCEPT [2:144]
:OUTPUT ACCEPT [28968:2491805]
COMMIT
# Completed on Mon May 20 20:48:08 2019
# Generated by iptables-save v1.4.21 on Mon May 20 20:48:08 2019
*raw
:PREROUTING ACCEPT [5456:12843525]
:OUTPUT ACCEPT [28969:2491905]
COMMIT
# Completed on Mon May 20 20:48:08 2019
# Generated by iptables-save v1.4.21 on Mon May 20 20:48:08 2019
*mangle
:PREROUTING ACCEPT [5456:12843525]
:INPUT ACCEPT [5440:12841065]
:FORWARD ACCEPT [2:144]
:OUTPUT ACCEPT [28969:2491905]
:POSTROUTING ACCEPT [28970:2491949]
COMMIT
# Completed on Mon May 20 20:48:08 2019
# Generated by iptables-save v1.4.21 on Mon May 20 20:48:08 2019
*фильтр
:INPUT ACCEPT [5440:12841065]
:FORWARD ACCEPT [2:144]
:OUTPUT ACCEPT [28968:2491805]
COMMIT
# Completed on Mon May 20 20:48:08 2019
# Generated by iptables-save v1.4.21 on Mon May 20 20:48:08 2019
*nat
:PREROUTING ACCEPT [41:6031]
:INPUT ACCEPT [26:3643]
:OUTPUT ACCEPT [196:139164]
:POSTROUTING ACCEPT [197:139236]
COMMIT
# Completed on Mon May 20 20:48:08 2019``.

  4. VM2, iptables-save -c :

    *nat
:PREROUTING ACCEPT [151:139500]
:INPUT ACCEPT [136:137067]
:OUTPUT ACCEPT [126:76110]
:POSTROUTING ACCEPT [126:76110]
COMMIT
# Completed on Mon May 20 20:51:19 2019
# Generated by iptables-save v1.4.21 on Mon May 20 20:51:19 2019
*фильтр
:INPUT ACCEPT [22121:14364143]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [21468:1823390]
COMMIT
# Completed on Mon May 20 20:51:19 2019``

  5. tcpdump -e -nn -i eth0 'icmp' на VM2

    20:53:50.348475 fa:16:3e:0b:03:33 > fa:16:3e:7a:3c:e7, ethertype IPv4 (0x0800), length 98: 172.255.255.5 > 10.10.1.210: ICMP echo request, id 4116, seq 459, length 64 20:53:50.348501 fa:16:3e:7a:3c:e7 > fa:16:3e:0b:03:33, ethertype IPv4 (0x0800), length 98: 10.10.1.210 > 172.255.255.5: ICMP echo reply, id 4116, seq 459, length 64 20:53:51.348443 fa:16:3e:0b:03:33 > fa:16:3e:7a:3c:e7, ethertype IPv4 (0x0800), length 98: 172.255.255.5 > 10.10.1.210: ICMP echo request, id 4116, seq 460, length 64 20:53:51.348501 fa:16:3e:7a:3c:e7 > fa:16:3e:0b:03:33, ethertype IPv4 (0x0800), length 98: 10.10.1.210 > 172.255.255.5: ICMP echo reply, id 4116, seq 460, length 64 20:53:52.348432 fa:16:3e:0b:03:33 > fa:16:3e:7a:3c:e7, ethertype IPv4 (0x0800), length 98: 172.255.255.5 > 10.10.1.210: ICMP echo request, id 4116, seq 461, length 64 20:53:52.348456 fa:16:3e:7a:3c:e7 > fa:16:3e:0b:03:33, ethertype IPv4 (0x0800), length 98: 10.10.1.210 > 172.255.255.5: ICMP echo reply, id 4116, seq 461, length 64

2
задан 20 May 2019 в 16:18
1 ответ

Skref til að leysa.

  1. Athugaðu raunverulegar leiðir. Á VM1 hlaupa færðu ip leið 10.10.1.210 . Það ætti að skila gildri leið.
  2. Uppsetning þín krefst ekki virks framsendingar í núverandi ástandi.
  3. Keyrðu tcpdump -ni eth0 'icmp' á VM1. Þú ættir að sjá sendar icmp bergmálsbeiðnir . Ef þú sérð þá ekki, þá eru þeir annað hvort síaðir eða sendir í gegnum annað viðmót.
  4. Engu að síður athugaðu eldvegginn með skipun iptables-save -c .
  5. Keyrðu tcpdump - ni eth0 'icmp' á VM2. Sérðu komandi icmp echo beiðni og sendan icmp echo svar ?

Ef skrefin hér að ofan hafa ekki hjálpað skaltu líma framleiðslurnar frá skipunum frá þeim í spurninguna og ég Ég mun lengja svarið.

0
ответ дан 3 December 2019 в 13:41

Теги

Похожие вопросы