Networking

從外部無法訪問的流浪機器

  • April 11, 2021

當我的意思是“來自外部”時,我的意思是來自網際網路。

我的機器在路由器後面。我正在執行 vagrant 來啟動 3 台機器。這是流浪文件(我刪除了絨毛):

Vagrant.configure("2") do |config|
 config.vm.box = "bento/ubuntu-20.04"
 config.vm.provider :virtualbox

 mount_new_disk = <<-SCRIPT
 sudo mkdir /mnt/da
 sudo mkfs -t ext4 /dev/sdb
 sudo mount /dev/sdb /mnt/da
 SCRIPT

 config.vm.define "da1" do |da1|
   da1.vm.synced_folder ".", "/vagrant", disabled: true
     da1.vm.hostname = "da1"
     da1.vm.network "private_network", ip: "10.118.8.10"
     config.ssh.forward_agent = true
 end

 config.vm.define "da2" do |da2|
   da2.vm.synced_folder ".", "/vagrant", disabled: true
   da2.vm.disk :disk, name: "backup", size: "10GB"
     da2.vm.hostname = "da2"
     da2.vm.network "private_network", ip: "10.118.8.11"
     config.ssh.forward_agent = true
   config.vm.provision :shell, :inline => mount_new_disk
 end

 config.vm.define "da3" do |da3|
   da3.vm.synced_folder ".", "/vagrant", disabled: true
   da3.vm.disk :disk, name: "backup", size: "10GB"
   da3.vm.hostname = "da3"
   da3.vm.network "private_network", ip: "10.118.8.12"
     da3.vm.network "public_network", ip: "192.168.1.155", netmask: "255.255.255.0", bridge: "Intel(R) I211 Gigabit Network Connection"
   da3.vm.network "forwarded_port", guest: 22, host: 5555
     config.ssh.forward_agent = true
   config.vm.provision :shell, :inline => mount_new_disk
 end
end

虛擬機上的 sshd 配置:

testuser1@da3:~$ head -20 /etc/ssh/sshd_config|grep -v '#'
Include /etc/ssh/sshd_config.d/*.conf

Port 22
AddressFamily any
ListenAddress 0.0.0.0
ListenAddress ::

並且可以使用它的橋接 ip ( 192.168.1.155) 從我電腦上的任何終端連接到它:

D:\vag_rant>ssh testuser1@192.168.1.155
testuser1@192.168.1.155's password:
Welcome to Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-58-generic x86_64)

防火牆已關閉:

testuser1@da3:~$ sudo ufw status
Status: inactive

這是ip addrvm 上的輸出:

testuser1@da3:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
   link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
   inet 127.0.0.1/8 scope host lo
      valid_lft forever preferred_lft forever
   inet6 ::1/128 scope host
      valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
   link/ether 08:00:27:14:86:db brd ff:ff:ff:ff:ff:ff
   inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic eth0
      valid_lft 86205sec preferred_lft 86205sec
   inet6 fe80::a00:27ff:fe14:86db/64 scope link
      valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
   link/ether 08:00:27:86:38:bf brd ff:ff:ff:ff:ff:ff
   inet 10.118.8.12/24 brd 10.118.8.255 scope global eth1
      valid_lft forever preferred_lft forever
   inet6 fe80::a00:27ff:fe86:38bf/64 scope link
      valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
   link/ether 08:00:27:5a:fa:4c brd ff:ff:ff:ff:ff:ff
   inet 192.168.1.155/24 brd 192.168.1.255 scope global eth2
      valid_lft forever preferred_lft forever
   inet6 fe80::a00:27ff:fe5a:fa4c/64 scope link
      valid_lft forever preferred_lft forever

port 22在路由器上打開到 ip 192.168.1.155

到目前為止,一切看起來都不錯。我之前只用一個只有橋接網路適配器的虛擬機就做到了這一點,並且它工作正常。它可以從外面進入。

但這不起作用,出於某種原因。沒有人可以使用我的公共 IP 從外部訪問我的機器…

經過一些工作,我取得了進展,現在它只是說no route to host

編輯:發現問題。相同的埠 22 被轉發到路由器上的另一台機器。當我解決了這個問題時,還有一個問題。vagrant 機器上的預設網關是 virtualbox 適配器的網關。我不得不將它修改為路由器的預設網關,然後它就可以工作了。

root@da3:/home/testuser1# ip route show
default via 10.0.2.2 dev eth0 proto dhcp src 10.0.2.15 metric 100
default via 192.168.1.254 dev eth2 proto dhcp src 192.168.1.104 metric 100
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
10.0.2.2 dev eth0 proto dhcp scope link src 10.0.2.15 metric 100
10.118.8.0/24 dev eth1 proto kernel scope link src 10.118.8.12
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.104
192.168.1.254 dev eth2 proto dhcp scope link src 192.168.1.104 metric 100
root@da3:/home/testuser1# ip route del default via 10.0.2.2
root@da3:/home/testuser1# ip route show
default via 192.168.1.254 dev eth2 proto dhcp src 192.168.1.104 metric 100
10.0.2.0/24 dev eth0 proto kernel scope link src 10.0.2.15
10.0.2.2 dev eth0 proto dhcp scope link src 10.0.2.15 metric 100
10.118.8.0/24 dev eth1 proto kernel scope link src 10.118.8.12
192.168.1.0/24 dev eth2 proto kernel scope link src 192.168.1.104
192.168.1.254 dev eth2 proto dhcp scope link src 192.168.1.104 metric 100

引用自:https://unix.stackexchange.com/questions/644204

相關問答

Linux

只能 ping OpenVPN 伺服器,不能 ping VPN 網路上的其他訪客(僅主機網路)

  • June 5, 2020
檢視問答
Centos

我想在 VirtualBox 的 CentOS 7 中使用 2 個 eth 設備設置一個 bond0 介面?

  • October 12, 2018
檢視問答
Networking

Centos 7 使用 packer/vagrant 禁用可預測的網路介面名稱

  • November 8, 2016
檢視問答
Ssh

如何通過 SSH 登錄到此伺服器?

  • November 28, 2022
檢視問答
Linux

如何在啟動時為預設網關設置靜態 MAC 地址?

  • November 11, 2022
檢視問答
Networking

如何使用 tcpdump 之類的工具獲取聚合數據包資訊

  • November 8, 2022
檢視問答