Ssh
SSH 連接困難
我在我的網格上使用 RED HAT 5.9 OS,有 3 台機器:1 個頭節點(稱為 ilmn-qm.ilmn)和 2 個計算節點(又名 compute-00-00 和 compute-00-01)。
問題是我不能從任一計算節點單元使用 SSH。
我試過:
SSH FROM 和 TO 頭節點完美執行。
從頭節點到計算節點的 SSH 有效。
3)反之亦然,從計算節點到頭節點的 SSH 也可以正常工作。
4)頭節點定義為網關:
[root@compute-00-01 ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.20.22.0 * 255.255.255.0 U 0 0 0 eth1 172.20.20.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 default ilmn-qm.ilmn 0.0.0.0 UG 0 0 0 eth0
- 我檢查了在 Head 節點上啟用了 ipv4 轉發
cat /etc/sysctl.conf # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. # Controls IP packet forwarding net.ipv4.ip_forward = 1 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Controls whether core dumps will append the PID to the core filename # Useful for debugging multi-threaded applications kernel.core_uses_pid = 1 # Controls the use of TCP syncookies net.ipv4.tcp_syncookies = 1 # Controls the maximum size of a message, in bytes kernel.msgmnb = 65536 # Controls the default maxmimum size of a mesage queue kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296然而任何 ssh 嘗試都以:
ssh: connect to host 132.68.107.69 port 22: Connection timed out從頭節點:
root@ilmn-qm ~ # ip a show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether f0:4d:a2:0b:2d:b9 brd ff:ff:ff:ff:ff:ff inet 132.68.106.1/28 brd 132.68.106.15 scope global eth0 inet6 fe80::f24d:a2ff:fe0b:2db9/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether f0:4d:a2:0b:2d:bb brd ff:ff:ff:ff:ff:ff inet 172.20.20.5/24 brd 172.20.20.255 scope global eth1 inet6 fe80::f24d:a2ff:fe0b:2dbb/64 scope link valid_lft forever preferred_lft forever 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether f0:4d:a2:0b:2d:bd brd ff:ff:ff:ff:ff:ff inet 172.20.21.2/24 brd 172.20.21.255 scope global eth2 inet6 fe80::f24d:a2ff:fe0b:2dbd/64 scope link valid_lft forever preferred_lft forever 5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000 link/ether f0:4d:a2:0b:2d:bf brd ff:ff:ff:ff:ff:ff 6: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 root@ilmn-qm ~ # ip route show 132.68.106.0/28 dev eth0 proto kernel scope link src 132.68.106.1 172.20.21.0/24 dev eth2 proto kernel scope link src 172.20.21.2 172.20.20.0/24 dev eth1 proto kernel scope link src 172.20.20.5 169.254.0.0/16 dev eth2 scope link default via 132.68.106.14 dev eth0從計算-00-00:
[root@compute-00-00 ~]# ip a show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether f0:4d:a2:0b:2d:c2 brd ff:ff:ff:ff:ff:ff inet 172.20.20.6/24 brd 172.20.20.255 scope global eth0 inet6 fe80::f24d:a2ff:fe0b:2dc2/64 scope link valid_lft forever preferred_lft forever 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether f0:4d:a2:0b:2d:c4 brd ff:ff:ff:ff:ff:ff inet 172.20.22.6/24 brd 172.20.22.255 scope global eth1 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether f0:4d:a2:0b:2d:c6 brd ff:ff:ff:ff:ff:ff 5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether f0:4d:a2:0b:2d:c8 brd ff:ff:ff:ff:ff:ff 6: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 [root@compute-00-00 ~]# ip route show 172.20.22.0/24 dev eth1 proto kernel scope link src 172.20.22.6 172.20.20.0/24 dev eth0 proto kernel scope link src 172.20.20.6 169.254.0.0/16 dev eth1 scope link default via 172.20.20.5 dev eth0從計算 00-01:
[root@compute-00-01 ~]# ip a show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 84:2b:2b:f9:9e:11 brd ff:ff:ff:ff:ff:ff inet 172.20.20.7/24 brd 172.20.20.255 scope global eth0 inet6 fe80::862b:2bff:fef9:9e11/64 scope link valid_lft forever preferred_lft forever 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 84:2b:2b:f9:9e:13 brd ff:ff:ff:ff:ff:ff inet 172.20.22.7/24 brd 172.20.22.255 scope global eth1 4: eth2: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 84:2b:2b:f9:9e:15 brd ff:ff:ff:ff:ff:ff 5: eth3: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 84:2b:2b:f9:9e:17 brd ff:ff:ff:ff:ff:ff 6: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 [root@compute-00-01 ~]# ip route show 172.20.22.0/24 dev eth1 proto kernel scope link src 172.20.22.7 172.20.20.0/24 dev eth0 proto kernel scope link src 172.20.20.7 169.254.0.0/16 dev eth0 scope link default via 172.20.20.5 dev eth0
您可能需要向頭節點添加 SNAT 規則,以便來自計算節點的流量在嘗試到達 Internet 上的某些伺服器時具有正確的源 IP 地址。發送源 IP 地址在 172.20.20.0/24 範圍內的數據包將不起作用。
您可以在頭節點上像這樣配置 SNAT:
iptables -t nat -A POSTROUTING -o eth0 -s 172.20.20.0/24 -j SNAT --to 32.68.106.1