FreeBSD代理服务器内网ping不通 [问题已经解决]

一台代理,内网网卡ping内网地址不通,ping自己localhost也不通,提示是:

fun@ns[/etc]ping localhost
PING localhost (127.0.0.1): 56 data bytes
No route to host
No route to host
No route to host

折腾了两天,开始以为是网卡的地址或驱动掉了,但用ifconfig都能看到两块网卡,地址也绑着:

fun@ns[/etc]ifconfig -a
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 218.90.159.29 netmask 0xfffffff8 broadcast 218.90.159.31
        inet6 fe80::250:baff:fe66:413e%vr0 prefixlen 64 scopeid 0x1
        ether 00:50:ba:66:41:3e
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
        ether 00:d0:b7:b9:82:92
        media: Ethernet autoselect
        status: no carrier
vr1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 192.168.8.254 netmask 0xffffff00 broadcast 192.168.8.255
        inet6 fe80::205:5dff:fee4:7254%vr1 prefixlen 64 scopeid 0x3
        ether 00:05:5d:e4:72:54
        media: Ethernet autoselect (100baseTX)
        status: active
lp0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 552
faith0: flags=8002<BROADCAST,MULTICAST> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
        inet 127.0.0.1 netmask 0xff000000

直到今天才想起来服务器开始了ipfilter并且默认阻止所有包通过。再看一下/etc/ipf.conf:

pass out on vr0 all
pass in on vr0 all
pass out on vr1 all
pass in on vr1 all
pass out log on vr0 proto icmp all keep state
pass out log on vr0 proto tcp/udp from any to any keep state

果然,没将lo0(回路网卡接口)口加入ipf.conf,立刻加入如下两句在ipf.conf中:
pass out on lo0 all
pass in on lo0 all

保存后reboot,再ping自己localhost和内网地址,通了:)

fun@ns[/etc]ping localhost
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.131 ms
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.066 ms
^C
— localhost ping statistics —
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.066/0.099/0.131/0.033 ms
fun@ns[/etc]ping 192.168.8.8
PING 192.168.8.8 (192.168.8.8): 56 data bytes
64 bytes from 192.168.8.8: icmp_seq=0 ttl=128 time=0.431 ms
64 bytes from 192.168.8.8: icmp_seq=1 ttl=128 time=0.326 ms
64 bytes from 192.168.8.8: icmp_seq=2 ttl=128 time=0.359 ms
^C
— 192.168.8.8 ping statistics —
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.326/0.372/0.431/0.044 ms

[总结] 原因:回路地址lo0没有加入ipf.conf中。以后真得注意了,记得上次我也犯过这错,可这次出故障时就是想不起来,以后得记得这种事情应该多总结,多记记,好记性不如烂笔头,有道理: )

Leave a Reply