題 Ubuntu 14.04靜態IP服務器無法ping通路由器或Internet


我搜索了很多,發現了很多類似的問題,但沒有解決方案。請幫忙。

Ubuntu 14.04服務器(server1),靜態IP充當DNS和DHCP服務器。它連接到網絡上的其他服務器(使用靜態IP)和客戶端(使用DHCP),但無法連接到Internet,也無法ping我的路由器。我的路由器也無法ping或traceroute server1,但網絡上的其他機器也可以。 DNS和DHCP似乎適用於網絡,並且server1上的DNS日誌文件正在動態更新。

以前,較舊的Linksys路由器工作正常,並充當DHCP服務器。我安裝了一台新的Netgear C6300路由器,但事情還可以。然後我從Ubuntu 12.04更新到14.04。然後我將DHCP服務器從路由器切換到Ubuntu服務器。現在服務器已經失去了ping路由器和訪問網絡的能力....雖然我知道它在安裝新路由器後工作了一段時間。我相信路由器也會在某些時候自動更新其固件,我不確定是不是這個問題出現的時刻。

佈局:

  • 192.168.1.1 =帶wifi的Netgear C6300路由器(不作為DHCP服務器)
  • 192.68.1.2 = Netgear GS724T智能交換機連接到路由器
  • 192.168.1.6 - 192.168.1.25 = DHCP範圍,Windows和Android客戶端,連接到路由器上的wifi
  • server1 = 192.68.1.100 = Ubuntu 14.04,DNS和DHCP服務器,靜態IP, 連接到智能開關,這就是問題所在
  • server2 = 192.68.1.101 = Windows Web Server 2003,靜態IP, 連接到智能開關,工作正常
  • server3 = 192.68.1.102 = CentOS 6,靜態IP,連接到智能 切換,工作正常

server1的行為(192.168.1.100):

  • 無法ping通路由器和路由器無法ping通。
  • 可以ping智能開關
  • 可以ping其他靜態IP服務器並從中接收ping
  • 可以ping通192.168.1.6等DHCP客戶端並從中接收ping
  • 接受來自本地客戶端的SSH連接
  • 無法連接到Internet或ping任何網絡IP
  • SOMETIMES出現在路由器的“附加設備”表中
  • 我嘗試關閉防火牆並測試了ping路由器和它 仍然沒有工作。

其他機器的行為:

  • 可以ping通路由器和路由器可以ping通它們。
  • 可以ping server1
  • 通過SSH連接到server1
  • 可以連接到Internet並ping網絡IP
  • 始終顯示在路由器的“附加設備”表中
  • 智能交換機可以接受來自路由器和服務器1的ping

的/ etc /網絡/接口

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 192.168.1.100
netmask 255.255.255.0
gateway 192.168.1.1
network 192.168.1.0
broadcast 192.168.1.255
dns-nameservers 127.0.0.1
dns-search xx.lan
dns-domain xx.lan

在/etc/resolv.conf:

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search xx.lan

使用ifconfig

eth0      Link encap:Ethernet  HWaddr 00:0b:db:94:20:e3
          inet addr:192.168.1.100  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2601:187:8400:673c:9d87:98c5:8063:b35e/64 Scope:Global
          inet6 addr: 2601:187:8400:673c:6472:fd28:10d8:17c7/64 Scope:Global
          inet6 addr: 2601:187:8400:673c:e058:2568:41d8:d42b/64 Scope:Global
          inet6 addr: 2601:187:8400:673c:20b:dbff:fe94:20e3/64 Scope:Global
          inet6 addr: fe80::20b:dbff:fe94:20e3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:648391 errors:0 dropped:0 overruns:0 frame:0
          TX packets:156845 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:64451406 (64.4 MB)  TX bytes:19330886 (19.3 MB)
          Interrupt:16

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:174552 errors:0 dropped:0 overruns:0 frame:0
          TX packets:174552 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:40028479 (40.0 MB)  TX bytes:40028479 (40.0 MB)

ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.100 icmp_seq=2 Destination Host Unreachable
From 192.168.1.100 icmp_seq=3 Destination Host Unreachable
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 received, +2 errors, 100% packet loss, time 2016ms

ping -c 3 192.168.1.2
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=0.587 ms
64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=46.3 ms
64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=0.623 ms
--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms

ping -c 3 192.168.1.100
PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
64 bytes from 192.168.1.100: icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from 192.168.1.100: icmp_seq=2 ttl=64 time=0.066 ms
64 bytes from 192.168.1.100: icmp_seq=3 ttl=64 time=0.062 ms
--- 192.168.1.100 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.062/0.069/0.079/0.007 ms

ping -c 3 192.168.1.102
PING 192.168.1.102 (192.168.1.102) 56(84) bytes of data.
64 bytes from 192.168.1.102: icmp_seq=1 ttl=64 time=0.197 ms
64 bytes from 192.168.1.102: icmp_seq=2 ttl=64 time=0.149 ms
64 bytes from 192.168.1.102: icmp_seq=3 ttl=64 time=0.121 ms
--- 192.168.1.102 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.121/0.155/0.197/0.034 ms

ping -c 3 192.168.1.6
PING 192.168.1.6 (192.168.1.6) 56(84) bytes of data.
64 bytes from 192.168.1.6: icmp_seq=1 ttl=128 time=9.66 ms
64 bytes from 192.168.1.6: icmp_seq=2 ttl=128 time=4.37 ms
64 bytes from 192.168.1.6: icmp_seq=3 ttl=128 time=3.98 ms
--- 192.168.1.6 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.984/6.008/9.665/2.591 ms

/etc/bind/named.conf.options

acl goodclients {
        192.168.1.0/24 ;
        localhost ;
        localnets ;
};

acl trusted {
        localhost ;             #localhost
        192.168.1.0/24 ;
};

options {
        directory "/var/cache/bind/zones";

        recursion yes;                                  # enables resursive queries
                allow-recursion { trusted; };   # allows recursive queries from "trusted" clients
        allow-query { goodclients; };   # allows "good" clients to query (the whole 192.168.1 subnet)
        listen-on { 127.0.0.1; 192.168.1.100; };        # server1 private IP address - listen on private network only
        allow-transfer { goodclients; };        # disable zone transfers by default


        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forward first;
                forwarders {
                                207.172.3.9;    //L3
                                4.2.2.5;        //Genuity
        };

                dnssec-enable no;
                dnssec-validation no;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

/etc/bind/named.conf.local

// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization include "/etc/bind/zones.rfc1918";
//

include "/etc/bind/rndc.key";

zone "1.168.192.in-addr.arpa" {
    type master;
    file "/var/lib/bind/zones/rev.1.168.192.in-addr.arpa";
        allow-update { key rndc-key; };                                         # allow update from clients with this key
        notify yes;
};

zone "xx.lan" IN {
    type master;
    file "/var/lib/bind/zones/xx.lan.db";
        allow-update { key rndc-key; };                                         # allow update from clients with this key
        notify yes;
};

/var/lib/bind/zones/xx.lan.db

$ORIGIN .
$TTL 604800     ; 1 week
xx.lan                  IN SOA  server1.xx.lan. tech.email.com. (
                                2015102430 ; serial
                                28800      ; refresh (8 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                36000      ; minimum (10 hours)
                                )
                        NS      server1.xx.lan.
$ORIGIN xx.lan.
$TTL 3600       ; 1 hour
e6500                   A       192.168.1.6
                        TXT     "3162db65ed92629b5cd94d99bb7b492987"
$TTL 604800     ; 1 week
localhost               CNAME   server1
$TTL 3600       ; 1 hour
m4600                   A       192.168.1.8
                        TXT     "31e36ff666bee353e79bc3f88f6798e595"
$TTL 604800     ; 1 week
netgearc6300            A       192.168.1.1
netgeargs724t           A       192.168.1.2
server2                 A       192.168.1.101
server1                 A       192.168.1.100
server3                 A       192.168.1.102
$TTL 604800     ; 1 week
www                     CNAME   server1

/var/lib/bind/zones/rev.1.168.192.in-addr.arpa

$ORIGIN .
$TTL 604800     ; 1 week
1.168.192.in-addr.arpa  IN SOA  server1.xx.lan. tech.advantagerugby.com. (
                                2015102411 ; serial
                                28800      ; refresh (8 hours)
                                3600       ; retry (1 hour)
                                604800     ; expire (1 week)
                                36000      ; minimum (10 hours)
                                )
                        NS      server1.xx.lan.
$ORIGIN 1.168.192.in-addr.arpa.
1                       PTR     netgearc6300.xx.lan.
2                       PTR     netgeargs724t.xx.lan.
$TTL 604800     ; 1 week
100                     PTR     server1.xx.lan.
101                     PTR     server2.xx.lan.
102                     PTR     server3.xx.lan.
                        PTR     xx.lan.
$TTL 3600       ; 1 hour
8.1.168.192             PTR     m4600.xx.lan.
6                       PTR     e6500.xx.lan.

iproute

default via 192.168.1.1 dev eth0
169.254.0.0/16 dev eth0  scope link  metric 1000
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.100

地址解析協議

Address                  HWtype  HWaddress           Flags Mask            Iface
e6500.xx.lan             ether   00:21:6a:26:d7:c6   C                     eth0
android-d2def8bec293334  ether   98:d6:f7:88:38:b2   C                     eth0
192.168.1.8              ether   24:77:03:2b:24:24   C                     eth0
192.168.1.9              ether   00:1d:09:2f:4c:ac   C                     eth0
server2.xx.lan           ether   00:04:23:86:f0:cb   C                     eth0
android-d8bb6eddaacb8dd  ether   f8:84:f2:02:3d:dc   C                     eth0
server3.xx.lan           ether   00:12:3f:ec:f0:3a   C                     eth0
netgearc6300.xx.lan              (incomplete)                              eth0

任何人都可以看到任何可能提供線索的東西嗎?

在此先感謝您的幫助。

每個請求更新

tcpdump的

sudo tcpdump -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:46:02.316789 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 1055870237:1055870273, ack 2041895597, win 1603, length 36
12:46:02.321889 IP 192.168.1.6.54419 > pe1750-3.as.lan.ssh: Flags [.], ack 36, win 16218, length 0
12:46:03.071668 ARP, Request who-has 192.168.1.1 tell pe1750-3.as.lan, length 28
12:46:03.198355 IP 192.168.1.6.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:46:03.319996 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 36:128, ack 1, win 1603, length 92
12:46:03.320048 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 128:164, ack 1, win 1603, length 36
12:46:03.320778 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 164:216, ack 1, win 1603, length 52
12:46:03.321677 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 216:260, ack 1, win 1603, length 44
12:46:03.325460 IP 192.168.1.6.54419 > pe1750-3.as.lan.ssh: Flags [.], ack 164, win 16186, length 0
12:46:03.325692 IP 192.168.1.6.54419 > pe1750-3.as.lan.ssh: Flags [.], ack 260, win 16162, length 0
12:46:03.948314 IP 192.168.1.6.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:46:04.072080 IP pe1750-3.as.lan.ssh > 192.168.1.6.54255: Flags [P.], seq 3186349454:3186349490, ack 684974901, win 1603, length 36
12:46:04.088953 ARP, Request who-has 192.168.1.1 tell pe1750-3.as.lan, length 28
12:46:04.276914 IP 192.168.1.6.54255 > pe1750-3.as.lan.ssh: Flags [.], ack 36, win 16213, length 0
12:46:04.322982 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 260:328, ack 1, win 1603, length 68
12:46:04.323121 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 328:436, ack 1, win 1603, length 108
12:46:04.323208 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 436:536, ack 1, win 1603, length 100
12:46:04.328437 IP 192.168.1.6.54419 > pe1750-3.as.lan.ssh: Flags [.], ack 436, win 16118, length 0
12:46:04.528043 IP 192.168.1.6.54419 > pe1750-3.as.lan.ssh: Flags [.], ack 536, win 16093, length 0
12:46:04.698113 IP 192.168.1.6.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:46:05.087654 ARP, Request who-has 192.168.1.1 tell pe1750-3.as.lan, length 28
12:46:05.324436 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 536:684, ack 1, win 1603, length 148
12:46:05.449430 IP 192.168.1.6.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:46:05.528911 IP 192.168.1.6.54419 > pe1750-3.as.lan.ssh: Flags [.], ack 684, win 16425, length 0
12:46:06.087661 ARP, Request who-has 192.168.1.1 tell pe1750-3.as.lan, length 28
12:46:06.198837 IP 192.168.1.6.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:46:06.325543 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 684:752, ack 1, win 1603, length 68
12:46:06.325630 IP pe1750-3.as.lan.ssh > 192.168.1.6.54419: Flags [P.], seq 752:820, ack 1, win 1603, length 68
12:46:06.330675 IP 192.168.1.6.54419 > pe1750-3.as.lan.ssh: Flags [.], ack 820, win 16391, length 0
12:46:06.949389 IP 192.168.1.6.netbios-ns > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
12:46:07.088090 IP pe1750-3.as.lan.ssh > 192.168.1.6.54255: Flags [P.], seq 36:72, ack 1, win 1603, length 36
12:46:07.104948 ARP, Request who-has 192.168.1.1 tell pe1750-3.as.lan, length 28
12:46:07.293994 IP 192.168.1.6.54255 > pe1750-3.as.lan.ssh: Flags [.], ack 72, win 16204, length 0
^C
33 packets captured
38 packets received by filter
0 packets dropped by kernel

3
2017-10-30 15:27


起源


請使用tcpdump on:192.168.1.100查看ping數據包是否通過eth0退出;智能開關,查看數據包是否到達和離開路由器; 3.在網關192.168.1.1上查看數據包是否到達。如果您可以使用和不使用DHCP服務來查看它們是否會干擾,那將是最好的。 - MariusMatutiae
另外,嘗試將arp表添加到您的網關 用手:你可以這樣做: ip neigh add 192.168.1.1 lladdr 00:11:22:33:44:55 nud permanent dev eth0 - MariusMatutiae
tcpdump on eth0,而ping仍然啟用dgcp服務器,在上面的帖子末尾添加了。不確定你是否打算在智能交換機和網關上執行此操作,但我不知道如何在這些設備上執行tcpdump。 - frontrow
供將來參考:更容易做到 tcpdump -i eth0 icmp 這樣只顯示ping流量。讓我擔心的是輸出中沒有顯示ICMP:這意味著ping請求是 不 出去。你能仔細檢查嗎? - MariusMatutiae
當我使用tcpdump -i eth0 icmp命令然後執行ping操作時,你是對的。可能導致什麼?防火牆也許?我打開了53號端口。另外,當我禁用ufw時沒有任何區別......除非我做錯了。 - frontrow


答案:


我將IP轉換為其他東西,一切正常。我不知道為什麼192.168.1.100不起作用。


1
2017-10-30 23:34



奇怪的是我遇到了非常相似的行為,並且更改了ip也修復了它。我有一個運行dhcp服務器的nas和運行ubuntu 16.04的nuc都連接到連接到我的路由器的交換機。除了路由器和Internet地址之外,nuc可以ping我本地網絡上的每個設備。我將dhcp服務器上的ip預留從.110更改為.111,重新啟動後它能夠ping通路由器和互聯網。 - Talon876


第一階段分配一些其他IP地址,最好是自動分配並檢查狀態。 第二階段是重置網絡配置以及檢查智能交換機配置。 據我所知,它在智能開關方面存在一些問題。


0
2017-10-30 17:26



我將靜態IP更改為192.168.1.103,它現在可以ping通路由器和Internet。為什麼IP地址有問題? - frontrow
正如我之前提到的,檢查路由器和智能交換機配置文件以解決您的問題。 - Shameerariff
使用跟踪路由來查找確切的問題 - Shameerariff
我如何使用traceroute提供比上面發布的更多信息?我會找什麼? - frontrow
我“檢查”了路由器和智能開關,但我沒有看到任何表明問題的東西。再一次,我會尋找什麼? - frontrow