作者chang0206 (Eric Chang)
看板Linux
标题[问题] ping 127.0.0.1 不通 但可以对外??
时间Fri Aug 5 11:14:51 2022
OS: ubuntu 22.04.1 Server
IP: 192.168.11.211
我可以从LAN SSH 到这台 11.211 也可以开启上面的网页服务
但是SSH进来之後,ping 127.0.0.1 还有ping 自己的ip 都不通
可是 ping 168.95.1.1/1.1.1.1 有反应
administrator@s211:~$ ping -c4 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3069ms
administrator@s211:~$ ping -c4 192.168.11.211
PING 192.168.11.211 (192.168.11.211) 56(84) bytes of data.
--- 192.168.11.211 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3055ms
administrator@s211:~$ ping -c4 168.95.1.1
PING 168.95.1.1 (168.95.1.1) 56(84) bytes of data.
64 bytes from 168.95.1.1: icmp_seq=1 ttl=53 time=6.92 ms
64 bytes from 168.95.1.1: icmp_seq=2 ttl=53 time=4.55 ms
64 bytes from 168.95.1.1: icmp_seq=3 ttl=53 time=3.37 ms
64 bytes from 168.95.1.1: icmp_seq=4 ttl=53 time=5.78 ms
--- 168.95.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 3.373/5.154/6.919/1.326 ms
administrator@s211:~$ ping -c4 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=5.47 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=4.63 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=59 time=3.07 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=59 time=5.28 ms
--- 1.1.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 3.068/4.612/5.468/0.944 ms
administrator@s211:~$
iptables 除了docker 以外,没有其他规则(被我flush 掉了)
administrator@s211:~$ sudo iptables -L -n
[sudo] password for administrator:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (0 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (0 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target prot opt source destination
Chain DOCKER-USER (0 references)
target prot opt source destination
administrator@s211:~$
也确认过 UFW 没有启用
administrator@s211:~$ sudo ufw status numbered
Status: inactive
selinux 也没有
s211:~$ sudo sestatus
sudo: sestatus: command not found
怎麽看都像是被防火墙挡住了,可是想得到的都看过了,都没启动才是
那还有什麽地方可以检查啊?
--
※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 140.238.51.144 (日本)
※ 文章网址: https://webptt.com/cn.aspx?n=bbs/Linux/M.1659669294.A.235.html
1F:推 rickieyang: cat /proc/sys/net/ipv4/icmp_echo_ignore_all 08/05 11:54
2F:→ chang0206: 嘿还真是这个耶!可是我没有去动过啊? anyway 又学到 08/05 12:05
3F:→ chang0206: 一招新的 感谢一楼 08/05 12:05
4F:→ csco: 其实很多网路环境都会把icmp ignore;所以不一定是自己的 08/06 08:13
5F:→ csco: icmp echo ignore;像CHT内网很多就不给icmp 08/06 08:13
6F:推 rickieyang: 连127.0.0.1 都没回应,怪不了别人呀 08/07 12:00
7F:推 yoche2000: localhost 没回真怪不了别人 08/30 08:58