作者chang0206 (Eric Chang)
看板Linux
標題[問題] ping 127.0.0.1 不通 但可以對外??
時間Fri Aug 5 11:14:51 2022
OS: ubuntu 22.04.1 Server
IP: 192.168.11.211
我可以從LAN SSH 到這台 11.211 也可以開啟上面的網頁服務
但是SSH進來之後,ping 127.0.0.1 還有ping 自己的ip 都不通
可是 ping 168.95.1.1/1.1.1.1 有反應
administrator@s211:~$ ping -c4 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
--- 127.0.0.1 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3069ms
administrator@s211:~$ ping -c4 192.168.11.211
PING 192.168.11.211 (192.168.11.211) 56(84) bytes of data.
--- 192.168.11.211 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3055ms
administrator@s211:~$ ping -c4 168.95.1.1
PING 168.95.1.1 (168.95.1.1) 56(84) bytes of data.
64 bytes from 168.95.1.1: icmp_seq=1 ttl=53 time=6.92 ms
64 bytes from 168.95.1.1: icmp_seq=2 ttl=53 time=4.55 ms
64 bytes from 168.95.1.1: icmp_seq=3 ttl=53 time=3.37 ms
64 bytes from 168.95.1.1: icmp_seq=4 ttl=53 time=5.78 ms
--- 168.95.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 3.373/5.154/6.919/1.326 ms
administrator@s211:~$ ping -c4 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=5.47 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=4.63 ms
64 bytes from 1.1.1.1: icmp_seq=3 ttl=59 time=3.07 ms
64 bytes from 1.1.1.1: icmp_seq=4 ttl=59 time=5.28 ms
--- 1.1.1.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 3.068/4.612/5.468/0.944 ms
administrator@s211:~$
iptables 除了docker 以外,沒有其他規則(被我flush 掉了)
administrator@s211:~$ sudo iptables -L -n
[sudo] password for administrator:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (0 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (0 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-2 (0 references)
target prot opt source destination
Chain DOCKER-USER (0 references)
target prot opt source destination
administrator@s211:~$
也確認過 UFW 沒有啟用
administrator@s211:~$ sudo ufw status numbered
Status: inactive
selinux 也沒有
s211:~$ sudo sestatus
sudo: sestatus: command not found
怎麼看都像是被防火牆擋住了,可是想得到的都看過了,都沒啟動才是
那還有什麼地方可以檢查啊?
--
※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 140.238.51.144 (日本)
※ 文章網址: https://webptt.com/m.aspx?n=bbs/Linux/M.1659669294.A.235.html
1F:推 rickieyang: cat /proc/sys/net/ipv4/icmp_echo_ignore_all 08/05 11:54
2F:→ chang0206: 嘿還真是這個耶!可是我沒有去動過啊? anyway 又學到 08/05 12:05
3F:→ chang0206: 一招新的 感謝一樓 08/05 12:05
4F:→ csco: 其實很多網路環境都會把icmp ignore;所以不一定是自己的 08/06 08:13
5F:→ csco: icmp echo ignore;像CHT內網很多就不給icmp 08/06 08:13
6F:推 rickieyang: 連127.0.0.1 都沒回應,怪不了別人呀 08/07 12:00
7F:推 yoche2000: localhost 沒回真怪不了別人 08/30 08:58