101.145 外网不通问题
起因以及经过:2022-06-15 11:48,A 提出该台机器无法访问外网,现场 B 通过脚本修改了 netplan 信息,接着换了网口,换了光模块,最后按照 https://blog.csdn.net/weixin_46151178/article/details/124581558 配置了网口自动 ip 配置。
13:15 接入调查。
这台机器的操作系统大约是在 2021/8/13 安装的,当时用于 chia 服务。查看 本地网络信息,发现结果比较奇怪。
root@gt:/# hostname -I
169.254.8.172 169.254.8.177 172.17.0.1 172.28.101.145 169.254.7.111
root@gt:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 3c:ec:ef:b5:3b:5e brd ff:ff:ff:ff:ff:ff
altname enp3s0
inet 169.254.8.172/16 brd 169.254.255.255 scope link eno1:avahi
valid_lft forever preferred_lft forever
3: eno2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 3c:ec:ef:b5:3b:5f brd ff:ff:ff:ff:ff:ff
altname enp4s0
inet 169.254.8.177/16 brd 169.254.255.255 scope link eno2:avahi
valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:16:01:30:26 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
7: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 6c:b3:11:09:45:e0 brd ff:ff:ff:ff:ff:ff
inet 172.28.101.145/24 brd 172.28.101.255 scope global enp2s0f0
valid_lft forever preferred_lft forever
inet6 fe80::6eb3:11ff:fe09:45e0/64 scope link
valid_lft forever preferred_lft forever
8: enp2s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 6c:b3:11:09:45:e2 brd ff:ff:ff:ff:ff:ff
inet 169.254.7.111/16 brd 169.254.255.255 scope link enp2s0f1:avahi
valid_lft forever preferred_lft forever
inet6 fe80::6eb3:11ff:fe09:45e2/64 scope link
valid_lft forever preferred_lft forever
root@gt:/#
root@gt:/#
root@gt:/# ps -ef|grep avahi
avahi 11003 1 20 12:34 ? 00:11:29 avahi-daemon: running [gt-18.local]
avahi 11047 11003 0 12:34 ? 00:00:00 avahi-daemon: chroot helper
avahi-a+ 20959 15551 0 12:44 ? 00:00:00 avahi-autoipd: [eno1] bound 169.254.8.172
root 20960 20959 0 12:44 ? 00:00:00 avahi-autoipd: [eno1] callout dispatcher
avahi-a+ 20987 15551 0 12:44 ? 00:00:00 avahi-autoipd: [enp2s0f0] sleeping
root 20988 20987 0 12:44 ? 00:00:00 avahi-autoipd: [enp2s0f0] callout dispatcher
avahi-a+ 21079 15551 0 12:45 ? 00:00:00 avahi-autoipd: [docker0] sleeping
root 21080 21079 0 12:45 ? 00:00:00 avahi-autoipd: [docker0] callout dispatcher
avahi-a+ 21095 15551 0 12:45 ? 00:00:00 avahi-autoipd: [eno2] bound 169.254.8.177
root 21096 21095 0 12:45 ? 00:00:00 avahi-autoipd: [eno2] callout dispatcher
avahi-a+ 21662 15551 0 12:45 ? 00:00:00 avahi-autoipd: [enp2s0f1] bound 169.254.7.111
root 21663 21662 0 12:45 ? 00:00:00 avahi-autoipd: [enp2s0f1] callout dispatcher
root 85190 61128 0 13:31 pts/4 00:00:00 grep --color=auto avahi
像是通过 avahi 给所有网卡都配置了 ip,这是因为 修改了 /etc/NetworkManager/NetworkManager.conf 的 ifupdown –> manage=true,这导致了网口的 ip 都配置好了。但这些和无法接通外网无关,修改配置 manage=false,重启机器开始排查。
root@gt:/home/nl# systemd-resolve --status
...
Link 4 (enp2s0f0)
Current Scopes: DNS
DefaultRoute setting: yes
LLMNR setting: yes
MulticastDNS setting: no
DNSOverTLS setting: no
DNSSEC setting: no
DNSSEC supported: no
Current DNS Server: 114.114.114.114
DNS Servers: 223.5.5.5
114.114.114.114
...
root@gt:/home/nl# ping -v 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
root@gt:/home/nl# arp -a
? (172.28.101.147) at ea:58:98:94:52:11 [ether] on enp2s0f0
? (172.28.101.113) at ec:38:8f:6e:50:f4 [ether] on enp2s0f0
? (172.28.101.47) at d2:50:eb:c6:32:71 [ether] on enp2s0f0
? (172.28.101.13) at 3e:52:74:71:25:e2 [ether] on enp2s0f0
? (172.28.101.156) at 8e:f5:d7:fe:50:6a [ether] on enp2s0f0
? (172.28.101.122) at 82:69:92:58:a3:a2 [ether] on enp2s0f0
? (172.28.101.167) at 26:9a:5c:5c:96:9d [ether] on enp2s0f0
? (172.28.101.54) at 36:8b:b9:cf:6a:de [ether] on enp2s0f0
? (172.28.101.133) at 02:52:8f:6f:24:12 [ether] on enp2s0f0
? (172.28.101.65) at 1e:c9:eb:95:51:f2 [ether] on enp2s0f0
? (172.28.101.63) at ee:a2:24:52:00:3c [ether] on enp2s0f0
? (172.28.101.142) at 96:00:fe:5c:d3:23 [ether] on enp2s0f0
? (172.28.101.29) at 5a:13:73:f0:0b:b1 [ether] on enp2s0f0
? (172.28.101.108) at c2:fb:b7:24:4e:1e [ether] on enp2s0f0
^C
root@gt:/home/nl# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 172.28.101.1 0.0.0.0 UG 0 0 0 enp2s0f0
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 docker0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
172.28.101.0 0.0.0.0 255.255.255.0 U 0 0 0 enp2s0f0
上述结果来看,dns和网管的配置都是正确的,但命令执行过程会比较慢。怀疑和 docker 有关系。
先关闭 docker 所有容器和服务,发现可以正常 ping 通外网了。
查看了系统日志,大概是从 2022-06-15 10:09:31 开始的。可以去追溯下这个时间点有谁做了些什么操作。
查看了 docker 相关配置和容器相关配置和日志,没有查出来和外网不通明确的关联信息。
也不一定就是 docker 导致的,因为 docker 在网络层是相对独立的,但又是依托于宿主机,所以容易被怀疑。有可能还是某些系统配置和 docker 产生了冲突。
该问题暂时完结。