解决buyvm公司vps主机突然断网问题

系统为Ubuntu 20.04 LTS,故障现象为所有网站无法访问:

ping: www.google.com: Temporary failure in name resolution
root@localhost:~# nslookup www.google.com

;; connection timed out; no servers could be reached

root@localhost:~#

起初以为是 /etc/resolv.conf 文件问题,经查发现无问题:

root@localhost:~# cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 1.1.1.1
nameserver 2001:4860:4860::8888
nameserver 2606:4700:4700::1111

一翻折腾之后发现是iptables中SNAT的问题:

查看SNAT命令:iptables -vnL -t nat

root@localhost:~# iptables -vnL -t nat
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 92 packets, 4574 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 90 packets, 4510 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 56 packets, 3360 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER     all  --  *      *       0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 MASQUERADE  all  --  *      !docker0  172.17.0.0/16        0.0.0.0/0
   56  3360 SNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            to:206.253.165.246
    0     0 MASQUERADE  tcp  --  *      *       172.17.0.2           172.17.0.2           tcp dpt:3000
    0     0 SNAT       all  --  *      *       0.0.0.0/0            0.0.0.0/0            to:206.253.165.246

Chain DOCKER (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 RETURN     all  --  docker0 *       0.0.0.0/0            0.0.0.0/0

原来是之前装过docker导致的后遗症在今天爆发了,把这些乱七八糟没用的规则清理干净:

使用命令:iptables -D -t nat POSTROUTING 1

1为序号,代表清除POSTROUTING中的第一行规则,以此类推,最终清理成这个效果:

root@localhost:~# iptables -vnL -t nat
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Chain PREROUTING (policy ACCEPT 1449 packets, 84891 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 1416 packets, 83835 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 857 packets, 51441 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 9 packets, 540 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain DOCKER (0 references)
 pkts bytes target     prot opt in     out     source               destination

铲草除根,最后把这些残留的链也处理掉:

iptables -vnL -t nat -X DOCKER

最后测试一下效果:

root@localhost:~# nslookup www.google.com
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   www.google.com
Address: 172.217.12.132
Name:   www.google.com
Address: 2607:f8b0:4007:801::2004

问题解决!

刚刚所做的更改重启之后将全部丢失,所以最后的最后别忘了用命令保存到文件:

iptables-save > /etc/iptables/rules.ipv4

然后加入开机自启重新恢复刚刚保存的规则:

iptables-restore < /etc/iptables/rules.v4

vi /etc/rc.local #加入如下代码
iptables-restore < /etc/iptables/rules.v4
iptables-restore < /etc/iptables/rules.v6

至此问题解决。

23

作者:刹那

命中有时终须有,命中无时需强求。

发表评论

您的邮箱地址不会被公开。 必填项已用 * 标注