[問題] ping 127.0.0.1 不通 但可以對外??

作者chang0206 (Eric Chang)

看板Linux

標題[問題] ping 127.0.0.1 不通但可以對外??

時間Fri Aug 5 11:14:51 2022

OS: ubuntu 22.04.1 Server IP: 192.168.11.211 我可以從LAN SSH 到這台 11.211 也可以開啟上面的網頁服務但是SSH進來之後，ping 127.0.0.1 還有ping 自己的ip 都不通可是 ping 168.95.1.1/1.1.1.1 有反應 administrator@s211:~$ ping -c4 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. --- 127.0.0.1 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3069ms administrator@s211:~$ ping -c4 192.168.11.211 PING 192.168.11.211 (192.168.11.211) 56(84) bytes of data. --- 192.168.11.211 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3055ms administrator@s211:~$ ping -c4 168.95.1.1 PING 168.95.1.1 (168.95.1.1) 56(84) bytes of data. 64 bytes from 168.95.1.1: icmp_seq=1 ttl=53 time=6.92 ms 64 bytes from 168.95.1.1: icmp_seq=2 ttl=53 time=4.55 ms 64 bytes from 168.95.1.1: icmp_seq=3 ttl=53 time=3.37 ms 64 bytes from 168.95.1.1: icmp_seq=4 ttl=53 time=5.78 ms --- 168.95.1.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms rtt min/avg/max/mdev = 3.373/5.154/6.919/1.326 ms administrator@s211:~$ ping -c4 1.1.1.1 PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data. 64 bytes from 1.1.1.1: icmp_seq=1 ttl=59 time=5.47 ms 64 bytes from 1.1.1.1: icmp_seq=2 ttl=59 time=4.63 ms 64 bytes from 1.1.1.1: icmp_seq=3 ttl=59 time=3.07 ms 64 bytes from 1.1.1.1: icmp_seq=4 ttl=59 time=5.28 ms --- 1.1.1.1 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3005ms rtt min/avg/max/mdev = 3.068/4.612/5.468/0.944 ms administrator@s211:~$ iptables 除了docker 以外，沒有其他規則(被我flush 掉了) administrator@s211:~$ sudo iptables -L -n [sudo] password for administrator: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (0 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-1 (0 references) target prot opt source destination Chain DOCKER-ISOLATION-STAGE-2 (0 references) target prot opt source destination Chain DOCKER-USER (0 references) target prot opt source destination administrator@s211:~$ 也確認過 UFW 沒有啟用 administrator@s211:~$ sudo ufw status numbered Status: inactive selinux 也沒有 s211:~$ sudo sestatus sudo: sestatus: command not found 怎麼看都像是被防火牆擋住了，可是想得到的都看過了，都沒啟動才是那還有什麼地方可以檢查啊？ -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 140.238.51.144 (日本) ※ 文章網址: https://www.ptt.cc/bbs/Linux/M.1659669294.A.235.html

推 rickieyang: cat /proc/sys/net/ipv4/icmp_echo_ignore_all 08/05 11:54

→ chang0206: 嘿還真是這個耶！可是我沒有去動過啊？ anyway 又學到 08/05 12:05

→ chang0206: 一招新的感謝一樓 08/05 12:05

→ csco: 其實很多網路環境都會把icmp ignore;所以不一定是自己的 08/06 08:13

→ csco: icmp echo ignore;像CHT內網很多就不給icmp 08/06 08:13

推 rickieyang: 連127.0.0.1 都沒回應，怪不了別人呀 08/07 12:00

推 yoche2000: localhost 沒回真怪不了別人 08/30 08:58