18,772
社区成员
发帖
与我相关
我的任务
分享lxc使用nat方式上网,能ping通域名,但是浏览器连接提示超时
Dear CSDN Friends:
I).宿主机的IP是192.168.199.218,是连接AP后,dhcp获取到的,AP的地址是192.168.199.1---(wlan0是我的物理网卡)
II).用lxc建立了一个容器,在这个过程中,建立了lxcbr0的网桥,IP地址是192.168.55.1,是我自己写死的
III).容器启动后,进入到容器里面,查看到的是eth0的网卡,IP地址是192.168.55.6,是我写死的,要求是和lxcbr0在一个网段,netmask是255.255.255.0
IV).需要打开echo 1 > /proc/sys/net/ipv4/ip_forward的ip转发功能
V).建立NAT:iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
VI).之后,我在容器里,执行ping -c 3 192.168.199.1,通过tcpdump lxcbr0和wlan0,发现,包在经由wlan0出去时,源地址已经转换,说明nat成功
VII).然后,配置完dns后,在容器里我能ping www.bing.com是能ping通的,
最后,我在容器里打开浏览器,但是,浏览器一直无法上网,ping的命令使用的是ICMP,和TCP协议不同,是不是我关于NAT的配置有问题?
有没有哪位曾经了解过,希望对小弟提供帮助,非常感谢
I).宿主机的IP是192.168.199.218,是连接AP后,dhcp获取到的,AP的地址是192.168.199.1---(wlan0是我的物理网卡)
II).用lxc建立了一个容器,在这个过程中,建立了lxcbr0的网桥,IP地址是192.168.55.1,是我自己写死的
III).容器启动后,进入到容器里面,查看到的是eth0的网卡,IP地址是192.168.55.6,是我写死的,要求是和lxcbr0在一个网段,netmask是255.255.255.0
IV).需要打开echo 1 > /proc/sys/net/ipv4/ip_forward的ip转发功能
V).建立NAT:iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
VI).之后,我在容器里,执行ping -c 3 192.168.199.1,通过tcpdump lxcbr0和wlan0,发现,包在经由wlan0出去时,源地址已经转换,说明nat成功
VII).然后,配置完dns后,在容器里我能ping www.bing.com是能ping通的,
最后,我在容器里打开浏览器,但是,浏览器一直无法上网,ping的命令使用的是ICMP,和TCP协议不同,是不是我关于NAT的配置有问题?
有没有哪位曾经了解过,希望对小弟提供帮助,非常感谢
...全文
请发表友善的回复…
发表回复
浪客剑心_Bug 2016-10-26
- 打赏
- 举报
此问题已经处理,和ip rule的规则有关
有兴趣的,可以看这里的描述
http://stackoverflow.com/questions/40211718/lxc-use-nat-to-access-the-internet-in-container-execute-ping-www-bing-com-alre/40252502#40252502
浪客剑心_Bug 2016-10-24
- 打赏
- 举报
II). tcpdump -i wlan0 -v
14:17:05.072805 IP (tos 0x0, ttl 63, id 26782, offset 0, flags [DF], proto TCP (6), length 60)
192.168.199.218.46787 > 202.89.233.104.http: Flags [S], cksum 0x5a90 (correct), seq 898740711, win 14600, options [mss 1460,sackOK,TS val 1825145 ecr 0,nop,wscale 8], length 0
14:17:05.074392 IP (tos 0x0, ttl 63, id 14879, offset 0, flags [DF], proto TCP (6), length 60)
192.168.199.218.46788 > 202.89.233.104.http: Flags [S], cksum 0xf64b (correct), seq 1750459238, win 14600, options [mss 1460,sackOK,TS val 1825145 ecr 0,nop,wscale 8], length 0
14:17:05.114351 IP (tos 0x0, ttl 119, id 13926, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.199.218.46787: Flags [S.], cksum 0x4e94 (correct), seq 3662027414, ack 898740712, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 145172415 ecr 1825145], length 0
14:17:05.114651 IP (tos 0x0, ttl 118, id 13926, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.55.6.46787: Flags [S.], cksum 0xdf68 (correct), seq 3662027414, ack 898740712, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 145172415 ecr 1825145], length 0
14:17:05.116222 IP (tos 0x0, ttl 119, id 9722, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.199.218.46788: Flags [S.], cksum 0xc70c (correct), seq 2587934407, ack 1750459239, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 246538444 ecr 1825145], length 0
14:17:05.116369 IP (tos 0x0, ttl 118, id 9722, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.55.6.46788: Flags [S.], cksum 0x57e1 (correct), seq 2587934407, ack 1750459239, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 246538444 ecr 1825145], length 0
14:17:05.558984 IP (tos 0x0, ttl 119, id 13927, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.199.218.46787: Flags [S.], cksum 0x4e6c (correct), seq 3662027414, ack 898740712, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 145172455 ecr 1825145], length 0
14:17:05.559219 IP (tos 0x0, ttl 118, id 13927, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.55.6.46787: Flags [S.], cksum 0xdf40 (correct), seq 3662027414, ack 898740712, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 145172455 ecr 1825145], length 0
14:17:05.570169 IP (tos 0x0, ttl 119, id 9725, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.199.218.46788: Flags [S.], cksum 0xc6e4 (correct), seq 2587934407, ack 1750459239, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 246538484 ecr 1825145], length 0
14:17:05.570411 IP (tos 0x0, ttl 118, id 9725, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.55.6.46788: Flags [S.], cksum 0x57b9 (correct), seq 2587934407, ack 1750459239, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 246538484 ecr 1825145], length 0
14:17:06.072754 IP (tos 0x0, ttl 63, id 26783, offset 0, flags [DF], proto TCP (6), length 60)
192.168.199.218.46787 > 202.89.233.104.http: Flags [S], cksum 0x5a2c (correct), seq 898740711, win 14600, options [mss 1460,sackOK,TS val 1825245 ecr 0,nop,wscale 8], length 0
14:17:06.072883 IP (tos 0x0, ttl 63, id 14880, offset 0, flags [DF], proto TCP (6), length 60)
192.168.199.218.46788 > 202.89.233.104.http: Flags [S], cksum 0xf5e7 (correct), seq 1750459238, win 14600, options [mss 1460,sackOK,TS val 1825245 ecr 0,nop,wscale 8], length 0
14:17:06.313564 IP (tos 0x0, ttl 119, id 9738, offset 0, flags [DF], proto TCP (6), length 56)
202.89.233.104.http > 192.168.199.218.46788: Flags [S.], cksum 0xfaa3 (correct), seq 2587934407, ack 1750459239, win 65535, options [mss 1380,sackOK,TS val 246538564 ecr 1825145], length 0
14:17:06.313808 IP (tos 0x0, ttl 118, id 9738, offset 0, flags [DF], proto TCP (6), length 56)
202.89.233.104.http > 192.168.55.6.46788: Flags [S.], cksum 0x8b78 (correct), seq 2587934407, ack 1750459239, win 65535, options [mss 1380,sackOK,TS val 246538564 ecr 1825145], length 0
14:17:06.319816 IP (tos 0x0, ttl 119, id 13928, offset 0, flags [DF], proto TCP (6), length 56)
202.89.233.104.http > 192.168.199.218.46787: Flags [S.], cksum 0x822a (correct), seq 3662027414, ack 898740712, win 65535, options [mss 1380,sackOK,TS val 145172536 ecr 1825145], length 0
14:17:06.320123 IP (tos 0x0, ttl 118, id 13928, offset 0, flags [DF], proto TCP (6), length 56)
202.89.233.104.http > 192.168.55.6.46787: Flags [S.], cksum 0x12ff (correct), seq 3662027414, ack 898740712, win 65535, options [mss 1380,sackOK,TS val 145172536 ecr 1825145], length 0
14:17:08.023982 IP (tos 0x0, ttl 119, id 9755, offset 0, flags [DF], proto TCP (6), length 40)
202.89.233.104.http > 192.168.199.218.46788: Flags [R], cksum 0x17c0 (correct), seq 2587934408, win 0, length 0
14:17:08.024301 IP (tos 0x0, ttl 118, id 9755, offset 0, flags [DF], proto TCP (6), length 40)
202.89.233.104.http > 192.168.55.6.46788: Flags [R], cksum 0xa894 (correct), seq 2587934408, win 0, length 0
14:17:08.035808 IP (tos 0x0, ttl 120, id 13929, offset 0, flags [DF], proto TCP (6), length 40)
202.89.233.104.http > 192.168.199.218.46787: Flags [R], cksum 0xe02f (correct), seq 3662027415, win 0, length 0
14:17:08.036058 IP (tos 0x0, ttl 119, id 13929, offset 0, flags [DF], proto TCP (6), length 40)
202.89.233.104.http > 192.168.55.6.46787: Flags [R], cksum 0x7104 (correct), seq 3662027415, win 0, length 0
14:17:08.072712 IP (tos 0x0, ttl 63, id 26784, offset 0, flags [DF], proto TCP (6), length 60)
192.168.199.218.46787 > 202.89.233.104.http: Flags [S], cksum 0x5964 (correct), seq 898740711, win 14600, options [mss 1460,sackOK,TS val 1825445 ecr 0,nop,wscale 8], length 0
14:17:08.072855 IP (tos 0x0, ttl 63, id 14881, offset 0, flags [DF], proto TCP (6), length 60)
192.168.199.218.46788 > 202.89.233.104.http: Flags [S], cksum 0xf51f (correct), seq 1750459238, win 14600, options [mss 1460,sackOK,TS val 1825445 ecr 0,nop,wscale 8], length 0
14:17:08.081977 IP (tos 0x0, ttl 119, id 13930, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.199.218.46787: Flags [S.], cksum 0x0ae5 (correct), seq 3531039679, ack 898740712, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 145172712 ecr 1825445], length 0
14:17:08.082222 IP (tos 0x0, ttl 118, id 13930, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.55.6.46787: Flags [S.], cksum 0x9bb9 (correct), seq 3531039679, ack 898740712, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 145172712 ecr 1825445], length 0
14:17:08.088156 IP (tos 0x0, ttl 119, id 9756, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.199.218.46788: Flags [S.], cksum 0x67b8 (correct), seq 1978155039, ack 1750459239, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 246538741 ecr 1825445], length 0
14:17:08.088391 IP (tos 0x0, ttl 118, id 9756, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.55.6.46788: Flags [S.], cksum 0xf88c (correct), seq 1978155039, ack 1750459239, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 246538741 ecr 1825445], length 0
14:17:08.527757 IP (tos 0x0, ttl 119, id 13931, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.199.218.46787: Flags [S.], cksum 0x0abd (correct), seq 3531039679, ack 898740712, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 145172752 ecr 1825445], length 0
14:17:08.527992 IP (tos 0x0, ttl 118, id 13931, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.55.6.46787: Flags [S.], cksum 0x9b91 (correct), seq 3531039679, ack 898740712, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 145172752 ecr 1825445], length 0
14:17:08.540254 IP (tos 0x0, ttl 119, id 9757, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.199.218.46788: Flags [S.], cksum 0x6790 (correct), seq 1978155039, ack 1750459239, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 246538781 ecr 1825445], length 0
14:17:08.540488 IP (tos 0x0, ttl 118, id 9757, offset 0, flags [DF], proto TCP (6), length 60)
202.89.233.104.http > 192.168.55.6.46788: Flags [S.], cksum 0xf864 (correct), seq 1978155039, ack 1750459239, win 8192, options [mss 1380,nop,wscale 8,sackOK,TS val 246538781 ecr 1825445], length 0
14:17:09.351117 IP (tos 0x0, ttl 119, id 9758, offset 0, flags [DF], proto TCP (6), length 56)
202.89.233.104.http > 192.168.199.218.46788: Flags [S.], cksum 0x9b4f (correct), seq 1978155039, ack 1750459239, win 65535, options [mss 1380,sackOK,TS val 246538861 ecr 1825445], length 0
14:17:09.351355 IP (tos 0x0, ttl 118, id 9758, offset 0, flags [DF], proto TCP (6), length 56)
202.89.233.104.http > 192.168.55.6.46788: Flags [S.], cksum 0x2c24 (correct), seq 1978155039, ack 1750459239, win 65535, options [mss 1380,sackOK,TS val 246538861 ecr 1825445], length 0
14:17:09.356532 IP (tos 0x0, ttl 119, id 13936, offset 0, flags [DF], proto TCP (6), length 56)
202.89.233.104.http > 192.168.199.218.46787: Flags [S.], cksum 0x3e7b (correct), seq 3531039679, ack 898740712, win 65535, options [mss 1380,sackOK,TS val 145172833 ecr 1825445], length 0
14:17:09.356765 IP (tos 0x0, ttl 118, id 13936, offset 0, flags [DF], proto TCP (6), length 56)
202.89.233.104.http > 192.168.55.6.46787: Flags [S.], cksum 0xcf4f (correct), seq 3531039679, ack 898740712, win 65535, options [mss 1380,sackOK,TS val 145172833 ecr 1825445], length 0
lxcbr0里看到了往出发的包,wlan0里也看到了回来的包,但是,lxcbr0里没有收到回来的包
浪客剑心_Bug 2016-10-24
- 打赏
- 举报
Dear wuhanqing:
I). tcpdump -i lxcbr0 -v
tcpdump: listening on lxcbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:17:05.072690 IP (tos 0x0, ttl 64, id 26782, offset 0, flags [DF], proto TCP (6), length 60)
192.168.55.6.46787 > 202.89.233.104.http: Flags [S], cksum 0xab9f (incorrect -> 0xeb64), seq 898740711, win 14600, options [mss 1460,sackOK,TS val 1825145 ecr 0,nop,wscale 8], length 0
14:17:05.074277 IP (tos 0x0, ttl 64, id 14879, offset 0, flags [DF], proto TCP (6), length 60)
192.168.55.6.46788 > 202.89.233.104.http: Flags [S], cksum 0xab9f (incorrect -> 0x8720), seq 1750459238, win 14600, options [mss 1460,sackOK,TS val 1825145 ecr 0,nop,wscale 8], length 0
14:17:06.072623 IP (tos 0x0, ttl 64, id 26783, offset 0, flags [DF], proto TCP (6), length 60)
192.168.55.6.46787 > 202.89.233.104.http: Flags [S], cksum 0xab9f (incorrect -> 0xeb00), seq 898740711, win 14600, options [mss 1460,sackOK,TS val 1825245 ecr 0,nop,wscale 8], length 0
14:17:06.072842 IP (tos 0x0, ttl 64, id 14880, offset 0, flags [DF], proto TCP (6), length 60)
192.168.55.6.46788 > 202.89.233.104.http: Flags [S], cksum 0xab9f (incorrect -> 0x86bc), seq 1750459238, win 14600, options [mss 1460,sackOK,TS val 1825245 ecr 0,nop,wscale 8], length 0
14:17:08.072565 IP (tos 0x0, ttl 64, id 26784, offset 0, flags [DF], proto TCP (6), length 60)
192.168.55.6.46787 > 202.89.233.104.http: Flags [S], cksum 0xab9f (incorrect -> 0xea38), seq 898740711, win 14600, options [mss 1460,sackOK,TS val 1825445 ecr 0,nop,wscale 8], length 0
14:17:08.072813 IP (tos 0x0, ttl 64, id 14881, offset 0, flags [DF], proto TCP (6), length 60)
192.168.55.6.46788 > 202.89.233.104.http: Flags [S], cksum 0xab9f (incorrect -> 0x85f4), seq 1750459238, win 14600, options [mss 1460,sackOK,TS val 1825445 ecr 0,nop,wscale 8], length 0
14:17:10.082601 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.55.1 tell 192.168.55.6, length 28
14:17:10.082681 ARP, Ethernet (len 6), IPv4 (len 4), Reply 192.168.55.1 is-at fe:14:0a:d5:1c:c9 (oui Unknown), length 28
14:17:12.082660 IP (tos 0x0, ttl 64, id 26785, offset 0, flags [DF], proto TCP (6), length 60)
192.168.55.6.46787 > 202.89.233.104.http: Flags [S], cksum 0xab9f (incorrect -> 0xe8a7), seq 898740711, win 14600, options [mss 1460,sackOK,TS val 1825846 ecr 0,nop,wscale 8], length 0
14:17:12.082884 IP (tos 0x0, ttl 64, id 14882, offset 0, flags [DF], proto TCP (6), length 60)
192.168.55.6.46788 > 202.89.233.104.http: Flags [S], cksum 0xab9f (incorrect -> 0x8463), seq 1750459238, win 14600, options [mss 1460,sackOK,TS val 1825846 ecr 0,nop,wscale 8], length 0
hanqingwu 2016-10-24
- 打赏
- 举报
tcpdump 看下,你的http包是怎么走的。
