traceroute排查网络故障 www.qq.com排查网络故障网络不通 先ping自己

网络不通 先ping自己

在ping网关

再ping外网

再ping别人的ip

背景需求

Linux 因为其强大的网络处理能力，被广泛用于网关(实例链接)和服务器(实例链接)。实际工作中，快速排查这些 Linux 设备的网络故障成为解决问题的利器。为此，本文列出高频使用的 Linux 排查网络故障的命令。

诊断系统资源

• CPU: uptime, top, sar -u
• RAM: free, top, sar -r
• Disk: iostat, sar -b, df -h, du -S /home | sort -rn | head -n 10
• Net: iftop (yum install -y iftop)

诊断网络故障

• 链路接通了吗：ethtool eth0
• 接口是否启用：ifconfig eth0
• 是否连通本地网络：route -n
• 是否连通 Internet：ping -c 3 www.qq.com
• DNS 是否工作正常(yum install -y bind-utils)
  • host www.qq.com
  • nslookup www.qq.com
  • dig www.qq.com
• 是否可以路由到远程主机：traceroute www.qq.com
  • 远程端口是否开放：nmap -p 80 www.qq.com(yum install -y nmap)
  • 本服务器是否侦听端口：netstat -tunlp | grep -w 80
  • 本服务器是否打开防火墙：/sbin/iptables -L | grep -i -E “reject | drop”

配置网络

• 配置(IP+Netmask+DHCP+Gateway)：/etc/sysconfig/network-scripts/ifcfg-eth0
• 配置 DNS IP：/etc/resolv.conf
• 路由的增加与删除
  • 增加默认路由：route add default gw 192.168.1.1
  • 增加 172.16.0.0/24：route add -net 172.16.0.0 netmask 255.255.0.0 dev eth0
  • 删除 172.16.0.0/24：route del -net 172.16.0.0 netmask 255.255.0.0 dev eth0
• 重新启动整个网络：/etc/init.d/network restart
• 启动网卡
  • ifup eth0
  • ip link set eth0 up
• 停止网卡
  • ifdown eth0
  • ip link set eth0 down
• 配置主机名：/etc/sysconfig/network /etc/hosts·

# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
[root@bogon ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-12-17 18:09:00 CST; 46min ago
Docs: man:firewalld(1)
Main PID: 1745 (firewalld)
Tasks: 2 (limit: 203417)
Memory: 39.8M
CGroup: /system.slice/firewalld.service
└─1745 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

12月 17 18:08:58 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
12月 17 18:09:00 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
12月 17 18:09:01 localhost.localdomain firewalld[1745]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration op>

[root@bogon ~]# systemctl stop firewalld
[root@bogon ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@bogon ~]# traceroute www.qq.com
traceroute to www.qq.com (121.14.77.201), 30 hops max, 60 byte packets
1 bogon (10.1.160.254) 5.276 ms 10.470 ms 10.447 ms
2 bogon (192.168.8.1) 1.692 ms 1.790 ms 2.280 ms
3 * * *
4 bogon (172.17.106.1) 2.710 ms 2.692 ms 2.669 ms
5 bogon (172.16.100.1) 2.956 ms 3.787 ms 3.757 ms
6 bogon (10.135.1.1) 2.864 ms 8.616 ms 8.563 ms
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
[root@bogon ~]#