UFW解阻塞客流主机
我是在Ubuntu20.04,我已经使UFW作为一个杀手开关与我的有线vpn工作。我目前的规则运行得很好,只是我的ubuntu主机和debian 10.5 virtualbox来宾之间的通信被阻塞了。
我怎样才能解除对主机/客人流量的阻碍?
我目前的UFW规则是:
[ 1] 22/tcp ALLOW IN Anywhere
[ 2] Anywhere ALLOW OUT Anywhere on wg-client1 (out)
[ 3] 80/tcp ALLOW IN Anywhere
[ 4] 443/tcp ALLOW IN Anywhere
[ 5] Anywhere on wg-client1 ALLOW IN Anywhere
[ 6] 94.121.83.88 ALLOW OUT Anywhere (out)
[ 7] 21/tcp ALLOW IN Anywhere
[ 8] 53 ALLOW OUT Anywhere (out)
[ 9] 9418/tcp ALLOW IN Anywhere 以前,我尝试了以下所有失败的方法(例如,当我ping来宾ip192.168.0.84时,我得到了ping: sendmsg: Operation not permitted)
[10] 22/tcp ALLOW IN 10.10.10.2
[11] 22/tcp ALLOW IN 192.168.0.0/24
[12] Anywhere ALLOW IN 192.168.0.0/24
[13] 192.168.0.0/24 ALLOW IN Anywhere
[14] 192.168.0.0/24 22 ALLOW IN Anywhere
[15] Anywhere ALLOW IN 192.168.0.0/24 22 我还使用伪装把所有的流量通过vpn。我的ifconfig -a输出是:
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.18 netmask 255.255.255.0 broadcast 192.168.0.255
ether b4:a9:fc:b0:b0:d1 txqueuelen 1000 (Ethernet)
RX packets 668474 bytes 477052588 (477.0 MB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 945227 bytes 553827446 (553.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 1000 (Local Loopback)
RX packets 2106 bytes 198789 (198.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2106 bytes 198789 (198.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vboxnet0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vboxnet1: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether 0a:00:27:00:00:01 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wg-client1: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1420
inet 10.10.10.2 netmask 255.255.255.255 destination 10.10.10.2
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 1000 (UNSPEC)
RX packets 565766 bytes 350115976 (350.1 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 451704 bytes 440547648 (440.5 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp0s10f2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.6 netmask 255.255.255.0 broadcast 192.168.0.255
ether 34:cf:f6:61:c0:38 txqueuelen 1000 (Ethernet)
RX packets 433847 bytes 102427035 (102.4 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 94319 bytes 29872001 (29.8 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0应该注意的是,我的debian来宾有两个网络接口,一个静态的192.168.0.84和一个动态的,这样我就可以使用多个wifi网络。
# The primary network interface
auto enp0s3
iface enp0s3 inet static
address 192.168.0.84
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
#dynamic gateway for Internet access on random networks
auto enp0s8
iface enp0s8 inet dhcpthx
我终于找到了我的sys日志,我注意到:
[UFW BLOCK] IN= OUT=wlp0s10f2 SRC=192.168.0.255 DST=192.168.0.84 ....
当然,我检查了vbox管理器,对于桥接连接适配器,我只有两个选项:wlp0s10f2或enp3s0 (以太网)。
尽管ifocnfig -a将wg-client1显示为网络接口,但在virtualbox中没有wg-client1作为可用的接口。
我使用不同的规则允许22/tcp来自wlp0s10f2 on wg-client1,但没有成功。
有小费吗?
回答 1
Ask Ubuntu用户
发布于 2021-12-05 10:16:00
有点尴尬,但在开始赏金不到5分钟后,我用一种有理有据的猜测解决了这个问题:
sudo ufw allow out on wlp0s10f2 from any to 192.168.0.84
现在,我的新安装工作完美。我的错误是使用vpn ip作为out地址。将其更改为vbox机器的ip地址。让我重回正轨。
https://askubuntu.com/questions/1378968
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号