在上个月使用 docker-compose 和滚动更新重启后(忘记退出 docker),主机无法访问网址。尝试了两天配置 DNS,另一台电脑 DNS 设置为网关的 192.168.31.1 可以正常上网,尝试 DNS 设置为 114.114.114.114 或其他也依旧无法上网,求各位大佬指点一下小白我,感谢~
尝试了手动设置 ipv4 静态地址
尝试了关闭 /etc/sysconfig/network/config 对 DNS 的修改
尝试了 nmcli 直接设置 DNS 为 114.114.114.114
尝试了 直接或通过 /etc/NetworkManager/conf.d/*.conf 修改/etc/resolve.conf 为 nameserver 114.114.114.114 后重启 NM 服务
getent ahosts baidu.com 呢?
getent ahosts baidu.com回车后没有任何反馈,lsof -nPi :53 也是,直接下起空白输入行
strace -s 512 -f getent ahosts baidu.com
看看。
见楼上,论坛文字长度有限制,只能截图了。感谢您
systemctl status nscd
如果没有的话,就 sudo ss -nplx | grep nscd 看看。
等等,你的 eth0 怎么是 up 状态,但是又只有链路 IP?你把网线拔了试试?
eth0 就是连接另一台电脑形成局域网,作为 pg 数据库服务器使用的 
我看一下另外的命令
Eaton:/ # systemctl status nscd
● nscd.service - Name Service Cache Daemon
Loaded: loaded (/usr/lib/systemd/system/nscd.service; enabled; preset: enabled)
Active: active (running) since Sat 2023-12-09 21:41:51 CST; 17h ago
Process: 1491 ExecStart=/usr/sbin/nscd (code=exited, status=0/SUCCESS)
Main PID: 1502 (nscd)
Tasks: 11 (limit: 4915)
CPU: 458ms
CGroup: /system.slice/nscd.service
└─1502 /usr/sbin/nscd
12 月 09 21:41:51 Eaton nscd[1502]: 1502 监视目录 `/etc` (2)
12 月 09 21:41:51 Eaton nscd[1502]: 1502 监控文件 `/etc/nsswitch.conf' (6)
12 月 09 21:41:51 Eaton nscd[1502]: 1502 监视目录 `/etc` (2)
12 月 09 21:41:51 Eaton nscd[1502]: 1502 监控文件 `/etc/nsswitch.conf' (6)
12 月 09 21:41:51 Eaton nscd[1502]: 1502 监视目录 `/etc` (2)
12 月 09 21:41:51 Eaton systemd[1]: Started Name Service Cache Daemon.
12 月 09 21:41:57 Eaton nscd[1502]: 1502 监视文件 `/etc/resolv.conf' 原为 moved into place,添加监视
12 月 09 21:41:57 Eaton nscd[1502]: 1502 监视文件 `/etc/resolv.conf' 原为 moved into place,添加监视
12 月 09 21:42:09 Eaton nscd[1502]: 1502 检查监视的文件 '/etc/services': 没有那个文件或目录
12 月 09 21:42:10 Eaton nscd[1502]: 1502 检查监视的文件 '/etc/netgroup': 没有那个文件或目录
Eaton:/ # ss -nplx | grep nscd
u_str LISTEN 0 4096 /var/run/nscd/socket 13700 * 0 users:(("nscd",pid=1502,fd=16))
Eaton:/ #
命令反馈如楼上
你果然开了 nscd。把它关掉试试:systemctl stop nscd。
你的 eth0 没正常联网。不知道你是怎么设计的,总之你得修一下。两台电脑互联的话,推荐两边都配个同网段的静态 IP 就好了。
关掉 nscd 重启 NetworkManager 后,ping baidu.com 直接反馈系统错误,火狐浏览器打开崩溃报错 。
同网段的静态 ip 设置后,win11 总识别不了,应该是哪里设置的问题,最后用 NM 自带的 ipv4 连接 “仅本地链路”,不过拔网线后依旧不能联网,应该不是一个问题。
此前的 docker 是为了使用 clash,来 zypper dup,但是 yast proxy 现在是关掉的,自此无法联网。
具体信息呢?
你是用的 iptables 吗?sudo iptables-save 看看。如果用的 nft,就 nft list ruleset 看看。
关闭 NSCD 是这样
Eaton:/home/eaton # systemctl stop nscd
Eaton:/home/eaton # systemctl restart NetworkManager
Eaton:/home/eaton # ping baidu.com
ping: baidu.com: 系统错误
Eaton:/home/eaton # systemctl start nscd
Eaton:/home/eaton # systemctl restart NetworkManager
Eaton:/home/eaton # ping baidu.com
ping: baidu.com: 未知的名称或服务
sudo iptables-save 是这样
Eaton:/ # iptables-save
Generated by iptables-save v1.8.10 (nf_tables) on Thu Dec 14 00:12:33 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
COMMITCompleted on Thu Dec 14 00:12:33 2023
Generated by iptables-save v1.8.10 (nf_tables) on Thu Dec 14 00:12:33 2023
*nat
:PREROUTING ACCEPT [261890:62342317]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [544:67990]
:POSTROUTING ACCEPT [544:67990]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMITCompleted on Thu Dec 14 00:12:33 2023
nft list ruleset 太长了,摘了前面一部分
Eaton:/ # nft list ruleset
table inet firewalld {
ct helper helper-netbios-ns-udp {
type “netbios-ns” protocol udp
l3proto ip
}chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_POLICIES
}chain mangle_PREROUTING_POLICIES {
iifname “docker0” jump mangle_PRE_policy_allow-host-ipv6
iifname “docker0” jump mangle_PRE_docker
iifname “docker0” return
iifname “eth0” jump mangle_PRE_policy_allow-host-ipv6
iifname “eth0” jump mangle_PRE_home
iifname “eth0” return
iifname “wlp2s0” jump mangle_PRE_policy_allow-host-ipv6
iifname “wlp2s0” jump mangle_PRE_public
iifname “wlp2s0” return
jump mangle_PRE_policy_allow-host-ipv6
jump mangle_PRE_public
return
}chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
jump nat_PREROUTING_POLICIES
}chain nat_PREROUTING_POLICIES {
iifname “docker0” jump nat_PRE_policy_allow-host-ipv6
iifname “docker0” jump nat_PRE_docker
iifname “docker0” return
iifname “eth0” jump nat_PRE_policy_allow-host-ipv6
iifname “eth0” jump nat_PRE_home
iifname “eth0” return
iifname “wlp2s0” jump nat_PRE_policy_allow-host-ipv6
iifname “wlp2s0” jump nat_PRE_public
iifname “wlp2s0” return
jump nat_PRE_policy_allow-host-ipv6
jump nat_PRE_public
return
}
…
感觉是这部分导致的,应该是 docker 异常关闭导致的问题,跳板似乎没有释放
Eaton:/ # neofetch
… eaton@EatonOS: openSUSE Tumbleweed x86_64
Host: G1618-04
Kernel: 6.6.3-1-default
Uptime: 4 days, 2 hours, 22 mins
Packages: 3575 (rpm)
Shell: bash 5.2.21
Resolution: 2560x1440
DE: Xfce 4.18
WM: Xfwm4
Theme: Adwaita [GTK2/3]
Icons: Adwaita [GTK2/3]
Terminal: xfce4-terminal
Terminal Font: Monospace 12
CPU: AMD Ryzen 7 6800U with Radeon Graphics (16) @ 4.768GHz
GPU: AMD ATI Radeon 680M
Memory: 3236MiB / 27839MiB
此前未关闭此 docker 直接关机了,然后断网了
Eaton:/home/eaton/Services/clash # docker-compose up -d
[+] Building 0.0s (0/0) docker:default
[+] Running 1/1
Container clash Started 0.1s
Eaton:/home/eaton/Services/clash # docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
53b39808db46 ghcr.io/dreamacro/clash “/clash” 5 seconds ago Up 4 seconds 0.0.0.0:7890-7891->7890-7891/tcp, :::7890-7891->7890-7891/tcp, 0.0.0.0:9090->9090/tcp, :::9090->9090/tcp clash
Eaton:/home/eaton/Services/clash #
Eaton:/ # host baidu.com
baidu.com has address 39.156.66.10
baidu.com has address 110.242.68.66
baidu.com mail is handled by 20 jpmx.baidu.com.
baidu.com mail is handled by 20 mx1.baidu.com.
baidu.com mail is handled by 10 mx.maillb.baidu.com.
baidu.com mail is handled by 15 mx.n.shifen.com.
baidu.com mail is handled by 20 usmx01.baidu.com.
baidu.com mail is handled by 20 mx50.baidu.com.
Eaton:/ # nslookup
server
Default server: 192.168.31.1
Address: 192.168.31.1#53
Default server: fe80::26cf:24ff:feba:4854%2%2
Address: fe80::26cf:24ff:feba:4854%2#53
exit
Eaton:/ # cat /etc/resolv.conf
Generated by NetworkManager
nameserver 192.168.31.1
nameserver fe80::26cf:24ff:feba:4854%wlp2s0
Eaton:/ # nmcli g
STATE CONNECTIVITY Wi-Fi-HW Wi-Fi WWAN-HW WWAN
已连接(仅站点)受限 已启用 已启用 missing 已启用
Eaton:/ # nmcli c s
NAME UUID TYPE DEVICE
1805-5G 6120ee67-a8df-4edd-a627-8f6dfe4cc55d Wi-Fi wlp2s0
lan ee616260-9f6f-3cfd-9455-09956ccc6f24 ethernet eth0
lo 8dde8df4-5180-4c5d-b691-2582a268b80b loopback lo
docker0 885c658a-c33f-4802-b669-cc763bd35183 bridge docker0
1805 ca1a3fe2-d717-4def-b2cf-da257f796ecc Wi-Fi –
EATONS_MATE 5564 650388d9-55b7-436c-abcd-892c2ba46b5a Wi-Fi –
GTREATON 9757 b7813c93-0d5b-4832-b105-203269d5a599 Wi-Fi –
Eaton:/ # nmcli c s 1805-5G
connection.id: 1805-5G
connection.uuid: 6120ee67-a8df-4edd-a627-8f6dfe4cc55d
connection.stable-id: –
connection.type: 802-11-wireless
connection.interface-name: wlp2s0
connection.autoconnect: 是
connection.autoconnect-priority: 50
connection.autoconnect-retries: -1 (default)
connection.multi-connect: 0(default)
connection.auth-retries: -1
connection.timestamp: 1702195366
connection.permissions: –
connection.zone: public
connection.master: –
connection.slave-type: –
connection.autoconnect-slaves: -1(default)
connection.secondaries: –
connection.gateway-ping-timeout: 0
connection.metered: 未知
connection.lldp: default
connection.mdns: -1(default)
connection.llmnr: -1(default)
connection.dns-over-tls: -1(default)
connection.mptcp-flags: 0x0(default)
connection.wait-device-timeout: -1
connection.wait-activation-delay: -1
802-11-wireless.ssid: 1805-5G
802-11-wireless.mode: infrastructure
802-11-wireless.band: –
802-11-wireless.channel: 0
802-11-wireless.bssid: –
802-11-wireless.mac-address: –
802-11-wireless.cloned-mac-address: –
802-11-wireless.generate-mac-address-mask:–
802-11-wireless.mac-address-blacklist: –
802-11-wireless.mac-address-randomization:default
802-11-wireless.mtu: 自动
802-11-wireless.seen-bssids: 24:CF:24:BA:48:28,24:CF:24:BA:48:55
802-11-wireless.hidden: 否
802-11-wireless.powersave: 0(default)
lines 1-40
Eaton:/ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 14:75:5b:c0:4c:cf brd ff:ff:ff:ff:ff:ff
inet 192.168.31.234/24 brd 192.168.31.255 scope global dynamic noprefixroute wlp2s0
valid_lft 39877sec preferred_lft 39877sec
inet6 fd00:6868:6868:0:c9c8:9a90:8e0f:247d/64 scope global temporary deprecated dynamic
valid_lft 402610sec preferred_lft 0sec
inet6 fd00:6868:6868::73a/128 scope global dynamic noprefixroute
valid_lft 39879sec preferred_lft 39879sec
inet6 fd00:6868:6868:0:6ace:79fe:49a2:1fad/64 scope global temporary deprecated dynamic
valid_lft 316437sec preferred_lft 0sec
inet6 fd00:6868:6868:0:d34b:a691:5bbe:afc1/64 scope global mngtmpaddr noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::d84a:8a8:1b01:2cb3/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:0c:ed:01:4d brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:e0:4c:68:00:5b brd ff:ff:ff:ff:ff:ff
altname enp116s0f3u1u2u3
inet 169.254.111.16/16 brd 169.254.255.255 scope link noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::f1ea:61c0:30a2:ff7b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
Eaton:/ # firewall-cmd --list-all
public (default, active)
target: default
ingress-priority: 0
egress-priority: 0
icmp-block-inversion: no
interfaces: wlp2s0
sources:
services: dhcpv6-client SSH
ports: 5432/tcp
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Eaton:/ # lsof -nPi :53
Eaton:/ #
这是啥,从没有见过的报错……strace ping baidu.com 看看?
是 nftables 后端,所以要看 nft 命令的输出。
不是。出站流量和 prerouting 没啥关系。
请使用代码块(而不是引用块)来贴命令的输出,不然格式会乱掉。过长的文本可以找个 pastebin 来贴,比如 fars.ee。
学到了 fars.ee 的使用,但那台电脑无法联网。暂时保存为 txt 了,您可以改后缀 log
systemctl stop NSCD
stopNSCD.txt (12.8 KB)
nft list ruleset
nftListRulest.txt (17.5 KB)
看一下 /etc/host.conf 和 /etc/resolv.conf 的内容。
Eaton:/home/eaton # cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 192.168.31.1
nameserver fe80::26cf:24ff:feba:4854%wlp2s0
Eaton:/home/eaton # cat /etc/host.conf
#
# /etc/host.conf - resolver configuration file
#
# Please read the manual page host.conf(5) for more information.
#
multi on
Eaton:/home/eaton #
如楼上 