剧情引入[/doge]
某日闲来无聊监控服务器时发现一台机子掉线了,起初以为被GFW给墙了,吓得我赶紧用ping.pe
测一下,
结果全是红,我意识到可能是机子出问题了。
遂登录服务商控制面板,发现机子显示在线,使用网页VNC登录执行
ifconfig #查看网卡
我淦,我网卡呢?,怎么只剩一个loopback了
然后尝试重启机器和网络服务,发现
使用systemctl status networking
查看服务状态发现缺失iptables-restore
命令
???近期都没登录机子iptables咋就坏掉了
下面开始修复
设置机子进入救援模式(服务商有这个选项,如果没有就没办法了,本地虚拟机请自行百度)
救援模式有网络连接,使用ssh连接到机子
更新一下软件源并检查wget
apt-get update
apt-get install wget
挂载系统
mount /dev/vda1 /mnt #PS:你的源系统可能不是vda1,以实际为准
ls /mnt/usr/sbin|grep iptables #发现确实找不到iptables-restore
打开网站https://packages.debian.org/
搜索iptables
选择需要的版本右键复制下载链接
使用wget下载到本地
cd /mnt/home/
wget http://ftp.us.debian.org/debian/pool/main/i/iptables/iptables_1.8.7-1_amd64.deb #不要无脑复制,请以实际为准
使用dpkg
命令安装到指定rootfs
dpkg --root=/mnt -i iptables_1.8.7-1_amd64.deb
发现报错,用户缺失
为当前救援模式添加用户crontab
useradd crontab #请以实际为准
再次安装iptables
发现报错,缺失依赖关系
遂手动检查并下载依赖,然后再一个一个安装测试
rescue # dpkg --root=/mnt -i libc6_2.31-13+deb11u2_amd64.deb
(Reading database ... 30993 files and directories currently installed.)
Preparing to unpack libc6_2.31-13+deb11u2_amd64.deb ...
Unpacking libc6:amd64 (2.31-13+deb11u2) over (2.31-13+deb11u2) ...
Setting up libc6:amd64 (2.31-13+deb11u2) ...
Processing triggers for libc-bin (2.31-13+deb11u2) ...
rescue # dpkg --root=/mnt -i iptables_1.8.7-1_amd64.deb
(Reading database ... 30993 files and directories currently installed.)
Preparing to unpack iptables_1.8.7-1_amd64.deb ...
Unpacking iptables (1.8.7-1) over (1.8.7-1) ...
dpkg: dependency problems prevent configuration of iptables:
iptables depends on libip6tc2 (= 1.8.7-1); however:
Package libip6tc2 is not installed.
iptables depends on libnetfilter-conntrack3 (>= 1.0.8); however:
Package libnetfilter-conntrack3 is not installed.
iptables depends on libnfnetlink0; however:
Package libnfnetlink0 is not installed.
dpkg: error processing package iptables (--install):
dependency problems - leaving unconfigured
Processing triggers for man-db (2.9.4-2) ...
Errors were encountered while processing:
iptables
rescue # dpkg --root=/mnt -i libip6tc2_1.8.7-1_amd64.deb
Selecting previously unselected package libip6tc2:amd64.
(Reading database ... 30993 files and directories currently installed.)
Preparing to unpack libip6tc2_1.8.7-1_amd64.deb ...
Unpacking libip6tc2:amd64 (1.8.7-1) ...
Setting up libip6tc2:amd64 (1.8.7-1) ...
Processing triggers for libc-bin (2.31-13+deb11u2) ...
rescue # dpkg --root=/mnt -i iptables_1.8.7-1_amd64.deb
(Reading database ... 30999 files and directories currently installed.)
Preparing to unpack iptables_1.8.7-1_amd64.deb ...
Unpacking iptables (1.8.7-1) over (1.8.7-1) ...
dpkg: dependency problems prevent configuration of iptables:
iptables depends on libnetfilter-conntrack3 (>= 1.0.8); however:
Package libnetfilter-conntrack3 is not installed.
iptables depends on libnfnetlink0; however:
Package libnfnetlink0 is not installed.
dpkg: error processing package iptables (--install):
dependency problems - leaving unconfigured
Processing triggers for man-db (2.9.4-2) ...
Errors were encountered while processing:
iptables
rescue # wget http://ftp.us.debian.org/debian/pool/main/libn/libnetfilter-conntrack/libnetfilter-conntrack3_1.0.8-3_amd64.deb
--2022-02-09 04:53:06-- http://ftp.us.debian.org/debian/pool/main/libn/libnetfilter-conntrack/libnetfilter-conntrack3_1.0.8-3_amd64.deb
Resolving ftp.us.debian.org (ftp.us.debian.org)... 64.50.236.52, 64.50.233.100, 208.80.154.139, ...
Connecting to ftp.us.debian.org (ftp.us.debian.org)|64.50.236.52|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 40640 (40K)
Saving to: ‘libnetfilter-conntrack3_1.0.8-3_amd64.deb’
libnetfilter-conntrack3_1.0.8-3_amd64.deb 100%[=====================================================================================>] 39.69K --
2022-02-09 04:53:06 (929 KB/s) - ‘libnetfilter-conntrack3_1.0.8-3_amd64.deb’ saved [40640/40640]
rescue # dpkg --root=/mnt -i libnetfilter-conntrack3_1.0.8-3_amd64.deb
Selecting previously unselected package libnetfilter-conntrack3:amd64.
(Reading database ... 30999 files and directories currently installed.)
Preparing to unpack libnetfilter-conntrack3_1.0.8-3_amd64.deb ...
Unpacking libnetfilter-conntrack3:amd64 (1.0.8-3) ...
dpkg: dependency problems prevent configuration of libnetfilter-conntrack3:amd64:
libnetfilter-conntrack3:amd64 depends on libnfnetlink0; however:
Package libnfnetlink0 is not installed.
dpkg: error processing package libnetfilter-conntrack3:amd64 (--install):
dependency problems - leaving unconfigured
Processing triggers for libc-bin (2.31-13+deb11u2) ...
Errors were encountered while processing:
libnetfilter-conntrack3:amd64
rescue # wget http://ftp.us.debian.org/debian/pool/main/libn/libnfnetlink/libnfnetlink0_1.0.1-3+b1_amd64.deb
--2022-02-09 04:53:36-- http://ftp.us.debian.org/debian/pool/main/libn/libnfnetlink/libnfnetlink0_1.0.1-3+b1_amd64.deb
Resolving ftp.us.debian.org (ftp.us.debian.org)... 64.50.236.52, 208.80.154.139, 64.50.233.100, ...
Connecting to ftp.us.debian.org (ftp.us.debian.org)|64.50.236.52|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13908 (14K)
Saving to: ‘libnfnetlink0_1.0.1-3+b1_amd64.deb’
libnfnetlink0_1.0.1-3+b1_amd64.deb 100%[=====================================================================================>] 13.58K --
2022-02-09 04:53:36 (86.1 MB/s) - ‘libnfnetlink0_1.0.1-3+b1_amd64.deb’ saved [13908/13908]
rescue # dpkg --root=/mnt -i libnfnetlink0_1.0.1-3+b1_amd64.deb
Selecting previously unselected package libnfnetlink0:amd64.
(Reading database ... 31004 files and directories currently installed.)
Preparing to unpack libnfnetlink0_1.0.1-3+b1_amd64.deb ...
Unpacking libnfnetlink0:amd64 (1.0.1-3+b1) ...
Setting up libnfnetlink0:amd64 (1.0.1-3+b1) ...
Processing triggers for libc-bin (2.31-13+deb11u2) ...
rescue # dpkg --root=/mnt -i libnetfilter-conntrack3_1.0.8-3_amd64.deb
(Reading database ... 31010 files and directories currently installed.)
Preparing to unpack libnetfilter-conntrack3_1.0.8-3_amd64.deb ...
Unpacking libnetfilter-conntrack3:amd64 (1.0.8-3) over (1.0.8-3) ...
Setting up libnetfilter-conntrack3:amd64 (1.0.8-3) ...
Processing triggers for libc-bin (2.31-13+deb11u2) ...
rescue # dpkg --root=/mnt -i iptables_1.8.7-1_amd64.deb
(Reading database ... 31010 files and directories currently installed.)
Preparing to unpack iptables_1.8.7-1_amd64.deb ...
Unpacking iptables (1.8.7-1) over (1.8.7-1) ...
Setting up iptables (1.8.7-1) ...
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-legacy to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/iptables-nft to provide /usr/sbin/iptables (iptables) in auto mode
update-alternatives: using /usr/sbin/ip6tables-nft to provide /usr/sbin/ip6tables (ip6tables) in auto mode
update-alternatives: using /usr/sbin/arptables-nft to provide /usr/sbin/arptables (arptables) in auto mode
update-alternatives: using /usr/sbin/ebtables-nft to provide /usr/sbin/ebtables (ebtables) in auto mode
Processing triggers for man-db (2.9.4-2) ...
成功安装iptables
使用命令检查是否存在iptables-restore
rescue # pwd
/mnt/home
rescue # ls /mnt/usr/sbin/|grep iptables
iptables
iptables-apply
iptables-legacy
iptables-legacy-restore
iptables-legacy-save
iptables-nft
iptables-nft-restore
iptables-nft-save
iptables-restore
iptables-restore-translate
iptables-save
iptables-translate
OK!退出救援模式重启机子,并使用WebVNC连接
网卡回来了,机子上线
至此,修复完毕,至于为什么丢失iptables命令,有待研究
Q.E.D.