[求助] 服务器不回包

eno1 网卡: 192.168.224.75/24 gateway 192.168.224.1
eno2 网卡: 192.168.224.78/24 gateway 192.168.224.1

注：192.168.224.0/24 这个网段中的其他服务器可以和 75 ，78 通信，除了这台服务器，其他服务器都是正常的。

当两张网卡默认存在于 net namespace 1 中时，两个 IP 都 ping 不通，tcpdump 抓包内容：

[root@xxx ~]# tcpdump -i eno1 -vnn net 192.168.94.6
tcpdump: listening on eno1, link-type EN10MB (Ethernet), capture size 262144 bytes
18:45:13.245791 IP (tos 0x0, ttl 126, id 28955, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.94.6 > 192.168.224.75: ICMP echo request, id 1, seq 1705, length 40
18:45:17.937767 IP (tos 0x0, ttl 126, id 28956, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.94.6 > 192.168.224.75: ICMP echo request, id 1, seq 1706, length 40
18:45:22.953575 IP (tos 0x0, ttl 126, id 28957, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.94.6 > 192.168.224.75: ICMP echo request, id 1, seq 1707, length 40
18:45:27.938774 IP (tos 0x0, ttl 126, id 28958, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.94.6 > 192.168.224.75: ICMP echo request, id 1, seq 1708, length 40

当我将 eno2 网卡移动到 eno2_ns 这个 net namespace 中，并配置同样的 IP 掩码 网关，这时 ping 通了； tcpdump 抓包正常：

eno2_ns 配置命令：

ip netns add eno2_ns
ip link set eno2 netns eno2_ns
ip netns exec eno2_ns ip addr add 192.168.224.78/24 dev eno2
ip netns exec eno2_ns ip link set eno2 up
ip netns exec eno2_ns ip route add default via 192.168.224.1 dev eno2

[root@xxx ~]# ip netns exec eno2_ns tcpdump -i eno2 -vnn net 192.168.94.0/24
tcpdump: listening on eno2, link-type EN10MB (Ethernet), capture size 262144 bytes
18:42:20.825581 IP (tos 0x0, ttl 126, id 43528, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.94.6 > 192.168.224.78: ICMP echo request, id 1, seq 1702, length 40
18:42:20.825607 IP (tos 0x0, ttl 64, id 25682, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.224.78 > 192.168.94.6: ICMP echo reply, id 1, seq 1702, length 40
18:42:21.828006 IP (tos 0x0, ttl 126, id 43529, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.94.6 > 192.168.224.78: ICMP echo request, id 1, seq 1703, length 40
18:42:21.828029 IP (tos 0x0, ttl 64, id 25975, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.224.78 > 192.168.94.6: ICMP echo reply, id 1, seq 1703, length 40
18:42:22.839668 IP (tos 0x0, ttl 126, id 43530, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.94.6 > 192.168.224.78: ICMP echo request, id 1, seq 1704, length 40
18:42:22.839693 IP (tos 0x0, ttl 64, id 26840, offset 0, flags [none], proto ICMP (1), length 60)
    192.168.224.78 > 192.168.94.6: ICMP echo reply, id 1, seq 1704, length 40

我的 iptables 规则（没有手动加入过任何 rule ）

[root@slave1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (4 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (4 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere   

这是 eno1 （ 75 ）的路由表，默认 net namespace

[root@xxx ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.224.1   0.0.0.0         UG    103    0        0 eno1
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.31.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-365a3019eb39
192.168.48.0    0.0.0.0         255.255.240.0   U     0      0        0 br-f1d200423436
192.168.80.0    0.0.0.0         255.255.240.0   U     0      0        0 br-1a27f3be7f55
192.168.224.0   0.0.0.0         255.255.255.0   U     103    0        0 eno1

问题 1. 这是否可以断定为这台服务器配置不恰当引起的？ 问题 2. 如果是配置不当引起，还可以从哪方面入手？