我在 Windows 2008 R2 标准服务器 (64 位) 上设置了 VirtualBox。在 VirtualBox 中,我运行 CentOS 6.3。我已设置了桥接网络和静态 IP 地址。一切正常,我可以 ping 通客户端,也可以从客户端 ping 通外部。我还可以通过 SSH 进入虚拟机。
但是,我无法访问客户端中运行的任何其他服务。
这里有一些奇怪的东西,ping:
> ping -c 2 192.168.218.23
PING 192.168.218.23 (192.168.218.23) 56(84) bytes of data.
64 bytes from 192.168.218.23: icmp_req=1 ttl=62 time=45.7 ms
64 bytes from 192.168.218.23: icmp_req=2 ttl=62 time=41.6 ms
和 nmap:
> nmap 192.168.218.23
Starting Nmap 5.21 ( http://nmap.org ) at 2012-09-07 15:28 CEST
Note: Host seems down. If it is really up, but blocking our ping probes, try -PN
Nmap done: 1 IP address (0 hosts up) scanned in 0.09 seconds
和 nmap -PN:
> nmap 192.168.218.23 -PN
Starting Nmap 5.21 ( http://nmap.org ) at 2012-09-07 15:28 CEST
Nmap scan report for vub-backup-02v.zentrale.vpn.vub.de (192.168.218.23)
Host is up (0.53s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 73.36 seconds
另一个 nmap 版本:
# nmap 192.168.218.23
Starting Nmap 5.51 ( http://nmap.org ) at 2012-09-07 15:32 CEST
Nmap scan report for 192.168.218.23
Host is up (0.0010s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 4.93 seconds
但是这是客户端虚拟机的网络状态:
# netstat -ltpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1081/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1431/sshd
tcp 0 0 0.0.0.0:8983 0.0.0.0:* LISTEN 3059/java
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1240/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1507/master
tcp 0 0 0.0.0.0:35071 0.0.0.0:* LISTEN 1099/rpc.statd
tcp 0 0 :::57196 :::* LISTEN 1099/rpc.statd
tcp 0 0 :::111 :::* LISTEN 1081/rpcbind
tcp 0 0 :::22 :::* LISTEN 1431/sshd
tcp 0 0 ::1:631 :::* LISTEN 1240/cupsd
tcp 0 0 ::1:25 :::* LISTEN 1507/master
那么为什么我无法从外部访问端口 8983 或 111?
答案1
Stefan,根据我的经验,最可能的原因是 iptables 防火墙已打开,默认设置为 REJECT ALL。您需要关闭防火墙或打开端口以允许流量通过。默认防火墙规则允许 SSH。以下是 CentOS 的 iptables 默认设置:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
我建议您首先使用以下方法禁用防火墙
/sbin/service iptables stop
然后尝试再次访问服务。如果成功,请将以下规则添加到 iptables:
/sbin/iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 8983 -j ACCEPT
/sbin/iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
并使用重新启动防火墙
/sbin/service iptables start
笔记:如果您使用端口 111 进行 RPC(它是 RPC 端口映射器的标准端口),则需要查看以下内容并进行适当的更改:第 30 章:sysconfig 目录 /etc/sysconfig/nfs
如果它不起作用,Windows 防火墙可能会阻止流量。