如何在 Linux 上为本地主机打开端口?

如何在 Linux 上为本地主机打开端口?

过去一个小时我一直在阅读有关在 Ubuntu 12.04 上打开端口的信息,但似乎什么都没做。我正在运行一个程序,该程序使用 RPC 服务器接受 localhost (127.0.0.1) 上的本地连接,该服务器允许 IP 范围192.168.*.*

我尝试编辑 iptables 以允许传入连接,但无论我做什么,curl 仍然无法连接到 RPC 服务器。

$ sudo iptables -A INPUT -i eth0 -p tcp --dport 18332 -j ACCEPT
$ nmap -v -sT localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-13 05:54 UTC
Initiating Ping Scan at 05:54
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 05:54, 0.00s elapsed (1 total hosts)
Initiating Connect Scan at 05:54
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 21/tcp on 127.0.0.1
Discovered open port 3389/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Completed Connect Scan at 05:54, 0.05s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00060s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
3306/tcp open  mysql
3389/tcp open  ms-term-serv

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
$ sudo iptables -A INPUT -i eth0 -p tcp --dport 18332 -m state --state NEW,ESTABLISHED -j ACCEPT
$ sudo iptables -A OUTPUT -o eth0 -p tcp --sport 18332 -m state --state ESTABLISHED -j ACCEPT
$ !nmap
nmap -v -sT localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-13 05:57 UTC
Initiating Ping Scan at 05:57
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 05:57, 0.00s elapsed (1 total hosts)
Initiating Connect Scan at 05:57
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 21/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 3389/tcp on 127.0.0.1
Discovered open port 80/tcp on 127.0.0.1
Completed Connect Scan at 05:57, 0.05s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00072s latency).
Not shown: 995 closed ports
PORT     STATE SERVICE
21/tcp   open  ftp
22/tcp   open  ssh
80/tcp   open  http
3306/tcp open  mysql
3389/tcp open  ms-term-serv

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds

以下是 curl 的输出:

$ curl --user uname:upass --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' http://127.0.0.1:18332/
% Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
Dload  Upload   Total   Spent    Left  Speed
0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) couldn't connect to host

答案1

为了调试该问题,您可能需要提供 iptables 防火墙规则的副本 - 类似 /sbin/iptables -vnL 之类的东西就足够了。

我怀疑你的防火墙的最后一条规则是“丢弃所有内容”。你添加的规则被附加到此规则之后的表末尾,因此没有执行。不要以“sudo iptables -A”开头编写规则,而是尝试使用“sudo iptables -I”将规则插入顶部。

此外,如果您尝试连接到 localhost,则命令 sudo“iptables -A INPUT -i eth0 -p tcp --dport 18332 -j ACCEPT”存在缺陷。您指定了“-i eth0”,这意味着以太网设备。Localhost 使用特殊的“lo”设备。您最好省略“-i eth0”参数,以便它适用于所有接口。

出于类似的原因,您的语句“(127.0.0.1)”允许 IP 范围 192.168。 ” 是有缺陷的,因为 192.168.永远不会匹配到 127.0.0.1 的路由,因为源 IP 地址将是绑定到 127.0.0.1 的接口“lo”。

相关内容