过去一个小时我一直在阅读有关在 Ubuntu 12.04 上打开端口的信息,但似乎什么都没做。我正在运行一个程序,该程序使用 RPC 服务器接受 localhost (127.0.0.1) 上的本地连接,该服务器允许 IP 范围192.168.*.*
我尝试编辑 iptables 以允许传入连接,但无论我做什么,curl 仍然无法连接到 RPC 服务器。
$ sudo iptables -A INPUT -i eth0 -p tcp --dport 18332 -j ACCEPT
$ nmap -v -sT localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-13 05:54 UTC
Initiating Ping Scan at 05:54
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 05:54, 0.00s elapsed (1 total hosts)
Initiating Connect Scan at 05:54
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 80/tcp on 127.0.0.1
Discovered open port 21/tcp on 127.0.0.1
Discovered open port 3389/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Completed Connect Scan at 05:54, 0.05s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00060s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
3389/tcp open ms-term-serv
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
$ sudo iptables -A INPUT -i eth0 -p tcp --dport 18332 -m state --state NEW,ESTABLISHED -j ACCEPT
$ sudo iptables -A OUTPUT -o eth0 -p tcp --sport 18332 -m state --state ESTABLISHED -j ACCEPT
$ !nmap
nmap -v -sT localhost
Starting Nmap 5.21 ( http://nmap.org ) at 2013-07-13 05:57 UTC
Initiating Ping Scan at 05:57
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 05:57, 0.00s elapsed (1 total hosts)
Initiating Connect Scan at 05:57
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 21/tcp on 127.0.0.1
Discovered open port 3306/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 3389/tcp on 127.0.0.1
Discovered open port 80/tcp on 127.0.0.1
Completed Connect Scan at 05:57, 0.05s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00072s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
3389/tcp open ms-term-serv
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
以下是 curl 的输出:
$ curl --user uname:upass --data-binary '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }' -H 'content-type: text/plain;' http://127.0.0.1:18332/
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0curl: (7) couldn't connect to host
答案1
为了调试该问题,您可能需要提供 iptables 防火墙规则的副本 - 类似 /sbin/iptables -vnL 之类的东西就足够了。
我怀疑你的防火墙的最后一条规则是“丢弃所有内容”。你添加的规则被附加到此规则之后的表末尾,因此没有执行。不要以“sudo iptables -A”开头编写规则,而是尝试使用“sudo iptables -I”将规则插入顶部。
此外,如果您尝试连接到 localhost,则命令 sudo“iptables -A INPUT -i eth0 -p tcp --dport 18332 -j ACCEPT”存在缺陷。您指定了“-i eth0”,这意味着以太网设备。Localhost 使用特殊的“lo”设备。您最好省略“-i eth0”参数,以便它适用于所有接口。
出于类似的原因,您的语句“(127.0.0.1)”允许 IP 范围 192.168。。 ” 是有缺陷的,因为 192.168.。永远不会匹配到 127.0.0.1 的路由,因为源 IP 地址将是绑定到 127.0.0.1 的接口“lo”。