我有一个 Ubuntu 服务器,但有一些奇怪的事情我无法理解。
我无法通过 IP 地址 ping 到服务器,但可以 ssh 到它。我可以通过命令行访问服务器内部的apache服务器,但无法在Windows浏览器中访问。
我现在需要检查什么样的设置?
答案1
您可以使用以下工具调试问题:
运行
wireshark
ortcpdump
并检查 HTTP 请求是否到达服务器。使用
tcptraceroute
$ tcptraceroute "webserver-ip" 80
可能的情况是网络服务器仅在本地主机(127.0.0.1)上侦听,而不是在所有接口(0.0.0.0)上侦听
$ sudo netstat -taupen | grep LISTEN
使用以下命令检查 iptables 规则
$ sudo iptables -nvL
检查 SELinux 的状态,它也充当防火墙。
$ sudo sestatus
答案2
您可能有防火墙规则阻止访问。检查 的输出
iptables -L
。也许除了 ssh 之外一切都被阻止了。这些服务可能没有在正确的接口或端口上侦听。检查 的输出
netstat -ntl
。
如果这些命令不能帮助解决问题,请在您的问题中添加它们的输出。还添加 的输出ifconfig
。
答案3
我也有这个问题。以下是上述命令的一些输出
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
IP 表输出:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
答案4
您可能需要使用firewalld 允许某些端口或服务,例如http。
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload