无法访问 Web 服务器,但可以通过 ssh 访问它

无法访问 Web 服务器,但可以通过 ssh 访问它

我有一个 Ubuntu 服务器,但有一些奇怪的事情我无法理解。

我无法通过 IP 地址 ping 到服务器,但可以 ssh 到它。我可以通过命令行访问服务器内部的apache服务器,但无法在Windows浏览器中访问。

我现在需要检查什么样的设置?

答案1

您可以使用以下工具调试问题:

  1. 运行wiresharkortcpdump并检查 HTTP 请求是否到达服务器。

  2. 使用tcptraceroute

    $ tcptraceroute "webserver-ip" 80

  3. 可能的情况是网络服务器仅在本地主机(127.0.0.1)上侦听,而不是在所有接口(0.0.0.0)上侦听

    $ sudo netstat -taupen | grep LISTEN

  4. 使用以下命令检查 iptables 规则

    $ sudo iptables -nvL

  5. 检查 SELinux 的状态,它也充当防火墙。

    $ sudo sestatus

答案2

  1. 您可能有防火墙规则阻止访问。检查 的输出iptables -L。也许除了 ssh 之外一切都被阻止了。

  2. 这些服务可能没有在正确的接口或端口上侦听。检查 的输出netstat -ntl

如果这些命令不能帮助解决问题,请在您的问题中添加它们的输出。还添加 的输出ifconfig

答案3

我也有这个问题。以下是上述命令的一些输出

# netstat -taupen | grep LISTEN
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      0          19239      2490/smbd
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      0          19149      2475/perl
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          18616      1241/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          20281      2487/master
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          19238      2490/smbd
tcp6       0      0 :::8009                 :::*                    LISTEN      91         19311      1247/java
tcp6       0      0 :::139                  :::*                    LISTEN      0          19237      2490/smbd
tcp6       0      0 :::80                   :::*                    LISTEN      0          163453     4050/httpd
tcp6       0      0 :::8080                 :::*                    LISTEN      91         19310      1247/java
tcp6       0      0 :::21                   :::*                    LISTEN      0          19479      1282/vsftpd
tcp6       0      0 :::22                   :::*                    LISTEN      0          18618      1241/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      0          20282      2487/master
tcp6       0      0 :::445                  :::*                    LISTEN      0          19236      2490/smbd
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      91         20467      1247/java

# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp6       0      0 :::8009                 :::*                    LISTEN
tcp6       0      0 :::139                  :::*                    LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::8080                 :::*                    LISTEN
tcp6       0      0 :::21                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
tcp6       0      0 :::445                  :::*                    LISTEN
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN

IP 表输出:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
FORWARD_direct  all  --  anywhere             anywhere
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_IN_ZONES  all  --  anywhere             anywhere
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_OUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  --  anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_internal  all  --  anywhere             anywhere            [goto]
FWDI_internal  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_internal  all  --  anywhere             anywhere            [goto]
FWDO_internal  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_internal (2 references)
target     prot opt source               destination
FWDI_internal_log  all  --  anywhere             anywhere
FWDI_internal_deny  all  --  anywhere             anywhere
FWDI_internal_allow  all  --  anywhere             anywhere

Chain FWDI_internal_allow (1 references)
target     prot opt source               destination

Chain FWDI_internal_deny (1 references)
target     prot opt source               destination

Chain FWDI_internal_log (1 references)
target     prot opt source               destination

Chain FWDO_internal (2 references)
target     prot opt source               destination
FWDO_internal_log  all  --  anywhere             anywhere
FWDO_internal_deny  all  --  anywhere             anywhere
FWDO_internal_allow  all  --  anywhere             anywhere

Chain FWDO_internal_allow (1 references)
target     prot opt source               destination

Chain FWDO_internal_deny (1 references)
target     prot opt source               destination

Chain FWDO_internal_log (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_internal  all  --  anywhere             anywhere            [goto]
IN_internal  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_internal (2 references)
target     prot opt source               destination
IN_internal_log  all  --  anywhere             anywhere
IN_internal_deny  all  --  anywhere             anywhere
IN_internal_allow  all  --  anywhere             anywhere

Chain IN_internal_allow (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipp ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ns ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target     prot opt source               destination

Chain IN_internal_log (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
FORWARD_direct  all  --  anywhere             anywhere
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_IN_ZONES  all  --  anywhere             anywhere
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_OUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  --  anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_internal  all  --  anywhere             anywhere            [goto]
FWDI_internal  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_internal  all  --  anywhere             anywhere            [goto]
FWDO_internal  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_internal (2 references)
target     prot opt source               destination
FWDI_internal_log  all  --  anywhere             anywhere
FWDI_internal_deny  all  --  anywhere             anywhere
FWDI_internal_allow  all  --  anywhere             anywhere

Chain FWDI_internal_allow (1 references)
target     prot opt source               destination

Chain FWDI_internal_deny (1 references)
target     prot opt source               destination

Chain FWDI_internal_log (1 references)
target     prot opt source               destination

Chain FWDO_internal (2 references)
target     prot opt source               destination
FWDO_internal_log  all  --  anywhere             anywhere
FWDO_internal_deny  all  --  anywhere             anywhere
FWDO_internal_allow  all  --  anywhere             anywhere

Chain FWDO_internal_allow (1 references)
target     prot opt source               destination

Chain FWDO_internal_deny (1 references)
target     prot opt source               destination

Chain FWDO_internal_log (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_internal  all  --  anywhere             anywhere            [goto]
IN_internal  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_internal (2 references)
target     prot opt source               destination
IN_internal_log  all  --  anywhere             anywhere
IN_internal_deny  all  --  anywhere             anywhere
IN_internal_allow  all  --  anywhere             anywhere

Chain IN_internal_allow (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipp ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ns ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target     prot opt source               destination

Chain IN_internal_log (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination

答案4

您可能需要使用firewalld 允许某些端口或服务,例如http。

sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload

相关内容