我们目前有三个网络服务器。
服务器一和服务器二运行正常,但是第三服务器却出现了问题。
wget
,curl
并且yum
都无法建立连接 - 也就是说,它们在解析主机并尝试连接后全部挂起。
示例(我尝试过许多不同的 URL):
# wget http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html
--2010-09-02 20:00:26-- http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html
Resolving rpm.pbone.net... 85.14.85.4
Connecting to rpm.pbone.net|85.14.85.4|:80...
... 悬挂
# curl -v http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html
* About to connect() to rpm.pbone.net port 80
* Trying 85.14.85.4...
... 悬挂
#yum -d9 update
Loading "fastestmirror" plugin
Config time: 0.052
Running "init" handler for "fastestmirror" plugin
Yum Version: 3.2.22
COMMAND: yum -d9 update
Installroot: /
Setting up Package Sacks
Running "postreposetup" handler for "fastestmirror" plugin
Loading mirror speeds from cached hostfile
... 悬挂
但:
# ping rpm.pbone.net
PING gepard.pbone.net (85.14.85.4) 56(84) bytes of data.
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=1 ttl=49 time=449 ms
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=2 ttl=49 time=448 ms
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=3 ttl=49 time=444 ms
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=4 ttl=49 time=445 ms
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=5 ttl=49 time=457 ms
我远非服务器专家,有人能指点一下从哪里开始解决这个问题吗?
编辑:
# netstat -lan | egrep LISTEN
tcp 0 0 0.0.0.0:941 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 :::80 :::* LISTEN
tcp 0 0 :::22 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 7451 /tmp/.font-unix/fs7100
unix 2 [ ACC ] STREAM LISTENING 7678 @/tmp/fam-root-
unix 2 [ ACC ] STREAM LISTENING 5824 @/var/run/hald/dbus-3hUBzR5e9e
unix 2 [ ACC ] STREAM LISTENING 5087 /var/run/audispd_events
unix 2 [ ACC ] STREAM LISTENING 5825 @/var/run/hald/dbus-rDLe61j4bM
unix 2 [ ACC ] STREAM LISTENING 5545 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 5616 /var/run/sdp
unix 2 [ ACC ] STREAM LISTENING 5749 /var/run/pcscd.comm
unix 2 [ ACC ] STREAM LISTENING 5782 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 7075 /var/run/cups/cups.sock
unix 2 [ ACC ] STREAM LISTENING 7585 /var/run/avahi-daemon/socket
unix 2 [ ACC ] STREAM LISTENING 7389 /dev/gpmctl
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
答案1
您已设置防火墙规则,阻止端口 80 出站,或拒绝相应的入站响应。这些可能是软件防火墙规则,可能专门阻止端口 80 或所有 TCP(PING 是 ICMP),请检查:
iptables -L
正如 ErikA 上面指出的那样。
也可能是硬件防火墙问题 - 服务器是否位于 Cisco 防火墙后面?请咨询您的定位系统管理员。如果您可以从其他机器 curl,则它们已打开 :80。也有可能,但可能性不大,他们在他们那边阻止您,但如果您无法 curl 任何东西(甚至谷歌),那就是您那边的问题。
答案2
嗯,ping 使用 ICMP,而所有这些 HTTP 客户端都使用 TCP 端口 80。这是否可以在源和目标之间被阻止?
答案3
我如何检查是否有东西正在监听端口 80,以及没有防火墙规则会阻止从我正在测试的 IP 到 oprt 80 的流量?
- 网络状态监测
- iptables -vL
答案4
就我而言,问题是由过时的 DNS 缓存引起的。以下方法有所帮助:
# service nscd restart