我刚刚设置了一个新的 10.04 服务器,但无法使隧道正常工作。
本地机器
ssh -L 9090:localhost:9090 [email protected]
登录成功,但随后尝试从本地浏览器进行隧道连接,http://127.0.0.1:9090
在服务器终端回显:
channel 3: open failed: connect failed: Connection refused
auth.log:
sshd[24502]: error: connect_to localhost port 9090: failed.
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
9090在服务器上尝试(links http://xx.xxx.xx.xx:9090有效)
sshd_config与之前的 8.04 服务器相同,运行良好。
这是怎么回事?
答案1
详细输出(-vvv)。
登录成功。根据本地浏览器的隧道请求,在服务器终端:
ebug1: Connection to port 9090 forwarding to localhost port 9090 requested.
debug2: fd 9 setting TCP_NODELAY
debug3: fd 9 is O_NONBLOCK
debug3: fd 9 is O_NONBLOCK
debug1: channel 3: new [direct-tcpip]
channel 3: open failed: connect failed: Connection refused
debug2: channel 3: zombie
debug2: channel 3: garbage collecting
debug1: channel 3: free: direct-tcpip: listening port 9090 for localhost port 9090, connect from 127.0.0.1 port 57884, nchannels 4
debug3: channel 3: status: The following connections are open:
#2 client-session (t4 r0 i0/0 o0/0 fd 6/7 cfd -1)
debug3: channel 3: close_fds r 9 w 9 e -1 c -1
请注意,端口 9090 回复
# links 127.0.0.1:9090
在工作机器上:(8.04)
根据要求:
debug1: Connection to port 9090 forwarding to localhost port 9090 requested.
debug2: fd 10 setting TCP_NODELAY
debug3: fd 10 is O_NONBLOCK
debug3: fd 10 is O_NONBLOCK
debug1: channel 3: new [direct-tcpip]
debug2: channel 3: open confirm rwindow 2097152 rmax 32768
debug2: channel 3: rcvd eof
debug2: channel 3: output open -> drain
debug2: channel 3: obuf empty
debug2: channel 3: close_write
debug2: channel 3: output drain -> closed
问候//t
答案2
基于此主题我认为问题的原因可能是 Apache,而不是 sshd。
尝试将 httpd.conf 文件中的 Listen 指令更改为
监听 127.0.0.1:9090
然后重新启动 httpd 并查看是否有任何区别。
答案3
解决了:
这是政策问题。在服务器终端,请求的 9090 服务没有响应
telnet localhost 9090
仅限:
telnet 127.0.0.1 9090
解决方案是将其添加到/etc/hosts。
127.0.0.1 localhost localhost.localdomain