我没有得到想要的网页,而是得到了超时。如果我尝试在服务器上使用 wget 获取页面,它可以正常工作,但如果我想连接浏览器,就会得到超时。
s15312615:/etc/apache2 # netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 localhost.localdom:smtp *:* LISTEN
tcp 0 0 *:www-http *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:snpp *:* LISTEN
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 8857 private/verify
unix 2 [ ACC ] STREAM LISTENING 8863 private/proxymap
unix 2 [ ACC ] STREAM LISTENING 8866 private/smtp
unix 2 [ ACC ] STREAM LISTENING 8869 private/relay
unix 2 [ ACC ] STREAM LISTENING 8875 private/error
unix 2 [ ACC ] STREAM LISTENING 6037 @/var/run/hald/dbus-aXRNnAXQQw
unix 2 [ ACC ] STREAM LISTENING 5897 /var/run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 8034 /var/run/mcelog-client
unix 2 [ ACC ] STREAM LISTENING 8018 /var/run/nscd/socket
unix 2 [ ACC ] STREAM LISTENING 8019 /var/run/.nscd_socket
unix 2 [ ACC ] STREAM LISTENING 8878 private/discard
unix 2 [ ACC ] STREAM LISTENING 8881 private/local
unix 2 [ ACC ] STREAM LISTENING 8884 private/virtual
unix 2 [ ACC ] STREAM LISTENING 8887 private/lmtp
unix 2 [ ACC ] STREAM LISTENING 5991 @/var/run/hald/dbus-98LA968QdN
unix 2 [ ACC ] STREAM LISTENING 8890 private/anvil
unix 2 [ ACC ] STREAM LISTENING 8893 private/scache
unix 2 [ ACC ] STREAM LISTENING 8896 private/maildrop
unix 2 [ ACC ] STREAM LISTENING 8845 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 8899 private/cyrus
unix 2 [ ACC ] STREAM LISTENING 8848 private/bounce
unix 2 [ ACC ] STREAM LISTENING 8902 private/uucp
unix 2 [ ACC ] STREAM LISTENING 8851 private/defer
unix 2 [ ACC ] STREAM LISTENING 8905 private/ifmail
unix 2 [ ACC ] STREAM LISTENING 8854 private/trace
unix 2 [ ACC ] STREAM LISTENING 8908 private/bsmtp
unix 2 [ ACC ] STREAM LISTENING 8911 private/procmail
unix 2 [ ACC ] STREAM LISTENING 8914 private/retry
unix 2 [ ACC ] STREAM LISTENING 8917 private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 8840 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 8860 public/flush
unix 2 [ ACC ] STREAM LISTENING 8872 public/showq
unix 2 [ ACC ] STREAM LISTENING 5964 /var/run/dbus/system_bus_socket
iptables 的输出:
s15312615:/etc/apache2 # iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state RELATED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext- DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere
Chain reject_func (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
我该如何解决这个问题?
///编辑httpd.conf
### Global Environment ######################################################
#
# The directives in this section affect the overall operation of Apache,
# such as the number of concurrent requests.
# run under this user/group id
Include /etc/apache2/uid.conf
# - how many server processes to start (server pool regulation)
# - usage of KeepAlive
Include /etc/apache2/server-tuning.conf
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
ErrorLog /var/log/apache2/error_log
# generated from APACHE_MODULES in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/loadmodule.conf
# IP addresses / ports to listen on
Include /etc/apache2/listen.conf
# predefined logging formats
Include /etc/apache2/mod_log_config.conf
# generated from global settings in /etc/sysconfig/apache2
Include /etc/apache2/sysconfig.d/global.conf
# optional mod_status, mod_info
Include /etc/apache2/mod_status.conf
Include /etc/apache2/mod_info.conf
# optional cookie-based user tracking
# read the documentation before using it!!
Include /etc/apache2/mod_usertrack.conf
# configuration of server-generated directory listings
Include /etc/apache2/mod_autoindex-defaults.conf
# associate MIME types with filename extensions
TypesConfig /etc/apache2/mime.types
DefaultType text/plain
Include /etc/apache2/mod_mime-defaults.conf
# set up (customizable) error responses
Include /etc/apache2/errors.conf
# global (server-wide) SSL configuration, that is not specific to
# any virtual host
Include /etc/apache2/ssl-global.conf
# forbid access to the entire filesystem by default
<Directory />
Options None
AllowOverride None
Order deny,allow
Deny from all
</Directory>
# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
# List of resources to look for when the client requests a directory
DirectoryIndex index.php index.html index.htm index.html.var
### 'Main' server configuration #############################################
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#Include /etc/apache2/default-server.conf
# Another way to include your own files
#
# The file below is generated from /etc/sysconfig/apache2,
# include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and
# APACHE_CONF_INCLUDE_DIRS
Include /etc/apache2/sysconfig.d/include.conf
### Virtual server configuration ############################################
#
# VirtualHost: If you want to maintain multiple domains/hostnames on your
# machine you can setup VirtualHost containers for them. Most configurations
# use only name-based virtual hosts so the server doesn't need to worry about
# IP addresses. This is indicated by the asterisks in the directives below.
#
# Please see the documentation at
# <URL:http://httpd.apache.org/docs-2.2/vhosts/>
# for further details before you try to setup virtual hosts.
#
# You may use the command line option '-S' to verify your virtual host
# configuration.
#
#Include /etc/apache2/vhosts.d/*.conf
Include /etc/apache2/vhosts.d/_vhost-master.conf
# Note: instead of adding your own configuration here, consider
# adding it in your own file (/etc/apache2/httpd.conf.local)
# putting its name into APACHE_CONF_INCLUDE_FILES in
# /etc/sysconfig/apache2 -- this will make system updates
# easier :)
AddOutputFilter INCLUDES .shtml
AddType text/html .shtml
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10 3008 ACCEPT all -- lo any anywhere anywhere
13599 889K ACCEPT all -- any any anywhere anywhere state ESTABLISHED
0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED
2900 537K input_ext all -- eth0 any anywhere anywhere
0 0 input_ext all -- any any anywhere anywhere
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
0 0 DROP all -- any any anywhere anywhere
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
10 3008 ACCEPT all -- any lo anywhere anywhere
13313 5996K ACCEPT all -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED
0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '
Chain forward_ext (0 references)
pkts bytes target prot opt in out source destination
Chain input_ext (2 references)
pkts bytes target prot opt in out source destination
1280 452K DROP all -- any any anywhere anywhere PKTTYPE = broadcast
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
10 461 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
7 392 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP '
8 452 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
0 0 DROP all -- any any anywhere anywhere PKTTYPE = multicast
0 0 DROP all -- any any anywhere anywhere PKTTYPE = broadcast
1288 67240 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
1 438 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
1602 84345 DROP all -- any any anywhere anywhere
Chain reject_func (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset
0 0 REJECT udp -- any any anywhere anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-proto-unreachable
///编辑2
uname -a
Linux s15312615 2.6.34.8-0.2-default #1 SMP 2011-04-06 18:11:26 +0200 x86_64 x86_64 x86_64 GNU/Linux
如果我尝试使用
iptables -A INPUT -p tcp dport html -j ACCEPT
iptables -A OUTPUT -p tcp sport html -j ACCEPT
我明白了
Bad argument `dport'
Try `iptables -h' or 'iptables --help' for more information.
和
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
命令被接受但没有任何改变。
答案1
看起来你没有在 iptables 设置中允许端口 80 上的传入连接,但如果不看输出就很难判断iptables -L -v。允许传入端口 80 到你的防火墙规则,它可能会起作用。
答案2
防火墙确实是问题所在。
在 yast2 中,我转到 -> 安全和用户 -> 防火墙 -> 允许的服务并添加 http 服务器,然后它就起作用了!