Apache 监听,但没有响应

Apache 监听,但没有响应

我正在路由器上设置 Apache(我已在路由器上安装了 Tomato,这是一个基于 Linux 的自定义固件包)。我已成功安装 Apache,并相信已正确配置它,但无法加载默认的“它有效!”页面。

运行 netstat 后,每次尝试通过浏览器访问服务文件时,我都可以看到“Recv-Q”列中的值不断增加,但 Apache 似乎不会或无法响应请求。跟踪 Apache error_log 也没有任何结果。

有谁看到了什么明显的问题,或者对如何让事情正常运转有什么建议吗?我可以提供其他有用的信息吗?

netstat 输出示例(参见第 5 个条目,地址为“:::www”:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       
tcp        0      0 0.0.0.0:domain          0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      
tcp        0      0 localhost:52698         0.0.0.0:*               LISTEN      
tcp        0      0 0.0.0.0:1338            0.0.0.0:*               LISTEN      
tcp        4      0 :::www                  :::*                    LISTEN      
tcp        0      0 :::domain               :::*                    LISTEN      
tcp        0      0 :::ssh                  :::*                    LISTEN      
tcp        0      0 :::telnet               :::*                    LISTEN      
tcp        0      0 localhost:52698         :::*                    LISTEN      
tcp        0      0 :::1338                 :::*                    LISTEN      
udp        0      0 localhost:38032         0.0.0.0:*                           
udp        0      0 0.0.0.0:5038            0.0.0.0:*                           
udp        0      0 0.0.0.0:domain          0.0.0.0:*                           
udp        0      0 0.0.0.0:bootps          0.0.0.0:*                           
udp        0      0 0.0.0.0:60648           0.0.0.0:*                           
udp        0      0 0.0.0.0:49518           0.0.0.0:*                           
udp        0      0 0.0.0.0:38000           0.0.0.0:*                           
udp        0      0 :::domain               :::*                                
raw        0      0 0.0.0.0:255             0.0.0.0:*               255         
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING      13850 /opt/var/apache2/run/cgisock.1325

Apache error_log 内容:

[Wed Feb 13 16:05:16 2013] [notice] Digest: generating secret for digest authentication ...
[Wed Feb 13 16:05:16 2013] [notice] Digest: done
[Wed Feb 13 16:05:16 2013] [info] APR LDAP: Built with OpenLDAP LDAP SDK
[Wed Feb 13 16:05:16 2013] [info] LDAP: SSL support available
[Wed Feb 13 16:05:16 2013] [info] mod_unique_id: using ip addr 192.168.253.1
[Wed Feb 13 16:05:17 2013] [notice] Apache/2.2.20 (Unix) DAV/2 configured -- resuming normal operations

更新:尽管我已经打开了端口 80(和 443),但防火墙似乎阻止了传入的请求。

防火墙消息(已清理的地址信息,x = 本地,y = 远程):

Feb 13 16:53:15 UBERnet user.warn kernel: DROP IN=vlan2 OUT= MACSRC=xx:xx:xx:xx:xx:xx MACDST=yy:yy:yy:yy:yy:yy MACPROTO=0800 SRC=yyy.yyy.yyy.yyy DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x20 TTL=57 ID=48272 DF PROTO=TCP SPT=43229 DPT=80 SEQ=3727060622 ACK=0 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204056404020000) 

iptables -L 输出:

Chain INPUT (policy DROP)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            state INVALID 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
shlimit    tcp  --  anywhere             anywhere            tcp dpt:ssh state NEW 
shlimit    tcp  --  anywhere             anywhere            tcp dpt:1338 state NEW 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere            udp spt:bootps dpt:bootpc 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1337 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:1338 
logdrop    all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
           all  --  anywhere             anywhere            account: network/netmask: 192.168.253.0/255.255.255.0 name: lan 
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            state INVALID 
TCPMSS     tcp  --  anywhere             anywhere            tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 
monitor    all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
wanin      all  --  anywhere             anywhere            
wanout     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain logdrop (2 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            state NEW limit: avg 1/sec burst 5 LOG level warning tcp-sequence tcp-options ip-options macdecode prefix `DROP ' 
DROP       all  --  anywhere             anywhere            

Chain logreject (0 references)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere            limit: avg 1/sec burst 5 LOG level warning tcp-sequence tcp-options ip-options macdecode prefix `REJECT ' 
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset 

Chain monitor (1 references)
target     prot opt source               destination         
RETURN     tcp  --  anywhere             anywhere            WEBMON --max_domains 1000 --max_searches 1000 

Chain shlimit (2 references)
target     prot opt source               destination         
           all  --  anywhere             anywhere            recent: SET name: shlimit side: source 
logdrop    all  --  anywhere             anywhere            recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source 

更新:顺便说一句,我仅通过调整 iptables 就能让 lighttpd 正常工作,因此看来这是一个特定于 Apache 配置的问题。

答案1

我不知道可能是什么问题,但下一步可能是用 strace 附加到监听进程(及其分支)并查看尝试连接时发生的情况。

strace -o apache.strace -f -p $PID

将结果放入文件 apache.strace。

答案2

在防火墙的 INPUT 链中,logdropline 会终止您的连接。这是一个用于丢弃所有不需要的流量的万能链。规则处理永远不会到达 Web 规则。您必须将 ACCEPT 规则多于规则logdrop

答案3

出了点问题。Apache 仅监听 IPv6。您能否将ListenApache 配置文件中的参数更改为

      Listen 0.0.0.0:80 

然后重新启动 Apache。再次执行 netstat,确保输出包含 0.0.0.0:www 或类似 IPv4 的内容。

相关内容