无法在虚拟机上访问 svn,但其他一切正常

tag-icon tag-icon iptables svn virtualbox turnkey-linux
无法在虚拟机上访问 svn,但其他一切正常

我有一台服务器 ( host) 在 Virtualbox 中运行 Turnkey Trac 服务器 ( tracsrv),但网络出现一些奇怪的结果。有人知道如何解释这个问题吗?是否有可能修复这个问题?

症状

user@randomcomputer ~$ ssh root@tracsrv # works as expected
user@randomcomputer ~$ curl -I http://tracsrv/ # works as expected
          user@host ~$ svn co svn://tracsrv/helloworld # works as expected
user@randomcomputer ~$ svn co svn://tracsrv/helloworld # FAILS

randomcomputerhost(因此tracsrv)都在同一个 LAN 网络上运行(具有单个 GW 的常规 /24 LAN,没什么特别的)。

配置

host正在运行 iptables,其中所有内容均被阻止,例如 http 除外:

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

# Accept any related or established connections
-I INPUT  1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-I OUTPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT

# Allow all traffic on the loopback interface
-A INPUT  -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

[...]

# SSH
-A INPUT  -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT

# HTTP+HTTPS
-A INPUT  -i eth1 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT  -i eth1 -p tcp -m tcp --dport 443 -j ACCEPT

# Inbound SVN
# Added this as I was unsure whether the host affected the VM
-A INPUT  -i eth1 -p tcp -m tcp --dport 3690 -j ACCEPT

COMMIT

tracsrv但由于其网络处于桥接模式,这些设置不应干扰流量:

user@host ~$ VBoxManage showvminfo tracsrv | grep "NIC 1"
NIC 1:           MAC: XXXXXXXXXXXX, Attachment: Bridged Interface 'eth1', Cable connected: on, Trace: off (file: none), Type: Am79C973, Reported speed: 0 Mbps, Boot priority: 0, Promisc Policy: deny

最后 iptablestracsrv接受所有流量:

root@tracsrv ~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

并且svnserve正在运行tracsrv

root@tracsrv ~# lsof -i :svn
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
svnserve 2352 root    3u  IPv4   5550      0t0  TCP *:svn (LISTEN)

编辑:回复@Guido:

user@randomcomputer ~$ telnet tracsrv 3690
Trying tracsrv...
telnet: Unable to connect to remote host: Connection timed out
user@randomcomputer ~$ svn co svn://tracsrv/helloworld
svn: E000110: Unable to connect to a repository at URL 'svn://tracsrv/helloworld'
svn: E000110: Can't connect to host 'tracsrv': Connection timed out

答案1

您正在使用svn:协议进行远程访问。除了隔离的受信任本地网络外,这不是一个好的选择。由于您觉得需要设置 iptables,这听起来好像您不信任本地网络。

svn+ssh:尝试通过或设置颠覆访问https:http:也仅适用于受信任的本地网络,因为凭据和内容以纯文本形式发送)

相关内容