我有两台运行 RHEL 5.8 的服务器。SRV1 (10.58.192.36) 在端口 9002 上运行一项服务,我需要从 SRV2 (10.58.192.42) 连接到该服务。
[root@SRV1 ~]# netstat -anp | grep 9002
tcp 0 0 :::9002 :::* LISTEN 20740/java
如果我尝试从 SRV1 本身连接到此服务,它就可以工作。
[root@SRV1 ~]# telnet 10.58.192.36 9002
Trying 10.58.192.36...
Connected to SRV1 (10.58.192.36).
Escape character is '^]'.
SheerMachineInterface
但是如果我尝试使用相同的命令从 SRV2 连接到此服务,它会立即断开连接。
[root@SRV2 ~]# telnet 10.58.192.36 9002
Trying 10.58.192.36...
Connected to SRV1 (10.58.192.36).
Escape character is '^]'.
Connection closed by foreign host.
You have new mail in /var/spool/mail/root
[root@SRV2 ~]#
我已经尝试在 SRV1 上禁用 iptables 和 ip6tables 服务,但没有成功。这是当前的 iptables 和 ip6tables 配置。
[root@SRV1 ~]# iptables -n --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9002
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@SRV1 ~]#
[root@SRV1 ~]#
[root@SRV1 ~]# ip6tables -n --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all ::/0 ::/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all ::/0 ::/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all ::/0 ::/0
ACCEPT icmpv6 ::/0 ::/0
ACCEPT esp ::/0 ::/0
ACCEPT ah ::/0 ::/0
ACCEPT udp ::/0 ff02::fb/128 udp dpt:5353
ACCEPT udp ::/0 ::/0 udp dpt:631
ACCEPT tcp ::/0 ::/0 tcp dpt:631
ACCEPT udp ::/0 ::/0 udp dpts:32768:61000
ACCEPT tcp ::/0 ::/0 tcp dpts:32768:61000 flags:!0x16/0x02
ACCEPT tcp ::/0 ::/0 tcp dpt:22
ACCEPT tcp ::/0 ::/0 tcp dpt:9002
REJECT all ::/0 ::/0 reject-with icmp6-adm-prohibited
[root@SRV1 ~]#
SRV1 中的 /etc/hosts.allow 和 /etc/hosts.deny 文件中都没有配置。
[root@SRV1 ~]# cat /etc/hosts.allow
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
[root@SRV1 ~]# cat /etc/hosts.deny
#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
[root@SRV1 ~]#
这是非工作场景的 tcpdump(即 SRV2 到 SRV1)。
[root@SRV1 ~]# tcpdump -i bond0.440 -nn -XX -vvv tcp port 9002 -s 0 -e
tcpdump: listening on bond0.440, link-type EN10MB (Ethernet), capture size 65535 bytes
21:55:49.016719 00:0c:29:95:fd:71 > a4:4c:11:de:38:b2, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 64, id 4945, offset 0, flags [DF], proto: TCP (6), length: 60) 10.58.192.42.53766 > 10.58.192.36.9002: S, cksum 0x9a82 (correct), 2190603583:2190603583(0) win 5840 <mss 1460,sackOK,timestamp 2927224430 0,nop,wscale 7>
0x0000: a44c 11de 38b2 000c 2995 fd71 0800 4510 .L..8...)..q..E.
0x0010: 003c 1351 4000 4006 9298 0a3a c02a 0a3a .<.Q@.@....:.*.:
0x0020: c024 d206 232a 8291 f53f 0000 0000 a002 .$..#*...?......
0x0030: 16d0 9a82 0000 0204 05b4 0402 080a ae79 ...............y
0x0040: e66e 0000 0000 0103 0307 .n........
21:55:49.017588 a4:4c:11:de:38:b2 > 00:0c:29:95:fd:71, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 10.58.192.36.9002 > 10.58.192.42.53766: S, cksum 0xb74c (correct), 1977460830:1977460830(0) ack 2190603584 win 5792 <mss 1460,sackOK,timestamp 3423009041 2927224430,nop,wscale 7>
0x0000: 000c 2995 fd71 a44c 11de 38b2 0800 4500 ..)..q.L..8...E.
0x0010: 003c 0000 4000 4006 a5f9 0a3a c024 0a3a .<..@.@....:.$.:
0x0020: c02a 232a d206 75dd a85e 8291 f540 a012 .*#*..u..^...@..
0x0030: 16a0 b74c 0000 0204 05b4 0402 080a cc06 ...L............
0x0040: f911 ae79 e66e 0103 0307 ...y.n....
21:55:49.018224 00:0c:29:95:fd:71 > a4:4c:11:de:38:b2, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 4946, offset 0, flags [DF], proto: TCP (6), length: 52) 10.58.192.42.53766 > 10.58.192.36.9002: ., cksum 0xfc88 (correct), 1:1(0) ack 1 win 46 <nop,nop,timestamp 2927224432 3423009041>
0x0000: a44c 11de 38b2 000c 2995 fd71 0800 4510 .L..8...)..q..E.
0x0010: 0034 1352 4000 4006 929f 0a3a c02a 0a3a .4.R@.@....:.*.:
0x0020: c024 d206 232a 8291 f540 75dd a85f 8010 .$..#*...@u.._..
0x0030: 002e fc88 0000 0101 080a ae79 e670 cc06 ...........y.p..
0x0040: f911 ..
21:55:49.018923 a4:4c:11:de:38:b2 > 00:0c:29:95:fd:71, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 20812, offset 0, flags [DF], proto: TCP (6), length: 52) 10.58.192.36.9002 > 10.58.192.42.53766: F, cksum 0xfc84 (correct), 1:1(0) ack 1 win 46 <nop,nop,timestamp 3423009044 2927224432>
0x0000: 000c 2995 fd71 a44c 11de 38b2 0800 4500 ..)..q.L..8...E.
0x0010: 0034 514c 4000 4006 54b5 0a3a c024 0a3a .4QL@[email protected]..:.$.:
0x0020: c02a 232a d206 75dd a85f 8291 f540 8011 .*#*..u.._...@..
0x0030: 002e fc84 0000 0101 080a cc06 f914 ae79 ...............y
0x0040: e670 .p
21:55:49.019172 00:0c:29:95:fd:71 > a4:4c:11:de:38:b2, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 4947, offset 0, flags [DF], proto: TCP (6), length: 52) 10.58.192.42.53766 > 10.58.192.36.9002: F, cksum 0xfc83 (correct), 1:1(0) ack 2 win 46 <nop,nop,timestamp 2927224432 3423009044>
0x0000: a44c 11de 38b2 000c 2995 fd71 0800 4510 .L..8...)..q..E.
0x0010: 0034 1353 4000 4006 929e 0a3a c02a 0a3a .4.S@.@....:.*.:
0x0020: c024 d206 232a 8291 f540 75dd a860 8011 .$..#*...@u..`..
0x0030: 002e fc83 0000 0101 080a ae79 e670 cc06 ...........y.p..
0x0040: f914 ..
21:55:49.019185 a4:4c:11:de:38:b2 > 00:0c:29:95:fd:71, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 64, id 20813, offset 0, flags [DF], proto: TCP (6), length: 52) 10.58.192.36.9002 > 10.58.192.42.53766: ., cksum 0xfc83 (correct), 2:2(0) ack 2 win 46 <nop,nop,timestamp 3423009044 2927224432>
0x0000: 000c 2995 fd71 a44c 11de 38b2 0800 4500 ..)..q.L..8...E.
0x0010: 0034 514d 4000 4006 54b4 0a3a c024 0a3a .4QM@[email protected]..:.$.:
0x0020: c02a 232a d206 75dd a860 8291 f541 8010 .*#*..u..`...A..
0x0030: 002e fc83 0000 0101 080a cc06 f914 ae79 ...............y
0x0040: e670 .p
6 packets captured
6 packets received by filter
0 packets dropped by kernel
[root@SRV1 ~]#
这是工作场景的 tcpdump(即 SRV1 到 SRV1 本身)。
[root@SRV1 ~]# tcpdump -i lo -nn -XX -vvv tcp port 9002 -s 0 -e
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
22:10:04.734084 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 64, id 31083, offset 0, flags [DF], proto: TCP (6), length: 60) 10.58.192.36.34764 > 10.58.192.36.9002: S, cksum 0xd5ff (correct), 624197334:624197334(0) win 32792 <mss 16396,sackOK,timestamp 3423864765 0,nop,wscale 7>
0x0000: 0000 0000 0000 0000 0000 0000 0800 4510 ..............E.
0x0010: 003c 796b 4000 4006 2c84 0a3a c024 0a3a .<yk@.@.,..:.$.:
0x0020: c024 87cc 232a 2534 7ed6 0000 0000 a002 .$..#*%4~.......
0x0030: 8018 d5ff 0000 0204 400c 0402 080a cc14 ........@.......
0x0040: 07bd 0000 0000 0103 0307 ..........
22:10:04.734177 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto: TCP (6), length: 60) 10.58.192.36.9002 > 10.58.192.36.34764: S, cksum 0x0471 (correct), 3880130173:3880130173(0) ack 624197335 win 32768 <mss 16396,sackOK,timestamp 3423864765 3423864765,nop,wscale 7>
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 003c 0000 4000 4006 a5ff 0a3a c024 0a3a .<..@.@....:.$.:
0x0020: c024 232a 87cc e746 167d 2534 7ed7 a012 .$#*...F.}%4~...
0x0030: 8000 0471 0000 0204 400c 0402 080a cc14 ...q....@.......
0x0040: 07bd cc14 07bd 0103 0307 ..........
22:10:04.734209 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 31084, offset 0, flags [DF], proto: TCP (6), length: 52) 10.58.192.36.34764 > 10.58.192.36.9002: ., cksum 0xec94 (correct), 1:1(0) ack 1 win 257 <nop,nop,timestamp 3423864765 3423864765>
0x0000: 0000 0000 0000 0000 0000 0000 0800 4510 ..............E.
0x0010: 0034 796c 4000 4006 2c8b 0a3a c024 0a3a .4yl@.@.,..:.$.:
0x0020: c024 87cc 232a 2534 7ed7 e746 167e 8010 .$..#*%4~..F.~..
0x0030: 0101 ec94 0000 0101 080a cc14 07bd cc14 ................
0x0040: 07bd ..
22:10:04.737961 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 87: (tos 0x0, ttl 64, id 4547, offset 0, flags [DF], proto: TCP (6), length: 73) 10.58.192.36.9002 > 10.58.192.36.34764: P, cksum 0x9289 (correct), 1:22(21) ack 1 win 256 <nop,nop,timestamp 3423864769 3423864765>
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 0049 11c3 4000 4006 942f 0a3a c024 0a3a .I..@.@../.:.$.:
0x0020: c024 232a 87cc e746 167e 2534 7ed7 8018 .$#*...F.~%4~...
0x0030: 0100 9289 0000 0101 080a cc14 07c1 cc14 ................
0x0040: 07bd 5368 6565 724d 6163 6869 6e65 496e ..SheerMachineIn
0x0050: 7465 7266 6163 65 terface
22:10:04.737974 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 31085, offset 0, flags [DF], proto: TCP (6), length: 52) 10.58.192.36.34764 > 10.58.192.36.9002: ., cksum 0xec77 (correct), 1:1(0) ack 22 win 257 <nop,nop,timestamp 3423864769 3423864769>
0x0000: 0000 0000 0000 0000 0000 0000 0800 4510 ..............E.
0x0010: 0034 796d 4000 4006 2c8a 0a3a c024 0a3a .4ym@.@.,..:.$.:
0x0020: c024 87cc 232a 2534 7ed7 e746 1693 8010 .$..#*%4~..F....
0x0030: 0101 ec77 0000 0101 080a cc14 07c1 cc14 ...w............
0x0040: 07c1 ..
22:10:04.737986 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 68: (tos 0x0, ttl 64, id 4548, offset 0, flags [DF], proto: TCP (6), length: 54) 10.58.192.36.9002 > 10.58.192.36.34764: P, cksum 0xdf64 (correct), 22:24(2) ack 1 win 256 <nop,nop,timestamp 3423864769 3423864769>
0x0000: 0000 0000 0000 0000 0000 0000 0800 4500 ..............E.
0x0010: 0036 11c4 4000 4006 9441 0a3a c024 0a3a .6..@[email protected].:.$.:
0x0020: c024 232a 87cc e746 1693 2534 7ed7 8018 .$#*...F..%4~...
0x0030: 0100 df64 0000 0101 080a cc14 07c1 cc14 ...d............
0x0040: 07c1 0d0a ....
22:10:04.737989 00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 66: (tos 0x10, ttl 64, id 31086, offset 0, flags [DF], proto: TCP (6), length: 52) 10.58.192.36.34764 > 10.58.192.36.9002: ., cksum 0xec75 (correct), 1:1(0) ack 24 win 257 <nop,nop,timestamp 3423864769 3423864769>
0x0000: 0000 0000 0000 0000 0000 0000 0800 4510 ..............E.
0x0010: 0034 796e 4000 4006 2c89 0a3a c024 0a3a .4yn@.@.,..:.$.:
0x0020: c024 87cc 232a 2534 7ed7 e746 1695 8010 .$..#*%4~..F....
0x0030: 0101 ec75 0000 0101 080a cc14 07c1 cc14 ...u............
0x0040: 07c1 ..
7 packets captured
14 packets received by filter
0 packets dropped by kernel
[root@SRV1 ~]#
您能指出问题出在哪里吗?