我有一个远程 CentOS 6.5 服务器,它在端口 54321 上运行 tomcat 8 Web 服务器(又名 servlet),尽管我建立了成功的 SSH 连接(这就是以下所有日志/命令示例的发生方式)和在端口 80 上退出 Apache Web 服务器时的公共 HTTP 请求,但我无法从我的计算机访问它。
Tomcat部署成功,以下是部分日志输出:
07-Apr-2015 21:21:10.286 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-54321"]
07-Apr-2015 21:21:10.301 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
07-Apr-2015 21:21:10.304 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 538 ms
07-Apr-2015 21:21:10.325 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Catalina
07-Apr-2015 21:21:10.325 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.21
07-Apr-2015 21:21:10.335 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/examples
07-Apr-2015 21:21:10.901 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/examples has finished in 566 ms
07-Apr-2015 21:21:10.901 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/host-manager
07-Apr-2015 21:21:10.923 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/host-manager has finished in 22 ms
07-Apr-2015 21:21:10.923 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/docs
07-Apr-2015 21:21:10.937 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/docs has finished in 14 ms
07-Apr-2015 21:21:10.937 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/ROOT
07-Apr-2015 21:21:10.951 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/ROOT has finished in 14 ms
07-Apr-2015 21:21:10.951 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/manager
07-Apr-2015 21:21:10.970 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/manager has finished in 19 ms
07-Apr-2015 21:21:10.973 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-54321"]
07-Apr-2015 21:21:10.978 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 674 ms
当我运行时lsof -i,我可以看到它正在监听:
java 32818 mark 49u IPv4 78494638 0t0 TCP *:54321 (LISTEN)
java 32818 mark 68u IPv4 78494652 0t0 TCP localhost:mxi (LISTEN)
但是当我运行时nmap localhost,端口没有出现:
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 993 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
199/tcp open smux
631/tcp open ipp
1311/tcp open rxmon
我已经检查过了iptables,它是敞开的:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
以下是system-config-firewall:
# Configuration file for system-config-firewall
--disabled
--service=ssh
我也尝试过nc -l 54321,但遇到了同样的问题(nc正在监听,但无法通过找到nmap)。
因此,当我尝试使用 通过浏览器远程连接到 tomcat 时212.***.***.***:54321,出现“服务器没有响应”(ERR_CONNECTION_TIMED_OUT)。
问题出在哪里?
编辑:
运行后nmap -p 54321 localhost我发现端口确实打开了。那么为什么我无法访问它呢?
编辑2:
当我使用远程nmap测试(不是来自本地主机)时,我会以某种方式被过滤:
PORT STATE SERVICE
22/tcp open ssh
25/tcp filtered smtp
80/tcp open http
111/tcp filtered rpcbind
199/tcp filtered smux
631/tcp filtered ipp
1311/tcp filtered rxmon
tomcat 在端口 -54321 上也同样如此
答案1
也许 SELINUX 阻止了 Tomcat 进程开始监听端口 54321。要检查是否是这种情况,请发出命令setenforce 0,重新启动 tomcat,然后重新尝试连接。有关更多信息:http://wiki.centos.org/HowTos/SELinux
如果与 SELINUX 无关,请尝试通过发出命令连接到本地主机telnet 127.0.0.1 54321。如果 telnet 打开,则说明在来自外部源时有东西丢弃了您的数据包。由于 iptables 已完全禁用,因此更可能的是外部的防火墙(例如:您公司的网关防火墙和/或托管公司的防火墙)正在阻止到端口 54321 的流量。
为确保这一点,请tcpdump -i any -nnn port 54321在您的服务器上发出命令并尝试从外部源进行连接。如果 tcpdump 没有记录任何内容,则表明您和您的服务器之间的某些东西(即网关防火墙)正在丢弃您的数据包。