无法通过第二个网卡/ip 访问 Nginx/80 端口

无法通过第二个网卡/ip 访问 Nginx/80 端口

我们的服务器连接了两个网卡。一个用于本地网络,一个用于远程访问。

eth0:
DEVICE=eth0
TYPE=Ethernet
UUID=*****
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=****
DEFROUTE=no
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
IPADDR=193.9.9.19
NETMASK=255.255.255.0
DNS1=193.9.9.13
USERCTL=no

eth1:
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
UUID=****
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=****
IPADDR=[Public IP]
GATEWAY= [Public Gateway]
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"
USERCTL=no
PEERDNS=yes

我们可以通过本地网络正常访问所有内容,但只能使用 SSH,而不能通过公共 IP 访问端口 80。

这是 nginx 配置

server {
    listen 193.9.9.19:80;
    listen [public ip]:80;


   root /html/test/web;
    index app.php;

   try_files $uri $uri/ @rewrite;

   location @rewrite {
        rewrite ^/(.*)$ /app.php;
    }

}

IP表

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:mysql 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http state NEW,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http state NEW,ESTABLISHED 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 

我们尝试过的事情。

  1. tcpdump 显示 ping 和请求到达服务器:tcpdump -i eth1“端口 80”
  2. 由于 nginx/access.log 和 project/access.log 没有新条目,因此请求未到达 nginx
  3. 通过公共 IP 进行 ssh 正在运行

相关内容