我们的服务器连接了两个网卡。一个用于本地网络,一个用于远程访问。
eth0:
DEVICE=eth0
TYPE=Ethernet
UUID=*****
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=****
DEFROUTE=no
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
IPADDR=193.9.9.19
NETMASK=255.255.255.0
DNS1=193.9.9.13
USERCTL=no
eth1:
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
UUID=****
NM_CONTROLLED=yes
BOOTPROTO=none
HWADDR=****
IPADDR=[Public IP]
GATEWAY= [Public Gateway]
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth1"
USERCTL=no
PEERDNS=yes
我们可以通过本地网络正常访问所有内容,但只能使用 SSH,而不能通过公共 IP 访问端口 80。
这是 nginx 配置
server {
listen 193.9.9.19:80;
listen [public ip]:80;
root /html/test/web;
index app.php;
try_files $uri $uri/ @rewrite;
location @rewrite {
rewrite ^/(.*)$ /app.php;
}
}
IP表
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
我们尝试过的事情。
- tcpdump 显示 ping 和请求到达服务器:tcpdump -i eth1“端口 80”
- 由于 nginx/access.log 和 project/access.log 没有新条目,因此请求未到达 nginx
- 通过公共 IP 进行 ssh 正在运行