公开访问我的网络服务器

公开访问我的网络服务器

在我的 Debian 服务器上,我有一个 eth0 接口 (192.168.10.x),我刚刚添加了 eth1 (176.31.36.x)。我想为 ssh、web 等设置公共访问。

allow-hotplug eth1
iface eth1 inet static
        address 176.31.36.x
        netmask 255.255.255.240
        network 176.31.36.x
        broadcast 171.31.36.x
        dns-nameservers 8.8.8.8
        gateway 176.31.36.x
        dns-search mydomain.com

我添加了这些路线:

iptables -I INPUT -p tcp --dport 80 -j ACCEPT -m comment --comment "Allow HTTP"
iptables -I INPUT -p tcp --dport 443 -j ACCEPT -m comment --comment "Allow HTTPS"
iptables -I INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT -m comment --comment "Allow SSH"

之后服务器重新启动。 ping 机器正常,但 ssh 和 web 都没有响应。

例子:

ssh -v 176.31.36.x
OpenSSH_6.6.1, OpenSSL 1.0.1f 6 Jan 2014
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 176.31.36.x [176.31.36.x] port 22.
debug1: Connection established.
debug1: identity file /home/admin/.ssh/id_rsa type -1
debug1: identity file /home/admin/.ssh/id_rsa-cert type -1
debug1: identity file /home/admin/.ssh/id_dsa type -1
debug1: identity file /home/admin/.ssh/id_dsa-cert type -1
debug1: identity file /home/admin/.ssh/id_ecdsa type -1
debug1: identity file /home/admin/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/admin/.ssh/id_ed25519 type -1
debug1: identity file /home/admin/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0p1 Debian-3ubuntu1
debug1: match: OpenSSH_6.0p1 Debian-3ubuntu1 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 10:59:34:f5:bb:bb:6b:3f:7a:39:1b:26:24:45:18:cb
debug1: Host '176.31.36.x' is known and matches the ECDSA host key.
debug1: Found key in /home/admin/.ssh/known_hosts:57
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/admin/.ssh/id_rsa
debug1: Trying private key: /home/admin/.ssh/id_dsa
debug1: Trying private key: /home/admin/.ssh/id_ecdsa
debug1: Trying private key: /home/admin/.ssh/id_ed25519
debug1: No more authentication methods to try.
Permission denied (publickey).

更新:netstat 的输出:

sudo netstat -lpn | grep ^tcp
tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      508/beam        
tcp        0      0 127.0.0.1:44400         0.0.0.0:*               LISTEN      508/beam        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      10968/sshd      
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      846/exim4       
tcp        0      0 0.0.0.0:8443            0.0.0.0:*               LISTEN      508/beam        
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      443/memcached   
tcp6       0      0 :::80                   :::*                    LISTEN      906/apache2     
tcp6       0      0 ::1:25                  :::*                    LISTEN      846/exim4       
tcp6       0      0 :::443                  :::*                    LISTEN      906/apache2    

答案1

在我们交换意见之后,我很清楚这是一个路由问题。其他一些主机正在响应 176.31.36.x,并且 ssh 建立到该主机的连接。

检查(最好是从两个或更多网络上的客户端)您的连接确实路由到正确的 LAN:sudo traceroute 176.31.36.x,带有变体sudo traceroute -I 176.31.36.xsudo traceroute -T 176.31.36.x在这里可能很有用。

并检查 (176.31.36.x) LAN 上没有任何其他设备获取该地址。

如果一切看起来仍然正确,请检查 (176.31.36.x) LAN 路由器的设置;例如,它可能配置了端口转发,以在其他地方进行 ssh 连接。

现在我很确定它就是其中之一。或者是我想象力的失败,但这似乎越来越不可能。 ;-)

相关内容