远程 (sles) 服务器端口上的连接被拒绝,即使该服务器端口内部显示为打开

tag-icon tag-icon ubuntu firewall port remote-access sles
远程 (sles) 服务器端口上的连接被拒绝,即使该服务器端口内部显示为打开

当尝试通过 Python 中的 pyspark 连接到 spark 集群的端口 7077 时,我得到了Connection refused Error

从我的本地机器(Ubuntu 20.04)运行nmap server_ip显示 4 个开放端口(80、8080、22、9000)

运行nc -zv server_ip 7077得到输出:

nc: connect to server_ip port 7077 (tcp) failed: Connection refused

然后我通过 ssh 连接到 sles 服务器(必须连接到 VPN)并运行以下命令: ss -tulw。该命令为端口 7077 提供以下输出:

Netid  State      Recv-Q Send-Q Local Address:Port                 Peer Address:Port
tcp    LISTEN     0      128     *:7077                            *:*

如果我理解正确的话,这意味着端口 7077 对任何地址都是开放的。那么为什么我会得到一个Connection refused Error

VPN 连接中的端口 7077 没有防火墙。

编辑:

输出自iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7077
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:7077

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-INGRESS  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (2 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             another_ip           tcp dpt:9870
ACCEPT     tcp  --  anywhere             another_ip           tcp dpt:cslistener
ACCEPT     tcp  --  anywhere             another_ip           tcp dpt:7077

Chain DOCKER-INGRESS (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             state RELATED,ESTABLISHED tcp spt:http-alt
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             state RELATED,ESTABLISHED tcp spt:http
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

答案1

看起来像当地的目标机器的防火墙不允许 TCP 端口 7077 上的传入连接。

这应该可以解决问题:

iptables -A INPUT -p tcp --dport 7077 -j ACCEPT

-I根据现有规则,您可能需要使用-A

iptables -I INPUT -p tcp --dport 7077 -j ACCEPT

相关内容