我想添加一个运行 CentOS 7 的新节点,由我的 munin 服务器 (CentOS 7) 监控,但无法连接到它。它可以很好地连接到我的其他节点(也是 CentOS 7),并且能够 ping 有问题的新节点:
[root@australium ~]# ping my-munin-node
PING my-munin-node (132.229.44.220) 56(84) bytes of data.
64 bytes from my-munin-node (132.229.44.220): icmp_seq=1 ttl=63 time=0.597 ms
[root@australium ~]# ncat 132.229.44.220 4949
Ncat: No route to host.
据我所知,我的防火墙不应该阻止它:
[root@my-munin-node ~]# iptables -S | grep 4949
-A IN_public_allow -p tcp -m tcp --dport 4949 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
以下是详细的 ncat 输出:
[root@australium ~]# ncat -vvvv 132.229.44.220 4949
Ncat: Version 7.50 ( https://nmap.org/ncat )
NCAT DEBUG: Using system default trusted CA certificates and those in /usr/share/ncat/ca-bundle.crt.
NCAT DEBUG: Unable to load trusted CA certificates from /usr/share/ncat/ca-bundle.crt: error:02001002:system library:fopen:No such file or directory
libnsock nsi_new2(): nsi_new (IOD #1)
libnsock msevent_new(): msevent_new (IOD #1) (EID #8)
libnsock nsock_connect_tcp(): TCP connection requested to 132.229.44.220:4949 (IOD #1) EID 8
libnsock nsp_add_event(): NSE #8: Adding event
libnsock nsock_loop(): nsock_loop() started (no timeout). 1 events pending
libnsock nsock_trace_handler_callback(): Callback: CONNECT ERROR [No route to host (113)] for EID 8 [132.229.44.220:4949]
Ncat: No route to host.
任何潜在的解决方案或指示都会受到热烈欢迎。
答案1
显然,我的客户端仍然屏蔽了 IP。我还没能找到如何查看或确认这一点,但明确添加我的 munin 服务器的 IP 已经解决了这个问题:
[root@my-munin-node ~]# firewall-cmd --permanent --add-source=132.229.44.132
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'internal,external' (see --get-active-zones)
You most likely need to use --zone=internal option.
success
[root@my-munin-node ~]# firewall-cmd --permanent --zone=internal --add-source=132.229.44.132
Error: ZONE_CONFLICT: 132.229.44.132
[root@my-munin-node ~]# systemctl restart firewalld