我有一台 Ubuntu 16.04.1 LTS 服务器,可以为同一网络上的任何内容提供页面,但无法响应来自外部的请求。
数据包似乎可以顺利到达服务器(因此我认为路由器/VM 主机不是罪魁祸首)。例如,这是我手机浏览器中的 tcpdump(不是在 wifi 上):
sudo tcpdump -n -nn -tttt -i enp0s8 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s8, link-type EN10MB (Ethernet), capture size 262144 bytes
2017-03-04 01:38:17.541225 IP 209.171.x.x.19235 > 192.168.100.100.80:Flags [S], seq 2831699911, win 32120, options [mss 1460,sackOK,TS val 3366582762 ecr 0,nop,wscale 7], length 0
2017-03-04 01:38:18.533486 IP 209.171.x.x.19235 > 192.168.100.100.80: Flags [S], seq 2831699911, win 32120, options [mss 1460,sackOK,TS val 3366583762 ecr 0,nop,wscale 7], length 0
2017-03-04 01:38:20.251207 IP 209.171.x.x.30518 > 192.168.100.100.80: Flags [S], seq 3262824289, win 32120, options [mss 1460,sackOK,TS val 3366585480 ecr 0,nop,wscale 7], length 0
2017-03-04 01:38:21.249853 IP 209.171.x.x.30518 > 192.168.100.100.80: Flags [S], seq 3262824289, win 32120, options [mss 1460,sackOK,TS val 3366586480 ecr 0,nop,wscale 7], length 0
2017-03-04 01:38:23.261555 IP 209.171.x.x.30518 > 192.168.100.100.80: Flags [S], seq 3262824289, win 32120, options [mss 1460,sackOK,TS val 3366588480 ecr 0,nop,wscale 7], length 0
2017-03-04 01:38:27.251426 IP 209.171.x.x.30518 > 192.168.100.100.80: Flags [S], seq 3262824289, win 32120, options [mss 1460,sackOK,TS val 3366592480 ecr 0,nop,wscale 7], length 0
为了进行比较,这是另一台 LAN 计算机正在(成功)加载来自该服务器的页面:
sudo tcpdump -n -nn -tttt -i enp0s8 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s8, link-type EN10MB (Ethernet), capture size 262144 bytes
2017-03-04 01:52:12.740465 IP 192.168.0.11.50439 > 192.168.100.100.80: Flags [S], seq 3685185069, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
2017-03-04 01:52:12.740538 IP 192.168.100.100.80 > 192.168.0.11.50439: Flags [S.], seq 262599678, ack 3685185070, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
2017-03-04 01:52:12.741398 IP 192.168.0.11.50439 > 192.168.100.100.80: Flags [.], ack 1, win 16425, length 0
2017-03-04 01:52:12.742041 IP 192.168.0.11.50439 > 192.168.100.100.80: Flags [P.], seq 1:399, ack 1, win 16425, length 398: HTTP: GET / HTTP/1.1
2017-03-04 01:52:12.742081 IP 192.168.100.100.80 > 192.168.0.11.50439: Flags [.], ack 399, win 237, length 0
2017-03-04 01:52:12.742769 IP 192.168.100.100.80 > 192.168.0.11.50439: Flags [P.], seq 1:151, ack 399, win 237, length 150: HTTP: HTTP/1.1 200 OK
2017-03-04 01:52:12.804288 IP 192.168.0.11.50439 > 192.168.100.100.80: Flags [P.], seq 399:783, ack 151, win 16387, length 384: HTTP: GET /favicon.ico HTTP/1.1
2017-03-04 01:52:12.804985 IP 192.168.100.100.80 > 192.168.0.11.50439: Flags [P.], seq 151:301, ack 783, win 245, length 150: HTTP: HTTP/1.1 200 OK
2017-03-04 01:52:13.016970 IP 192.168.100.100.80 > 192.168.0.11.50439: Flags [P.], seq 151:301, ack 783, win 245, length 150: HTTP: HTTP/1.1 200 OK
2017-03-04 01:52:13.017937 IP 192.168.0.11.50439 > 192.168.100.100.80: Flags [.], ack 301, win 16350, options [nop,nop,sack 1 {151:301}], length 0
2017-03-04 01:52:14.927196 IP 192.168.0.11.50439 > 192.168.100.100.80: Flags [F.], seq 783, ack 301, win 16350, length 0
2017-03-04 01:52:14.927729 IP 192.168.100.100.80 > 192.168.0.11.50439: Flags [F.], seq 301, ack 784, win 245, length 0
2017-03-04 01:52:14.928142 IP 192.168.0.11.50439 > 192.168.100.100.80: Flags [.], ack 302, win 16350, length 0
2017-03-04 01:52:15.732564 IP 192.168.0.11.50437 > 192.168.100.100.80: Flags [S], seq 420429641, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
2017-03-04 01:52:15.732638 IP 192.168.100.100.80 > 192.168.0.11.50437: Flags [S.], seq 113394854, ack 420429642, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
2017-03-04 01:52:15.733329 IP 192.168.0.11.50437 > 192.168.100.100.80: Flags [.], ack 1, win 16425, length 0
2017-03-04 01:52:15.738538 IP 192.168.0.11.50438 > 192.168.100.100.80: Flags [S], seq 1232950050, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
2017-03-04 01:52:15.738644 IP 192.168.100.100.80 > 192.168.0.11.50438: Flags [S.], seq 2713178861, ack 1232950051, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
是否配置
enp0s3 Link encap:Ethernet HWaddr 08:00:27:c3:0a:85
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fec3:a85/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:32 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:3412 (3.4 KB) TX bytes:3144 (3.1 KB)
enp0s8 Link encap:Ethernet HWaddr 08:00:27:c3:18:c4
inet addr:192.168.100.100 Bcast:192.168.255.255 Mask:255.255.0.0
inet6 addr: fe80::a00:27ff:fec3:18c4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7138 errors:0 dropped:0 overruns:0 frame:0
TX packets:2364 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:928468 (928.4 KB) TX bytes:289133 (289.1 KB)
enp0s9 Link encap:Ethernet HWaddr 08:00:27:bd:31:ae
inet addr:10.10.100.100 Bcast:10.10.100.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:febd:31ae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:45 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5535 (5.5 KB) TX bytes:648 (648.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
防火墙 我删除了 UFW,并从 iptables 中清除了所有剩余的链,并清除了 iptables
iptables -L -v
Chain INPUT (policy ACCEPT 66 packets, 6921 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 50 packets, 7337 bytes)
pkts bytes target prot opt in out source destination
路由器: 配备最新固件的华硕 RT-AC56U 将端口 80 转发至 192.168.100.100:80 路由器内部 IP 为 192.168.0.1,LAN 为 192.168.0.0/255.255.0.0
Vagrant/VirtualBox:该服务器在 Windows 10 主机上的 Vagrant + VirtualBox VM 中运行。 主机的防火墙已完全禁用。**enp0s8 对应的网络桥接到主机的有线网络适配器(又连接到路由器上的有线端口)
编辑:监听服务器是一个基本的 Node 脚本(以 sudo 身份运行以访问端口 80)它只以纯文本应答并打印到控制台连接的远程 IP。因此不涉及 Apache/Nginx。