指定埠上的遠端 linux 伺服器沒有響應
我有一個遠端 CentOS 6.5 伺服器,它在埠 54321 上執行一個 tomcat 8 Web 伺服器(AKA servlet),我無法從我的電腦訪問它,儘管我正在建立一個成功的 SSH 連接(這就是所有以下日誌/命令範例)以及在埠 80 上退出 Apache Web Sever 時的公共 HTTP 請求。
Tomcat 部署成功,下面是一些日誌輸出:
07-Apr-2015 21:21:10.286 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-54321"] 07-Apr-2015 21:21:10.301 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read 07-Apr-2015 21:21:10.304 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 538 ms 07-Apr-2015 21:21:10.325 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Catalina 07-Apr-2015 21:21:10.325 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.21 07-Apr-2015 21:21:10.335 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/examples 07-Apr-2015 21:21:10.901 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/examples has finished in 566 ms 07-Apr-2015 21:21:10.901 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/host-manager 07-Apr-2015 21:21:10.923 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/host-manager has finished in 22 ms 07-Apr-2015 21:21:10.923 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/docs 07-Apr-2015 21:21:10.937 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/docs has finished in 14 ms 07-Apr-2015 21:21:10.937 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/ROOT 07-Apr-2015 21:21:10.951 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/ROOT has finished in 14 ms 07-Apr-2015 21:21:10.951 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/manager 07-Apr-2015 21:21:10.970 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/manager has finished in 19 ms 07-Apr-2015 21:21:10.973 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-54321"] 07-Apr-2015 21:21:10.978 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 674 ms
當我執行時
lsof -i
,我可以看到它正在聽:java 32818 mark 49u IPv4 78494638 0t0 TCP *:54321 (LISTEN) java 32818 mark 68u IPv4 78494652 0t0 TCP localhost:mxi (LISTEN)
但是當我執行時
nmap localhost
,埠沒有出現:Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 111/tcp open rpcbind 199/tcp open smux 631/tcp open ipp 1311/tcp open rxmon
我檢查了
iptables
,它是敞開的:Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
這是
system-config-firewall
:# Configuration file for system-config-firewall --disabled --service=ssh
我也試過
nc -l 54321
了,我也遇到了同樣的問題(nc
正在聽,但無法通過 找到nmap
)。因此,當我嘗試通過瀏覽器遠端連接到 tomcat 時
212.***.***.***:54321
,我得到“伺服器沒有響應”(ERR_CONNECTION_TIMED_OUT
)。問題出在哪裡?
編輯:
我跑後
nmap -p 54321 localhost
看到埠實際上是打開的。那為什麼我無法訪問它?編輯2:
當我使用遠端
nmap
測試(不是來自本地主機)時,我以某種方式被過濾:PORT STATE SERVICE 22/tcp open ssh 25/tcp filtered smtp 80/tcp open http 111/tcp filtered rpcbind 199/tcp filtered smux 631/tcp filtered ipp 1311/tcp filtered rxmon
埠 -54321 上的 tomcat 也是如此
可能 SELINUX 正在阻止 Tomcat 程序開始偵聽埠 54321。要檢查是否是這種情況,請發出命令
setenforce 0
,重新啟動 Tomcat,然後重新嘗試連接。欲了解更多資訊:http ://wiki.centos.org/HowTos/SELinux如果它與 SELINUX 無關,請嘗試連接到發出命令的 localhost
telnet 127.0.0.1 54321
。如果 telnet 打開,那麼當來自外部源時,某些東西正在丟棄您的數據包。由於 iptables 已完全禁用,更有可能是外部防火牆(例如:您公司的網關防火牆和/或託管公司的防火牆)阻止了到埠 54321 的流量。為了確定這一點,請
tcpdump -i any -nnn port 54321
在您的伺服器上發出命令並嘗試從外部源連接。如果 tcpdump 沒有記錄任何內容,那麼您和您的伺服器(閱讀:網關防火牆)之間的某些東西正在丟棄您的數據包。