Linux

指定埠上的遠端 linux 伺服器沒有響應

  • April 12, 2015

我有一個遠端 CentOS 6.5 伺服器,它在埠 54321 上執行一個 tomcat 8 Web 伺服器(AKA servlet),我無法從我的電腦訪問它,儘管我正在建立一個成功的 SSH 連接(這就是所有以下日誌/命令範例)以及在埠 80 上退出 Apache Web Sever 時的公共 HTTP 請求。

Tomcat 部署成功,下面是一些日誌輸出:

07-Apr-2015 21:21:10.286 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-54321"]
07-Apr-2015 21:21:10.301 INFO [main] org.apache.tomcat.util.net.NioSelectorPool.getSharedSelector Using a shared selector for servlet write/read
07-Apr-2015 21:21:10.304 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 538 ms
07-Apr-2015 21:21:10.325 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service Catalina
07-Apr-2015 21:21:10.325 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet Engine: Apache Tomcat/8.0.21
07-Apr-2015 21:21:10.335 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/examples
07-Apr-2015 21:21:10.901 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/examples has finished in 566 ms
07-Apr-2015 21:21:10.901 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/host-manager
07-Apr-2015 21:21:10.923 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/host-manager has finished in 22 ms
07-Apr-2015 21:21:10.923 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/docs
07-Apr-2015 21:21:10.937 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/docs has finished in 14 ms
07-Apr-2015 21:21:10.937 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/ROOT
07-Apr-2015 21:21:10.951 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/ROOT has finished in 14 ms
07-Apr-2015 21:21:10.951 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory /home/mark/apache-tomcat-8.0.21/webapps/manager
07-Apr-2015 21:21:10.970 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory /home/mark/apache-tomcat-8.0.21/webapps/manager has finished in 19 ms
07-Apr-2015 21:21:10.973 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-54321"]
07-Apr-2015 21:21:10.978 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in 674 ms

當我執行時lsof -i,我可以看到它正在聽:

java      32818    mark   49u  IPv4 78494638      0t0  TCP *:54321 (LISTEN)
java      32818    mark   68u  IPv4 78494652      0t0  TCP localhost:mxi (LISTEN)

但是當我執行時nmap localhost,埠沒有出現:

Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 993 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
111/tcp  open  rpcbind
199/tcp  open  smux
631/tcp  open  ipp
1311/tcp open  rxmon

我檢查了iptables,它是敞開的:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   

這是system-config-firewall

# Configuration file for system-config-firewall

--disabled
--service=ssh

我也試過nc -l 54321了,我也遇到了同樣的問題(nc正在聽,但無法通過 找到nmap)。

因此,當我嘗試通過瀏覽器遠端連接到 tomcat 時212.***.***.***:54321,我得到“伺服器沒有響應”(ERR_CONNECTION_TIMED_OUT)。

問題出在哪裡?

編輯:

我跑後nmap -p 54321 localhost看到埠實際上是打開的。那為什麼我無法訪問它?

編輯2:

當我使用遠端nmap測試(不是來自本地主機)時,我以某種方式被過濾:

PORT     STATE    SERVICE
22/tcp   open     ssh
25/tcp   filtered smtp
80/tcp   open     http
111/tcp  filtered rpcbind
199/tcp  filtered smux
631/tcp  filtered ipp
1311/tcp filtered rxmon

埠 -54321 上的 tomcat 也是如此

可能 SELINUX 正在阻止 Tomcat 程序開始偵聽埠 54321。要檢查是否是這種情況,請發出命令setenforce 0,重新啟動 Tomcat,然後重新嘗試連接。欲了解更多資訊:http ://wiki.centos.org/HowTos/SELinux

如果它與 SELINUX 無關,請嘗試連接到發出命令的 localhost telnet 127.0.0.1 54321。如果 telnet 打開,那麼當來自外部源時,某些東西正在丟棄您的數據包。由於 iptables 已完全禁用,更有可能是外部防火牆(例如:您公司的網關防火牆和/或託管公司的防火牆)阻止了到埠 54321 的流量。

為了確定這一點,請tcpdump -i any -nnn port 54321在您的伺服器上發出命令並嘗試從外部源連接。如果 tcpdump 沒有記錄任何內容,那麼您和您的伺服器(閱讀:網關防火牆)之間的某些東西正在丟棄您的數據包。

引用自:https://serverfault.com/questions/681054