Linux
在 xenserver 中執行 Apache2
我正在嘗試執行我自己的 squirrelmail 電子郵件伺服器。這涉及到 apache2、postfix 和 squirrelmail 的使用。
當我第一次啟動伺服器時,一切都會正常工作,但大約 1 - 2 小時後,埠 80 (apache) 和 25 (smtp) 將對網路外的任何人關閉。但是,如果我使用伺服器本地 ip 查看網站,它仍然可以工作。
我的網路只有一個路由器和一個二層交換機。網路未分段。
Gateway: 10.0.0.1 subnetmask: 255.0.0.0 servers ip: 10.0.25.0
以下是 apache 伺服器在公共 IP 出現故障時的診斷結果。
netstat -an | grep 80 tcp6 0 0 :::80 :::* LISTEN unix 3 [ ] STREAM CONNECTED 13180 nmap 10.0.25.0 Starting Nmap 6.47 ( http://nmap.org ) at 2016-05-02 22:27 PDT Nmap scan report for 10.0.25.0 Host is up (0.000012s latency). Not shown: 994 closed ports PORT STATE SERVICE 22/tcp open ssh 25/tcp open smtp 80/tcp open http 110/tcp open pop3 111/tcp open rpcbind 143/tcp open imap Nmap done: 1 IP address (1 host up) scanned in 7.43 seconds ps -aux | grep 80 root 155 0.0 0.6 40808 3296 ? Ss 21:20 0:00 /lib/systemd/systemd-udevd root 429 0.0 0.5 37080 2724 ? Ss 21:20 0:00 /sbin/rpcbind -w statd 443 0.0 0.5 37280 2936 ? Ss 21:20 0:00 /sbin/rpc.statd root 480 0.0 0.5 17724 2664 ? Ss 21:20 0:00 /usr/sbin/dovecot -F root 513 0.0 0.4 14236 2180 hvc0 Ss+ 21:20 0:00 /sbin/agetty --keep-baud 115200 38400 9600 hvc0 vt102 www-data 695 0.0 1.7 219348 8804 ? S 21:20 0:00 /usr/sbin/apache2 -k start root 2808 0.0 1.1 82728 5876 ? Ss 21:56 0:00 sshd: andrew [priv] root 3287 0.0 0.4 12732 2168 pts/0 S+ 22:05 0:00 grep 80 systemctl status apache2 ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2) Active: active (running) since Mon 2016-05-02 21:20:23 PDT; 48min ago Process: 477 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS) CGroup: /system.slice/apache2.service ├─ 643 /usr/sbin/apache2 -k start ├─ 694 /usr/sbin/apache2 -k start ├─ 695 /usr/sbin/apache2 -k start ├─ 696 /usr/sbin/apache2 -k start ├─ 697 /usr/sbin/apache2 -k start ├─ 698 /usr/sbin/apache2 -k start └─1003 /usr/sbin/apache2 -k start May 02 21:20:23 web-server apache2[477]: Starting web server: apache2.
伺服器本地 ip 為 10.0.25.0。客戶端是 10.1.0.0。
tcpdump -n port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 22:13:31.449906 IP 10.1.0.0.4043 > 10.0.25.0.80: Flags [S], seq 3670228936, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:13:31.449959 IP 10.0.25.0.80 > 10.1.0.0.4043: Flags [S.], seq 3250350582, ack 3670228937, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 22:13:31.449984 IP 10.1.0.0.4045 > 10.0.25.0.80: Flags [S], seq 446370714, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:13:31.449995 IP 10.0.25.0.80 > 10.1.0.0.4045: Flags [S.], seq 2977754323, ack 446370715, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 22:13:31.450296 IP 10.1.0.0.4044 > 10.0.25.0.80: Flags [S], seq 1734125982, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:13:31.450346 IP 10.0.25.0.80 > 10.1.0.0.4044: Flags [S.], seq 3475246672, ack 1734125983, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 22:13:31.450366 IP 10.1.0.0.4046 > 10.0.25.0.80: Flags [S], seq 1502682879, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:13:31.450375 IP 10.0.25.0.80 > 10.1.0.0.4046: Flags [S.], seq 3725546174, ack 1502682880, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 22:13:31.450380 IP 10.1.0.0.4043 > 10.0.25.0.80: Flags [.], ack 1, win 256, length 0 22:13:31.450385 IP 10.1.0.0.4045 > 10.0.25.0.80: Flags [.], ack 1, win 256, length 0 22:13:31.450436 IP 10.1.0.0.4045 > 10.0.25.0.80: Flags [P.], seq 1:486, ack 1, win 256, length 485 22:13:31.450469 IP 10.0.25.0.80 > 10.1.0.0.4045: Flags [.], ack 486, win 473, length 0 22:13:31.450753 IP 10.1.0.0.4044 > 10.0.25.0.80: Flags [.], ack 1, win 256, length 0 22:13:31.450760 IP 10.1.0.0.4046 > 10.0.25.0.80: Flags [.], ack 1, win 256, length 0 22:13:31.452149 IP 10.0.25.0.80 > 10.1.0.0.4045: Flags [.], seq 1:2921, ack 486, win 473, length 2920 22:13:31.452348 IP 10.0.25.0.80 > 10.1.0.0.4045: Flags [P.], seq 2921:3419, ack 486, win 473, length 498 22:13:31.452497 IP 10.1.0.0.4045 > 10.0.25.0.80: Flags [.], ack 2921, win 256, length 0 22:13:31.469780 IP 10.1.0.0.4045 > 10.0.25.0.80: Flags [P.], seq 486:939, ack 3419, win 254, length 453 22:13:31.470040 IP 10.0.25.0.80 > 10.1.0.0.4045: Flags [P.], seq 3419:3601, ack 939, win 490, length 182 22:13:31.520799 IP 10.1.0.0.4045 > 10.0.25.0.80: Flags [.], ack 3601, win 253, length 0 ^C 20 packets captured 20 packets received by filter 0 packets dropped by kernel
1 - 2 小時後,它不會收到來自網路外部的任何數據包。因此,下面是啟動後的 tcpdump,以便您可以看到它在一段時間內可以正常工作。
tcpdump -n port 80 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 22:17:55.192042 IP 10.0.0.1.4092 > 10.0.25.0.80: Flags [S], seq 1175674010, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:17:55.192100 IP 10.0.25.0.80 > 10.0.0.1.4092: Flags [S.], seq 1155279685, ack 1175674011, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 22:17:55.192121 IP 10.0.0.1.4094 > 10.0.25.0.80: Flags [S], seq 2011823322, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:17:55.192131 IP 10.0.25.0.80 > 10.0.0.1.4094: Flags [S.], seq 4263240, ack 2011823323, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 22:17:55.192136 IP 10.0.0.1.4093 > 10.0.25.0.80: Flags [S], seq 2247299647, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:17:55.192145 IP 10.0.25.0.80 > 10.0.0.1.4093: Flags [S.], seq 1959082678, ack 2247299648, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 22:17:55.192202 IP 10.0.0.1.4095 > 10.0.25.0.80: Flags [S], seq 2917948577, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0 22:17:55.192210 IP 10.0.25.0.80 > 10.0.0.1.4095: Flags [S.], seq 2957320834, ack 2917948578, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 6], length 0 22:17:55.193109 IP 10.0.0.1.4092 > 10.0.25.0.80: Flags [.], ack 1, win 256, length 0 22:17:55.193131 IP 10.0.0.1.4094 > 10.0.25.0.80: Flags [.], ack 1, win 256, length 0 22:17:55.193212 IP 10.0.0.1.4093 > 10.0.25.0.80: Flags [.], ack 1, win 256, length 0 22:17:55.194606 IP 10.0.0.1.4092 > 10.0.25.0.80: Flags [P.], seq 1:495, ack 1, win 256, length 494 22:17:55.194657 IP 10.0.25.0.80 > 10.0.0.1.4092: Flags [.], ack 495, win 473, length 0 22:17:55.194749 IP 10.0.0.1.4095 > 10.0.25.0.80: Flags [.], ack 1, win 256, length 0 22:17:55.196114 IP 10.0.25.0.80 > 10.0.0.1.4092: Flags [.], seq 1:2921, ack 495, win 473, length 2920 22:17:55.196329 IP 10.0.25.0.80 > 10.0.0.1.4092: Flags [P.], seq 2921:3419, ack 495, win 473, length 498 22:17:55.204189 IP 10.0.0.1.4092 > 10.0.25.0.80: Flags [.], ack 2921, win 256, length 0 22:17:55.215582 IP 10.0.0.1.4092 > 10.0.25.0.80: Flags [P.], seq 495:966, ack 3419, win 254, length 471 22:17:55.215815 IP 10.0.25.0.80 > 10.0.0.1.4092: Flags [P.], seq 3419:3601, ack 966, win 490, length 182 22:17:55.268342 IP 10.0.0.1.4092 > 10.0.25.0.80: Flags [.], ack 3601, win 253, length 0 ^C 20 packets captured 20 packets received by filter 0 packets dropped by kernel
這是不工作時的 tcpdump。這是每個埠的轉儲。請注意,它只包含 ssh 數據包,與 apache 或 postfix 無關。
20:23:38.066007 IP (tos 0x10, ttl 64, id 2649, offset 0, flags [DF], proto TCP (6), length 296) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e1b (incorrect -> 0x8dfc), seq 5140320:5140576, ack 4001, win 520, length 256 20:23:38.066057 IP (tos 0x10, ttl 64, id 2650, offset 0, flags [DF], proto TCP (6), length 296) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e1b (incorrect -> 0x79a8), seq 5140576:5140832, ack 4001, win 520, length 256 20:23:38.066107 IP (tos 0x10, ttl 64, id 2651, offset 0, flags [DF], proto TCP (6), length 328) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e3b (incorrect -> 0x732f), seq 5140832:5141120, ack 4001, win 520, length 288 20:23:38.066157 IP (tos 0x10, ttl 64, id 2652, offset 0, flags [DF], proto TCP (6), length 424) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e9b (incorrect -> 0x8487), seq 5141120:5141504, ack 4001, win 520, length 384 20:23:38.066212 IP (tos 0x0, ttl 128, id 6106, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x3636 (correct), ack 5140832, win 251, length 0 20:23:38.066216 IP (tos 0x10, ttl 64, id 2653, offset 0, flags [DF], proto TCP (6), length 232) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2ddb (incorrect -> 0x85c9), seq 5141504:5141696, ack 4001, win 520, length 192 20:23:38.066254 IP (tos 0x0, ttl 128, id 6107, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x3511 (correct), ack 5141120, win 256, length 0 20:23:38.066258 IP (tos 0x10, ttl 64, id 2654, offset 0, flags [DF], proto TCP (6), length 328) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e3b (incorrect -> 0xed66), seq 5141696:5141984, ack 4001, win 520, length 288 20:23:38.066308 IP (tos 0x10, ttl 64, id 2655, offset 0, flags [DF], proto TCP (6), length 296) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e1b (incorrect -> 0x3b02), seq 5141984:5142240, ack 4001, win 520, length 256 20:23:38.066355 IP (tos 0x0, ttl 128, id 6108, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x32d3 (correct), ack 5141696, win 254, length 0 20:23:38.066363 IP (tos 0x10, ttl 64, id 2656, offset 0, flags [DF], proto TCP (6), length 200) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2dbb (incorrect -> 0x5031), seq 5142240:5142400, ack 4001, win 520, length 160 20:23:38.066457 IP (tos 0x10, ttl 64, id 2657, offset 0, flags [DF], proto TCP (6), length 552) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2f1b (incorrect -> 0x784b), seq 5142400:5142912, ack 4001, win 520, length 512 20:23:38.066505 IP (tos 0x0, ttl 128, id 6109, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x30b5 (correct), ack 5142240, win 252, length 0 20:23:38.066513 IP (tos 0x10, ttl 64, id 2658, offset 0, flags [DF], proto TCP (6), length 328) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e3b (incorrect -> 0x17e5), seq 5142912:5143200, ack 4001, win 520, length 288 20:23:38.066606 IP (tos 0x10, ttl 64, id 2659, offset 0, flags [DF], proto TCP (6), length 456) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2ebb (incorrect -> 0x1077), seq 5143200:5143616, ack 4001, win 520, length 416 20:23:38.066657 IP (tos 0x10, ttl 64, id 2660, offset 0, flags [DF], proto TCP (6), length 200) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2dbb (incorrect -> 0xbfea), seq 5143616:5143776, ack 4001, win 520, length 160 20:23:38.066712 IP (tos 0x0, ttl 128, id 6110, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x2cf1 (correct), ack 5143200, win 256, length 0 20:23:38.066716 IP (tos 0x10, ttl 64, id 2661, offset 0, flags [DF], proto TCP (6), length 504) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2eeb (incorrect -> 0xd7e3), seq 5143776:5144240, ack 4001, win 520, length 464 20:23:38.066807 IP (tos 0x0, ttl 128, id 6111, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x2ab3 (correct), ack 5143776, win 254, length 0 20:23:38.066815 IP (tos 0x10, ttl 64, id 2662, offset 0, flags [DF], proto TCP (6), length 408) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e8b (incorrect -> 0xfdc6), seq 5144240:5144608, ack 4001, win 520, length 368 20:23:38.066850 IP (tos 0x0, ttl 128, id 6112, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x28e5 (correct), ack 5144240, win 252, length 0 20:23:38.066853 IP (tos 0x10, ttl 64, id 2663, offset 0, flags [DF], proto TCP (6), length 200) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2dbb (incorrect -> 0x9d2e), seq 5144608:5144768, ack 4001, win 520, length 160 20:23:38.066908 IP (tos 0x10, ttl 64, id 2664, offset 0, flags [DF], proto TCP (6), length 296) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e1b (incorrect -> 0xf162), seq 5144768:5145024, ack 4001, win 520, length 256 20:23:38.066956 IP (tos 0x10, ttl 64, id 2665, offset 0, flags [DF], proto TCP (6), length 248) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2deb (incorrect -> 0x2bbc), seq 5145024:5145232, ack 4001, win 520, length 208 20:23:38.067006 IP (tos 0x10, ttl 64, id 2666, offset 0, flags [DF], proto TCP (6), length 232) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2ddb (incorrect -> 0x68fb), seq 5145232:5145424, ack 4001, win 520, length 192 20:23:38.067051 IP (tos 0x0, ttl 128, id 6113, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x26d1 (correct), ack 5144768, win 256, length 0 20:23:38.067054 IP (tos 0x10, ttl 64, id 2667, offset 0, flags [DF], proto TCP (6), length 200) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2dbb (incorrect -> 0x3ccd), seq 5145424:5145584, ack 4001, win 520, length 160 20:23:38.067103 IP (tos 0x0, ttl 128, id 6114, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x2503 (correct), ack 5145232, win 254, length 0 20:23:38.067106 IP (tos 0x10, ttl 64, id 2668, offset 0, flags [DF], proto TCP (6), length 232) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2ddb (incorrect -> 0x8871), seq 5145584:5145776, ack 4001, win 520, length 192 20:23:38.067156 IP (tos 0x10, ttl 64, id 2669, offset 0, flags [DF], proto TCP (6), length 296) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2e1b (incorrect -> 0x3056), seq 5145776:5146032, ack 4001, win 520, length 256 20:23:38.067202 IP (tos 0x0, ttl 128, id 6115, offset 0, flags [DF], proto TCP (6), length 40) 10.1.0.0.37324 > 10.0.25.0.ssh: Flags [.], cksum 0x23a4 (correct), ack 5145584, win 253, length 0 20:23:38.067205 IP (tos 0x10, ttl 64, id 2670, offset 0, flags [DF], proto TCP (6), length 184) 10.0.25.0.ssh > 10.1.0.0.37324: Flags [P.], cksum 0x2dab (incorrect -> 0x3388), seq 5146032:5146176, ack 4001, win 520, length 144 20707 packets captured 24555 packets received by filter 0 packets dropped by kernel
問題與我的路由器沒有獲得正確的 arp 資訊有關。我通過給我的路由器靜態 arp 條目解決了這個問題。