Networking

Wget、Curl、Yum 失敗但 Ping 工作 - CentOS 5

  • July 10, 2013

我們目前有三個網路伺服器。

伺服器一和二的行為,但我對第三個有真正的問題。

wgetcurl並且yum都無法建立連接 - 也就是說,它們在解析主機並嘗試連接後都掛起。

範例(我嘗試了許多不同的網址):

# wget http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html
--2010-09-02 20:00:26--  http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html
Resolving rpm.pbone.net... 85.14.85.4
Connecting to rpm.pbone.net|85.14.85.4|:80... 

… hang

# curl -v http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html
* About to connect() to rpm.pbone.net port 80
*   Trying 85.14.85.4... 

… hang

#yum -d9 update
Loading "fastestmirror" plugin
Config time: 0.052
Running "init" handler for "fastestmirror" plugin
Yum Version: 3.2.22
COMMAND: yum -d9 update 
Installroot: /
Setting up Package Sacks
Running "postreposetup" handler for "fastestmirror" plugin
Loading mirror speeds from cached hostfile

… hang

但:

# ping rpm.pbone.net
PING gepard.pbone.net (85.14.85.4) 56(84) bytes of data.
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=1 ttl=49 time=449 ms
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=2 ttl=49 time=448 ms
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=3 ttl=49 time=444 ms
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=4 ttl=49 time=445 ms
64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=5 ttl=49 time=457 ms

我遠不是伺服器專家,有人對從哪裡開始解決這個問題有任何指示嗎?

編輯:

# netstat -lan | egrep LISTEN
tcp        0      0 0.0.0.0:941                 0.0.0.0:*                   LISTEN      
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      
tcp        0      0 :::80                       :::*                        LISTEN      
tcp        0      0 :::22                       :::*                        LISTEN      
unix  2      [ ACC ]     STREAM     LISTENING     7451   /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     7678   @/tmp/fam-root-
unix  2      [ ACC ]     STREAM     LISTENING     5824   @/var/run/hald/dbus-3hUBzR5e9e
unix  2      [ ACC ]     STREAM     LISTENING     5087   /var/run/audispd_events
unix  2      [ ACC ]     STREAM     LISTENING     5825   @/var/run/hald/dbus-rDLe61j4bM
unix  2      [ ACC ]     STREAM     LISTENING     5545   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     5616   /var/run/sdp
unix  2      [ ACC ]     STREAM     LISTENING     5749   /var/run/pcscd.comm
unix  2      [ ACC ]     STREAM     LISTENING     5782   /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     7075   /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     7585   /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     7389   /dev/gpmctl

# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
RH-Firewall-1-INPUT  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            icmp any 
ACCEPT     esp  --  anywhere             anywhere            
ACCEPT     ah   --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:mdns 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ipp 
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

您有防火牆規則阻止埠 80 出站,或拒絕相互的入站響應。這些可以是軟體防火牆規則,可能會專門阻止埠 80 或所有 TCP(PING 是 ICMP),請檢查:

iptables -L正如 ErikA 上面指出的那樣。

也可能是硬體防火牆問題 - 伺服器是否位於 Cisco 防火牆後面?請諮詢您的定位系統管理員。如果您可以從其他機器上捲曲,則它們已打開:80。他們也有可能(但不太可能)阻止你是他們的一方,但如果你不能捲曲任何東西(甚至是Google),它就是你的一方。

引用自:https://serverfault.com/questions/177401