Networking
Wget、Curl、Yum 失敗但 Ping 工作 - CentOS 5
我們目前有三個網路伺服器。
伺服器一和二的行為,但我對第三個有真正的問題。
wget
,curl
並且yum
都無法建立連接 - 也就是說,它們在解析主機並嘗試連接後都掛起。範例(我嘗試了許多不同的網址):
# wget http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html --2010-09-02 20:00:26-- http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html Resolving rpm.pbone.net... 85.14.85.4 Connecting to rpm.pbone.net|85.14.85.4|:80...
… hang
# curl -v http://rpm.pbone.net/index.php3/stat/4/idpl/13941547/dir/centos_5/com/httpd-2.2.3-43.el5.centos.i386.rpm.html * About to connect() to rpm.pbone.net port 80 * Trying 85.14.85.4...
… hang
#yum -d9 update Loading "fastestmirror" plugin Config time: 0.052 Running "init" handler for "fastestmirror" plugin Yum Version: 3.2.22 COMMAND: yum -d9 update Installroot: / Setting up Package Sacks Running "postreposetup" handler for "fastestmirror" plugin Loading mirror speeds from cached hostfile
… hang
但:
# ping rpm.pbone.net PING gepard.pbone.net (85.14.85.4) 56(84) bytes of data. 64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=1 ttl=49 time=449 ms 64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=2 ttl=49 time=448 ms 64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=3 ttl=49 time=444 ms 64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=4 ttl=49 time=445 ms 64 bytes from gepard.pbone.net (85.14.85.4): icmp_seq=5 ttl=49 time=457 ms
我遠不是伺服器專家,有人對從哪裡開始解決這個問題有任何指示嗎?
編輯:
# netstat -lan | egrep LISTEN tcp 0 0 0.0.0.0:941 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::22 :::* LISTEN unix 2 [ ACC ] STREAM LISTENING 7451 /tmp/.font-unix/fs7100 unix 2 [ ACC ] STREAM LISTENING 7678 @/tmp/fam-root- unix 2 [ ACC ] STREAM LISTENING 5824 @/var/run/hald/dbus-3hUBzR5e9e unix 2 [ ACC ] STREAM LISTENING 5087 /var/run/audispd_events unix 2 [ ACC ] STREAM LISTENING 5825 @/var/run/hald/dbus-rDLe61j4bM unix 2 [ ACC ] STREAM LISTENING 5545 /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 5616 /var/run/sdp unix 2 [ ACC ] STREAM LISTENING 5749 /var/run/pcscd.comm unix 2 [ ACC ] STREAM LISTENING 5782 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 7075 /var/run/cups/cups.sock unix 2 [ ACC ] STREAM LISTENING 7585 /var/run/avahi-daemon/socket unix 2 [ ACC ] STREAM LISTENING 7389 /dev/gpmctl
# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
您有防火牆規則阻止埠 80 出站,或拒絕相互的入站響應。這些可以是軟體防火牆規則,可能會專門阻止埠 80 或所有 TCP(PING 是 ICMP),請檢查:
iptables -L
正如 ErikA 上面指出的那樣。也可能是硬體防火牆問題 - 伺服器是否位於 Cisco 防火牆後面?請諮詢您的定位系統管理員。如果您可以從其他機器上捲曲,則它們已打開:80。他們也有可能(但不太可能)阻止你是他們的一方,但如果你不能捲曲任何東西(甚至是Google),它就是你的一方。