Ubuntuサーバーがあり、理解できない奇妙なことが起こっています。
IPアドレスでサーバーをpingすることはできませんが、sshを介してサーバーに接続できます。コマンドラインからサーバー内のApacheサーバーにアクセスできますが、Windowsブラウザからはアクセスできません。
今どのような設定を確認する必要がありますか?
答え1
次のツールを使用して問題をデバッグできます。
wiresharkまたはを実行しtcpdump、HTTP要求がサーバーに到達していることを確認します。使用
tcptraceroute$ tcptraceroute "webserver-ip" 80Webサーバーは、すべてのインターフェース(0.0.0.0)ではなくローカルホスト(127.0.0.1)でのみリッスンすることもできます。
$ sudo netstat -taupen | grep LISTEN次のコマンドを使用して iptables ルールを確認します。
$ sudo iptables -nvLファイアウォールとして機能するSELinuxの状態を確認してください。
$ sudo sestatus
答え2
アクセスをブロックするファイアウォールルールがある可能性があります。出力を確認してください
iptables -L。 SSHを除くすべてがブロックされている可能性があります。これらのサービスは、正しいインターフェイスまたはポートでリッスンしない可能性があります。出力を確認してください
netstat -ntl。
これらのコマンドがトラブルシューティングに役立たない場合は、質問にそのコマンドの出力を追加してください。出力も追加されましたifconfig。
答え3
私にもこの問題がある。上記のコマンドのいくつかの出力は次のとおりです。
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
IPテーブル出力:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
答え4
httpなどの特定のポートまたはサービスを許可するには、ファイアウォールを使用する必要があります。
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload