[問題] httpd 80port 一直connection refused

看板Linux作者 (朔雪)時間11年前 (2014/11/06 23:04), 11年前編輯推噓3(3034)
留言37則, 6人參與, 最新討論串1/1
我的電腦目前是ubuntu14.10 kernel 3.16.0-23 今天原本想在自己電腦上測試一些網頁 便用了apache 之後用netstat確定port有 但是nmap localhost 卻掃描不到 還有nc也是connection refused 之後換用nginx也是同樣的狀況 於是我直接換用nc在80port監聽 listen的nc完全沒有任何訊息 但連線的nc一樣是connection refused 這時我換用其它port就正常了 (測了一個1024內的 跟一個1024以上的) syslog也沒有相關的訊息 這要如何解決 另外我是第一次碰到這類的問題 不知道該提供什麼樣的資訊才有幫助 如果還需要什麼隨時補充 謝謝 -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 1.175.71.186 ※ 文章網址: http://www.ptt.cc/bbs/Linux/M.1415286280.A.FB3.html
11/06 23:38, , 1F
看你怎麼啟動nginx的
11/06 23:38, 1F
11/07 00:28, , 2F
service nginx start
11/07 00:28, 2F
11/07 05:30, , 3F
防火牆?
11/07 05:30, 3F
11/07 10:05, , 4F
我是在本機連的 應該是不會的
11/07 10:05, 4F
11/07 18:01, , 5F
iptables -A INPUT -i lo -p TCP --dport 80 -j DROP
11/07 18:01, 5F
11/07 18:01, , 6F
擋localhost不困難啊
11/07 18:01, 6F
11/07 18:52, , 7F
但是正常來說預設不會擋
11/07 18:52, 7F
11/08 07:34, , 8F
我是用ufw 沒有直接碰到iptables ufw的規則預設是放
11/08 07:34, 8F
11/08 07:35, , 9F
行本機的 我也確定我沒在ufw上加上擋本機的設定
11/08 07:35, 9F
11/08 07:35, , 10F
不過保險起見等下我會查查iptables
11/08 07:35, 10F
11/08 07:49, , 11F
剛剛看了一下 應該是沒有類的的規則 另外也看過log
11/08 07:49, 11F
11/08 07:49, , 12F
沒有看到對於80 port的block記錄
11/08 07:49, 12F
11/08 07:55, , 13F
剛才又測試了將ufw disable確定iptable清空後 再用
11/08 07:55, 13F
11/08 07:57, , 14F
nc做一次測試 依然無法連線
11/08 07:57, 14F
11/08 11:59, , 15F
權限問題??你google"nginx port 80"有人再討論
11/08 11:59, 15F
11/08 12:01, , 16F
不然就是設定有問題
11/08 12:01, 16F
11/08 19:59, , 17F
問題是我已經用sudo 跑nc 也發生一樣的事了
11/08 19:59, 17F
11/08 20:04, , 18F
iptables的policy是accept?另tcpdump -ni lo 'tcp port 80'
11/08 20:04, 18F
11/08 20:05, , 19F
有handshake?apache/nginx的log有秀正常啟動嗎?
11/08 20:05, 19F
11/08 22:36, , 20F
tcpdump 的部份 syn後是馬上收到一個rst ack的
11/08 22:36, 20F
11/08 22:37, , 21F
iptables我整個貼上來好了
11/08 22:37, 21F
Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere ctstate NEW ACCEPT udp -- anywhere anywhere ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:6881 ACCEPT udp -- anywhere anywhere udp dpt:6881 ACCEPT tcp -- anywhere anywhere tcp dpt:24800 ACCEPT udp -- anywhere anywhere udp dpt:24800 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ※ 編輯: dododavid006 (113.61.208.1), 11/08/2014 22:40:04
11/08 23:13, , 22F
我沒用ufw所以不確定,不過看起來default policy是drop
11/08 23:13, 22F
11/08 23:17, , 23F
要不要試試先全關掉,測簡單的環境:http://ppt.cc/UvLq
11/08 23:17, 23F
11/08 23:22, , 24F
你收到rst是用nc測的嗎?
11/08 23:22, 24F
11/08 23:25, , 25F
是的 連線的部份是nc server有測apache,nc
11/08 23:25, 25F
11/08 23:31, , 26F
剛才原先要嘗試照著iptables的部份做 但第一部就出
11/08 23:31, 26F
11/08 23:32, , 27F
現了 iptables: Too many links. 於是我換成用
11/08 23:32, 27F
11/08 23:32, , 28F
ufw disable(這其實在之前也有試過) 結果一樣
11/08 23:32, 28F
11/09 09:04, , 29F
抱歉,剛發現網頁給的步驟少了flush,試:http://ppt.cc/J5qm
11/09 09:04, 29F
11/09 09:05, , 30F
會收到rst很令人納悶
11/09 09:05, 30F
11/09 12:13, , 31F
測試過了 這次沒有出現錯誤 但結果一樣
11/09 12:13, 31F
11/09 17:03, , 32F
扣除掉fw因素,rst我只想到兩個可能 1.port沒開 2.軟體沒
11/09 17:03, 32F
11/09 17:05, , 33F
accept(), 你說port有開成功,而nc在80不行在其他port可,
11/09 17:05, 33F
11/09 17:06, , 34F
我只能亂想是別的程式從中作梗,或OS或其他更底層的問題
11/09 17:06, 34F
11/10 08:58, , 35F
真的沒辦法嗎 雖然目前可以用換port的方式就是了…
11/10 08:58, 35F
11/10 19:14, , 36F
很奇怪的現象,也無法複製環境。或許版上高手有其他辦法。
11/10 19:14, 36F
11/10 19:15, , 37F
我也喜歡用ubuntu,可惜沒辦法幫到你...
11/10 19:15, 37F
更多 dododavid006 的文章
文章代碼(AID): #1KMuu8-p (Linux)