:::9100localhost를 통해 개설된 로컬 서비스에 접근할 수 있지만 ,
[root@os3 ~]# curl localhost:9100
<html>
<head><title>Node Exporter</title></head>
<body>
<h1>Node Exporter</h1>
<p><a href="/metrics">Metrics</a></p>
</body>
</html>
[root@os3 ~]#
로컬 IP를 통해 포트에 액세스할 수 없습니다(IPv4에서도 수신 대기하며 테스트하고 이 문서 끝에 결과를 첨부했습니다). 및 기타 모든 서비스(SSH 제외)
[root@os3 ~]# curl 70.60.31.103:9100
.... hanging ....
[root@os3 ~]# curl 70.60.31.103:80
.... hanging ....
서버 정보
운영 체제: Centos 7.6(방화벽그리고SELinux비활성화됨)
서비스 활성화됨
[root@os3 ~]# netstat -tpln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN 12116/X
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 12890/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 12886/cupsd
tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 15722/sshd: hbseo@p
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 13262/master
tcp 0 0 70.60.31.103:80 0.0.0.0:* LISTEN 8418/httpd
tcp6 0 0 :::9100 :::* LISTEN 14128/node_exporter
tcp6 0 0 :::111 :::* LISTEN 1/systemd
tcp6 0 0 :::6000 :::* LISTEN 12116/X
tcp6 0 0 :::22 :::* LISTEN 12890/sshd
tcp6 0 0 ::1:631 :::* LISTEN 12886/cupsd
tcp6 0 0 ::1:3128 :::* LISTEN 15722/sshd: hbseo@p
tcp6 0 0 ::1:25 :::* LISTEN 13262/master
[root@os3 ~]#
상호 작용
[root@os3 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp5s0f0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 0c:c4:7a:69:21:b2 brd ff:ff:ff:ff:ff:ff
3: enp5s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 0c:c4:7a:69:21:b3 brd ff:ff:ff:ff:ff:ff
4: enp130s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 0c:c4:7a:55:fe:a2 brd ff:ff:ff:ff:ff:ff
inet 70.60.31.103/24 brd 70.60.31.255 scope global noprefixroute enp130s0f0
valid_lft forever preferred_lft forever
inet6 fe80::bc7c:de99:848a:a6ff/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: enp4s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 0c:c4:7a:bc:71:68 brd ff:ff:ff:ff:ff:ff
6: enp130s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 0c:c4:7a:55:fe:a3 brd ff:ff:ff:ff:ff:ff
7: enp4s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 0c:c4:7a:bc:71:69 brd ff:ff:ff:ff:ff:ff
8: enp133s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 0c:c4:7a:bc:71:6e brd ff:ff:ff:ff:ff:ff
9: enp133s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 0c:c4:7a:bc:71:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.1.103/24 brd 192.168.1.255 scope global noprefixroute enp133s0f1
valid_lft forever preferred_lft forever
inet6 fe80::2fdc:d6c1:e4f3:2c8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
10: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:17:99:89:9c brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
11: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 9e:e6:48:43:73:87 brd ff:ff:ff:ff:ff:ff
12: br-tun: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ea:c1:6d:7d:8d:41 brd ff:ff:ff:ff:ff:ff
13: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether ce:14:02:e1:0d:4b brd ff:ff:ff:ff:ff:ff
라우팅 테이블
[root@os3 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default gateway 0.0.0.0 UG 100 0 0 enp130s0f0
70.60.31.0 0.0.0.0 255.255.255.0 U 100 0 0 enp130s0f0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0
192.168.1.0 0.0.0.0 255.255.255.0 U 101 0 0 enp133s0f1
[root@os3 ~]# ip route show table local
broadcast 70.60.31.0 dev enp130s0f0 proto kernel scope link src 70.60.31.103
local 70.60.31.103 dev enp130s0f0 proto kernel scope host src 70.60.31.103
broadcast 70.60.31.255 dev enp130s0f0 proto kernel scope link src 70.60.31.103
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1
broadcast 172.17.0.0 dev docker0 proto kernel scope link src 172.17.0.1
local 172.17.0.1 dev docker0 proto kernel scope host src 172.17.0.1
broadcast 172.17.255.255 dev docker0 proto kernel scope link src 172.17.0.1
broadcast 192.168.1.0 dev enp133s0f1 proto kernel scope link src 192.168.1.103
local 192.168.1.103 dev enp133s0f1 proto kernel scope host src 192.168.1.103
broadcast 192.168.1.255 dev enp133s0f1 proto kernel scope link src 192.168.1.103
[root@os3 ~]#
[root@os3 ~]#
[root@os3 ~]# ip route show table main
default via 70.60.31.1 dev enp130s0f0 proto static metric 100
70.60.31.0/24 dev enp130s0f0 proto kernel scope link src 70.60.31.103 metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1
192.168.1.0/24 dev enp133s0f1 proto kernel scope link src 192.168.1.103 metric 101
[root@os3 ~]#
교량 정보
[root@os3 ~]# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02421799899c no
[root@os3 ~]#
iptables
[root@os3 ~]# iptables -t nat -vL
Chain PREROUTING (policy ACCEPT 482 packets, 53615 bytes)
pkts bytes target prot opt in out source destination
95 5700 DOCKER all -- any any anywhere anywhere ADDRTYPE match dst-type LOCAL
Chain INPUT (policy ACCEPT 313 packets, 29974 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 805 packets, 53019 bytes)
pkts bytes target prot opt in out source destination
7 420 DOCKER all -- any any anywhere !loopback/8 ADDRTYPE match dst-type LOCAL
Chain POSTROUTING (policy ACCEPT 805 packets, 53019 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- any !docker0 172.17.0.0/16 anywhere
Chain DOCKER (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- docker0 any anywhere anywhere
[root@os3 ~]# iptables -vL
Chain INPUT (policy ACCEPT 47446 packets, 26M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DOCKER-USER all -- any any anywhere anywhere
0 0 DOCKER-ISOLATION-STAGE-1 all -- any any anywhere anywhere
0 0 ACCEPT all -- any docker0 anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 DOCKER all -- any docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 !docker0 anywhere anywhere
0 0 ACCEPT all -- docker0 docker0 anywhere anywhere
Chain OUTPUT (policy ACCEPT 39943 packets, 41M bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
pkts bytes target prot opt in out source destination
0 0 DOCKER-ISOLATION-STAGE-2 all -- docker0 !docker0 anywhere anywhere
0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- any docker0 anywhere anywhere
0 0 RETURN all -- any any anywhere anywhere
Chain DOCKER-USER (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- any any anywhere anywhere
[root@os3 ~]#
내가 놓친 것이 있나요?
해당 포트가 IPv4에서도 수신 대기 중인 것 같은데, 아래와 같이 다른 서버에서 테스트했습니다.
[centos@gateway ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fa:16:3e:ce:96:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.102.59/24 brd 192.168.102.255 scope global dynamic eth0
valid_lft 55866sec preferred_lft 55866sec
inet6 fe80::f816:3eff:fece:9697/64 scope link
valid_lft forever preferred_lft forever
3: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:bf:18:26:36 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:bfff:fe18:2636/64 scope link
valid_lft forever preferred_lft forever
[centos@gateway ~]$ netstat -ptln
(No info could be read for "-p": geteuid()=1000 but you should be root.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 ::1:25 :::* LISTEN -
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::4001 :::* LISTEN -
tcp6 0 0 :::6443 :::* LISTEN -
tcp6 0 0 :::2379 :::* LISTEN -
tcp6 0 0 :::2380 :::* LISTEN -
tcp6 0 0 :::111 :::* LISTEN -
tcp6 0 0 :::9100 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
[centos@gateway ~]$
[centos@gateway ~]$ curl 192.168.102.59:9100
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>
<head>
<title>Index of /</title>
</head>
<body>
.....
답변1
ipv4 주소에 액세스하려고 하는데 서비스가 ipv6만 수신합니다. ipv4 소켓을 수신하도록 서비스 구성을 변경해 보십시오. SSH와 웹은 ipv4 소켓을 수신하므로 ipv4를 사용하여 로컬 서버 외부에서 SSH에 액세스할 수 있습니다.
업데이트: 이 줄은 SSH가 ipv4에서 열려 있음을 의미합니다.
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 12890/sshd
이 줄은 ipv4의 포트 80이 열려 있음을 나타냅니다.
tcp 0 0 70.60.31.103:80 0.0.0.0:* LISTEN 8418/httpd
이 줄은 9100이 ipv6에서 열려 있음을 의미합니다.
tcp6 0 0 :::9100 :::* LISTEN 14128/node_exporter
네트워크 상태에 따르면 ipv4에 9100이 없습니다.