Ubuntu 서버가 있는데 이해할 수 없는 이상한 일이 일어나고 있습니다.
IP 주소로 서버를 핑할 수는 없지만 ssh를 통해 서버에 연결할 수는 있습니다. 명령줄을 통해 서버 내부의 Apache 서버에 액세스할 수 있지만 Windows 브라우저에서는 액세스할 수 없습니다.
지금 어떤 설정을 확인해야 합니까?
답변1
다음 도구를 사용하여 문제를 디버깅할 수 있습니다.
wireshark또는를 실행tcpdump하고 HTTP 요청이 서버에 도달하는지 확인합니다.사용
tcptraceroute$ tcptraceroute "webserver-ip" 80웹 서버가 모든 인터페이스(0.0.0.0)가 아닌 로컬 호스트(127.0.0.1)에서만 수신 대기할 수도 있습니다.
$ sudo netstat -taupen | grep LISTEN다음 명령을 사용하여 iptables 규칙을 확인하십시오.
$ sudo iptables -nvL방화벽 역할도 하는 SELinux의 상태를 확인합니다.
$ sudo sestatus
답변2
액세스를 차단하는 방화벽 규칙이 있을 수 있습니다. 출력을 확인하십시오
iptables -L. SSH를 제외한 모든 것이 차단되었을 수도 있습니다.이러한 서비스는 올바른 인터페이스나 포트에서 수신 대기하지 않을 수 있습니다. 출력을 확인하십시오
netstat -ntl.
이러한 명령이 문제 해결에 도움이 되지 않으면 질문에 해당 명령의 출력을 추가하세요. 출력도 추가되었습니다 ifconfig.
답변3
나에게도 이 문제가 있다. 위 명령의 일부 출력은 다음과 같습니다.
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
IP 테이블 출력:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
답변4
http와 같은 특정 포트나 서비스를 허용하려면 방화벽을 사용해야 할 수도 있습니다.
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload