阿帕奇不从本地主机以外的接受传入的连接 [英] apache not accepting incoming connections from outside of localhost
问题描述
我已经启动了Rackspace的上一个CentOS服务器,并执行百胜安装的httpd 'D。然后服务的httpd启动。所以,仅仅准系统。
我可以通过ssh(22)没有问题的远程访问的IP地址,所以有与DNS或任何东西(我觉得...)没有问题,但是当我尝试在80端口连接(通过浏览器或某事)我得到的连接被拒绝。
从本地主机,不过,我可以使用telnet(80),甚至在自己猞猁和得到没有问题的服务。从外(我的房子,我的学校,当地的咖啡厅,等...),TELNET连接上22,而不是80
我用 netstat的-tulpn (小于 - 我不会说谎,我不明白的 -tulpn 部分,但是这就是互联网告诉我做......),看看
TCP 0 0 ::: 80 ::: * LISTEN -
,因为我相信我应该。在的httpd.conf 表示, 80收听。
我服务的httpd重新启动倒是很多时间。
老实说,我不知道该怎么做。还有的是,Rackspace公司对收到的80端口的请求防火墙没有办法。我觉得我失去了一些东西愚蠢,但我现在已经启动了一个准系统服务器两次,都做的绝对最低得到这个工作的思想我已经搞砸的事情与我的修修补补,但既不工作。
任何帮助是极大AP preciated! (很遗憾的长篇大论后...)
修改
有人问我发布的iptables -L 的输出。所以在这里,它是:
链输入(政策接受)
针对PROT选择源目标
接受所有 - 任何地方的任何地方相关国家成立
接受ICMP - 任何地方的任何地方
接受所有 - 任何地方的任何地方
接受TCP - 通过哪个新的TCP DPT:SSH
拒绝所有 - 任何地方的任何地方拒绝-与ICMP主机禁止链FORWARD(ACCEPT政策)
针对PROT选择源目标
拒绝所有 - 任何地方的任何地方拒绝-与ICMP主机禁止链输出(政策接受)
针对PROT选择源目标
在情况尚未解决。你的iptables说:
相关国家建立
这意味着它可以仅通过已经建立的连接...这是你所建立的,而不是由远程机器。然后,你可以看到例外,在未来的规则:
国家新的TCP DPT:SSH其中仅用于SSH计算,所以你应该增加对HTTP类似的规则/线,你可以这样做
国家新的TCP DPT:80,你可以这样做:
须藤的iptables -I INPUT -p 4 TCP -m状态--state NEW -m TCP --dport 80 -j ACCEPT(在这种情况下,我选择添加新的规则在第四行)
请记住,在编辑该文件后,你应该保存它是这样的:
须藤/etc/init.d/iptables保存I've booted up a CentOS server on rackspace and executed
yum install httpd'd. Thenservices httpd start. So, just the barebones.I can access its IP address remotely over ssh (22) no problem, so there's no problem with the DNS or anything (I think...), but when I try to connect on port 80 (via a browser or something) I get connection refused.
From localhost, however, I can use telnet (80), or even lynx on itself and get served with no problem. From outside (my house, my school, a local coffee shop, etc...), telnet connects on 22, but not 80.
I use
netstat -tulpn(<- I'm not going to lie, I don't understand the-tulpnpart, but that's what the internet told me to do...) and seetcp 0 0 :::80 :::* LISTEN -as I believe I should. The
httpd.confsaysListen 80.I have
services httpd restart'd many a time.Honestly I have no idea what to do. There is NO way that rackspace has a firewall on incoming port 80 requests. I feel like I'm missing something stupid, but I've booted up a barebones server twice now and have done the absolute minimum to get this functioning thinking I had mucked things up with my tinkering, but neither worked.
Any help is greatly appreciated! (And sorry for the long winded post...)
Edit I was asked to post the output of
iptables -L. So here it is:Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
解决方案In case not solved yet. Your iptables say:
state RELATED,ESTABLISHED
Which means that it lets pass only connections already established... that's established by you, not by remote machines. Then you can see exceptions to this in the next rules:
state NEW tcp dpt:sshWhich counts only for ssh, so you should add a similar rule/line for http, which you can do like this:
state NEW tcp dpt:80Which you can do like this:
sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT(In this case I am choosing to add the new rule in the fourth line)
Remember that after editing the file you should save it like this:
sudo /etc/init.d/iptables save
这篇关于阿帕奇不从本地主机以外的接受传入的连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
