apache不接受来自本地主机外部的传入连接 [英] apache not accepting incoming connections from outside of localhost
问题描述
我在 rackspace 上启动了一个 CentOS 服务器并执行了 yum install httpd
'd.然后services httpd start
.所以,只是准系统.
I've booted up a CentOS server on rackspace and executed yum install httpd
'd. Then services httpd start
. So, just the barebones.
我可以通过 ssh (22) 远程访问它的 IP 地址没问题,所以 DNS 或任何东西都没有问题(我认为...),但是当我尝试在端口 80 上连接时(通过浏览器或其他东西) 我得到连接被拒绝.
I can access its IP address remotely over ssh (22) no problem, so there's no problem with the DNS or anything (I think...), but when I try to connect on port 80 (via a browser or something) I get connection refused.
但是,从本地主机,我可以使用 telnet (80),甚至可以在其自身上使用 lynx,并且可以毫无问题地获得服务.从外面(我的房子、我的学校、当地的咖啡店等),telnet 在 22 上连接,但不是 80.
From localhost, however, I can use telnet (80), or even lynx on itself and get served with no problem. From outside (my house, my school, a local coffee shop, etc...), telnet connects on 22, but not 80.
我使用 netstat -tulpn
(<- 我不会撒谎,我不明白 -tulpn
部分,但这就是互联网所说的我要做...),看看
I use netstat -tulpn
(<- I'm not going to lie, I don't understand the -tulpn
part, but that's what the internet told me to do...) and see
tcp 0 0 :::80 :::* LISTEN -
我相信我应该这样做.httpd.conf
说 Listen 80
.
as I believe I should. The httpd.conf
says Listen 80
.
我有很多次services httpd restart
.
老实说,我不知道该怎么做.机架空间不可能对传入的端口 80 请求设置防火墙.我觉得我错过了一些愚蠢的东西,但我现在已经启动了两次准系统服务器,并且已经做了绝对最低限度的工作来获得这个功能,我认为我已经用我的修补把事情搞砸了,但都没有奏效.
Honestly I have no idea what to do. There is NO way that rackspace has a firewall on incoming port 80 requests. I feel like I'm missing something stupid, but I've booted up a barebones server twice now and have done the absolute minimum to get this functioning thinking I had mucked things up with my tinkering, but neither worked.
非常感谢任何帮助!(对于冗长的帖子感到抱歉......)
Any help is greatly appreciated! (And sorry for the long winded post...)
编辑我被要求发布 iptables -L
的输出.所以这里是:
Edit
I was asked to post the output of iptables -L
. So here it is:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
推荐答案
万一还没解决.你的 iptables 说:
In case not solved yet. Your iptables say:
状态相关,已建立
这意味着它只允许传递已经建立的连接......这是由您建立的,而不是由远程机器建立的.然后你可以在接下来的规则中看到例外情况:
Which means that it lets pass only connections already established... that's established by you, not by remote machines. Then you can see exceptions to this in the next rules:
state NEW tcp dpt:ssh
这仅适用于 ssh,因此您应该为 http 添加类似的规则/行,您可以这样做:
Which counts only for ssh, so you should add a similar rule/line for http, which you can do like this:
state NEW tcp dpt:80
你可以这样做:
sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
(在这种情况下,我选择在第四行添加新规则)
(In this case I am choosing to add the new rule in the fourth line)
请记住,在编辑完文件后,您应该像这样保存它:
Remember that after editing the file you should save it like this:
sudo /etc/init.d/iptables save
这篇关于apache不接受来自本地主机外部的传入连接的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!