apache不接受来自本地主机外部的传入连接 [英] apache not accepting incoming connections from outside of localhost

问题描述

我在 rackspace 上启动了一个 CentOS 服务器并执行了 yum install httpd'd.然后services httpd start.所以，只是准系统.

I've booted up a CentOS server on rackspace and executed yum install httpd'd. Then services httpd start. So, just the barebones.

我可以通过 ssh (22) 远程访问它的 IP 地址没问题，所以 DNS 或任何东西都没有问题(我认为...)，但是当我尝试在端口 80 上连接时(通过浏览器或其他东西) 我得到连接被拒绝.

I can access its IP address remotely over ssh (22) no problem, so there's no problem with the DNS or anything (I think...), but when I try to connect on port 80 (via a browser or something) I get connection refused.

但是，从本地主机，我可以使用 telnet (80)，甚至可以在其自身上使用 lynx，并且可以毫无问题地获得服务.从外面(我的房子、我的学校、当地的咖啡店等)，telnet 在 22 上连接，但不是 80.

From localhost, however, I can use telnet (80), or even lynx on itself and get served with no problem. From outside (my house, my school, a local coffee shop, etc...), telnet connects on 22, but not 80.

我使用 netstat -tulpn (<- 我不会撒谎，我不明白 -tulpn 部分，但这就是互联网所说的我要做...)，看看

I use netstat -tulpn (<- I'm not going to lie, I don't understand the -tulpn part, but that's what the internet told me to do...) and see

tcp    0    0 :::80     :::*    LISTEN    -                   

我相信我应该这样做.httpd.conf 说 Listen 80.

as I believe I should. The httpd.conf says Listen 80.

我有很多次services httpd restart.

老实说，我不知道该怎么做.机架空间不可能对传入的端口 80 请求设置防火墙.我觉得我错过了一些愚蠢的东西，但我现在已经启动了两次准系统服务器，并且已经做了绝对最低限度的工作来获得这个功能，我认为我已经用我的修补把事情搞砸了，但都没有奏效.

Honestly I have no idea what to do. There is NO way that rackspace has a firewall on incoming port 80 requests. I feel like I'm missing something stupid, but I've booted up a barebones server twice now and have done the absolute minimum to get this functioning thinking I had mucked things up with my tinkering, but neither worked.

非常感谢任何帮助！(对于冗长的帖子感到抱歉......)

Any help is greatly appreciated! (And sorry for the long winded post...)

编辑我被要求发布 iptables -L 的输出.所以这里是:

Edit I was asked to post the output of iptables -L. So here it is:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
ACCEPT     icmp --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh 
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination   

推荐答案

万一还没解决.你的 iptables 说:

In case not solved yet. Your iptables say:

状态相关，已建立

这意味着它只允许传递已经建立的连接......这是由您建立的，而不是由远程机器建立的.然后你可以在接下来的规则中看到例外情况:

Which means that it lets pass only connections already established... that's established by you, not by remote machines. Then you can see exceptions to this in the next rules:

state NEW tcp dpt:ssh

这仅适用于 ssh，因此您应该为 http 添加类似的规则/行，您可以这样做:

Which counts only for ssh, so you should add a similar rule/line for http, which you can do like this:

state NEW tcp dpt:80

你可以这样做:

sudo iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

(在这种情况下，我选择在第四行添加新规则)

(In this case I am choosing to add the new rule in the fourth line)

请记住，在编辑完文件后，您应该像这样保存它:

Remember that after editing the file you should save it like this:

sudo /etc/init.d/iptables save

这篇关于apache不接受来自本地主机外部的传入连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！