Не может получить доступ к веб-серверу, но может ssh к нему
Быстрый и грязный и не очень устойчивый sed(1) острота:
echo 'Country,City,IP Address External
Australia,Sydney,"101.0.67.53"
Australia,Melbourne,"125.214.65.59"
Belgium,Brussels,"87.238.165.164"
Brazil,São Paulo,"200.170.83.170"
Brazil,Rio de Janeiro,"201.20.20.237"
Canada,Toronto,"208.69.56.166,
208.69.56.171,
208.69.56.172 "
Canada,Montreal,"199.204.45.153,
199.204.45.154,
199.204.45.155,
199.204.45.156"' |
sed -e 1d -e 's/"$//' -e 's/^[^"]*"/Allow from /' -e 's/,$/ \\/'
Вывод:
Allow from 101.0.67.53
Allow from 125.214.65.59
Allow from 87.238.165.164
Allow from 200.170.83.170
Allow from 201.20.20.237
Allow from 208.69.56.166 \
208.69.56.171 \
208.69.56.172
Allow from 199.204.45.153 \
199.204.45.154 \
199.204.45.155 \
199.204.45.156
Предположения:
- Каждая группа IP-адреса окружается двойной кавычкой (
") символ -
"символ не может произойти больше нигде кроме разграничить группы IP. - Запятая (
,) на конце средств строки несколько IP-адресов продолжены на следующей строке.
6
Jeff Schaller
13.05.2016, 20:17
Ссылка
4 ответа
У Вас могли бы быть правила брандмауэра, блокирующие доступ. Проверьте вывод
iptables -L. Возможно, все заблокировано кроме ssh.Сервисы не могли бы слушать в правильных интерфейсах или портах. Проверьте вывод
netstat -ntl.
Если эти команды не помогают пониманию его, то добавьте их вывод в своем вопросе. Также добавьте вывод ifconfig.
2
janos
27.01.2020, 20:26
Ссылка
Можно отладить проблему с помощью следующих инструментов:
Выполненный
wiresharkилиtcpdumpи проверьте, достигает ли Запрос HTTP к серверу или нет.Использовать
tcptraceroute$ tcptraceroute "webserver-ip" 80Может иметь место, что веб-сервер слушает только на localhost (127.0.0.1) вместо того, чтобы слушать во всех интерфейсах (0.0.0.0)
$ sudo netstat -taupen | grep LISTENПроверьте использование правил iptables
$ sudo iptables -nvLПроверьте состояние SELinux, который также действует как брандмауэр.
$ sudo sestatus
6
pradeepchhetri
27.01.2020, 20:26
Ссылка
У меня тоже такая проблема. Вот некоторые результаты вышеуказанных команд
# netstat -taupen | grep LISTEN
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 0 19239 2490/smbd
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 0 19149 2475/perl
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 0 18616 1241/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 20281 2487/master
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 0 19238 2490/smbd
tcp6 0 0 :::8009 :::* LISTEN 91 19311 1247/java
tcp6 0 0 :::139 :::* LISTEN 0 19237 2490/smbd
tcp6 0 0 :::80 :::* LISTEN 0 163453 4050/httpd
tcp6 0 0 :::8080 :::* LISTEN 91 19310 1247/java
tcp6 0 0 :::21 :::* LISTEN 0 19479 1282/vsftpd
tcp6 0 0 :::22 :::* LISTEN 0 18618 1241/sshd
tcp6 0 0 ::1:25 :::* LISTEN 0 20282 2487/master
tcp6 0 0 :::445 :::* LISTEN 0 19236 2490/smbd
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 91 20467 1247/java
# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
tcp6 0 0 :::8009 :::* LISTEN
tcp6 0 0 :::139 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::8080 :::* LISTEN
tcp6 0 0 :::21 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
tcp6 0 0 :::445 :::* LISTEN
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
Вывод IP-таблиц:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
FORWARD_direct all -- anywhere anywhere
FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
FORWARD_IN_ZONES all -- anywhere anywhere
FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
FORWARD_OUT_ZONES all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
target prot opt source destination
FWDI_internal all -- anywhere anywhere [goto]
FWDI_internal all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
target prot opt source destination
FWDO_internal all -- anywhere anywhere [goto]
FWDO_internal all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain FORWARD_direct (1 references)
target prot opt source destination
Chain FWDI_internal (2 references)
target prot opt source destination
FWDI_internal_log all -- anywhere anywhere
FWDI_internal_deny all -- anywhere anywhere
FWDI_internal_allow all -- anywhere anywhere
Chain FWDI_internal_allow (1 references)
target prot opt source destination
Chain FWDI_internal_deny (1 references)
target prot opt source destination
Chain FWDI_internal_log (1 references)
target prot opt source destination
Chain FWDO_internal (2 references)
target prot opt source destination
FWDO_internal_log all -- anywhere anywhere
FWDO_internal_deny all -- anywhere anywhere
FWDO_internal_allow all -- anywhere anywhere
Chain FWDO_internal_allow (1 references)
target prot opt source destination
Chain FWDO_internal_deny (1 references)
target prot opt source destination
Chain FWDO_internal_log (1 references)
target prot opt source destination
Chain INPUT_ZONES (1 references)
target prot opt source destination
IN_internal all -- anywhere anywhere [goto]
IN_internal all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
target prot opt source destination
Chain INPUT_direct (1 references)
target prot opt source destination
Chain IN_internal (2 references)
target prot opt source destination
IN_internal_log all -- anywhere anywhere
IN_internal_deny all -- anywhere anywhere
IN_internal_allow all -- anywhere anywhere
Chain IN_internal_allow (1 references)
target prot opt source destination
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
Chain IN_internal_deny (1 references)
target prot opt source destination
Chain IN_internal_log (1 references)
target prot opt source destination
Chain OUTPUT_direct (1 references)
target prot opt source destination
0
27.01.2020, 20:26
Ссылка
Возможно, вам потребуется разрешить определенные порты или службы, такие как http, с помощью firewalld.
sudo firewall-cmd --permanent --add-service=http && firewall-cmd --reload
0
vyeluri5
27.01.2020, 20:26
Ссылка