[問題] httpd 80port 一直connection refused

作者dododavid006 (朔雪)

看板Linux

標題[問題] httpd 80port 一直connection refused

時間Thu Nov 6 23:04:37 2014

我的電腦目前是ubuntu14.10 kernel 3.16.0-23 今天原本想在自己電腦上測試一些網頁便用了apache 之後用netstat確定port有但是nmap localhost 卻掃描不到還有nc也是connection refused 之後換用nginx也是同樣的狀況於是我直接換用nc在80port監聽 listen的nc完全沒有任何訊息但連線的nc一樣是connection refused 這時我換用其它port就正常了 (測了一個1024內的跟一個1024以上的) syslog也沒有相關的訊息這要如何解決另外我是第一次碰到這類的問題不知道該提供什麼樣的資訊才有幫助如果還需要什麼隨時補充謝謝 -- ※ 發信站: 批踢踢實業坊(ptt.cc), 來自: 1.175.71.186 ※ 文章網址: http://www.ptt.cc/bbs/Linux/M.1415286280.A.FB3.html

→ OrzOGC: 看你怎麼啟動nginx的 11/06 23:38

→ dododavid006: service nginx start 11/07 00:28

→ danny8376: 防火牆? 11/07 05:30

→ dododavid006: 我是在本機連的應該是不會的 11/07 10:05

→ dirkc: iptables -A INPUT -i lo -p TCP --dport 80 -j DROP 11/07 18:01

→ dirkc: 擋localhost不困難啊 11/07 18:01

→ qoopichu: 但是正常來說預設不會擋 11/07 18:52

→ dododavid006: 我是用ufw 沒有直接碰到iptables ufw的規則預設是放 11/08 07:34

→ dododavid006: 行本機的我也確定我沒在ufw上加上擋本機的設定 11/08 07:35

→ dododavid006: 不過保險起見等下我會查查iptables 11/08 07:35

→ dododavid006: 剛剛看了一下應該是沒有類的的規則另外也看過log 11/08 07:49

→ dododavid006: 沒有看到對於80 port的block記錄 11/08 07:49

→ dododavid006: 剛才又測試了將ufw disable確定iptable清空後再用 11/08 07:55

→ dododavid006: nc做一次測試依然無法連線 11/08 07:57

→ final01: 權限問題??你google"nginx port 80"有人再討論 11/08 11:59

→ final01: 不然就是設定有問題 11/08 12:01

→ dododavid006: 問題是我已經用sudo 跑nc 也發生一樣的事了 11/08 19:59

推 dirkc: iptables的policy是accept?另tcpdump -ni lo 'tcp port 80' 11/08 20:04

→ dirkc: 有handshake?apache/nginx的log有秀正常啟動嗎? 11/08 20:05

→ dododavid006: tcpdump 的部份 syn後是馬上收到一個rst ack的 11/08 22:36

→ dododavid006: iptables我整個貼上來好了 11/08 22:37

Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere ctstate NEW ACCEPT udp -- anywhere anywhere ctstate NEW Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:6881 ACCEPT udp -- anywhere anywhere udp dpt:6881 ACCEPT tcp -- anywhere anywhere tcp dpt:24800 ACCEPT udp -- anywhere anywhere udp dpt:24800 Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination ※ 編輯: dododavid006 (113.61.208.1), 11/08/2014 22:40:04

→ dirkc: 我沒用ufw所以不確定,不過看起來default policy是drop 11/08 23:13

→ dirkc: 要不要試試先全關掉,測簡單的環境:http://ppt.cc/UvLq 11/08 23:17

→ dirkc: 你收到rst是用nc測的嗎? 11/08 23:22

→ dododavid006: 是的連線的部份是nc server有測apache,nc 11/08 23:25

→ dododavid006: 剛才原先要嘗試照著iptables的部份做但第一部就出 11/08 23:31

→ dododavid006: 現了 iptables: Too many links. 於是我換成用 11/08 23:32

→ dododavid006: ufw disable(這其實在之前也有試過) 結果一樣 11/08 23:32

→ dirkc: 抱歉,剛發現網頁給的步驟少了flush,試:http://ppt.cc/J5qm 11/09 09:04

→ dirkc: 會收到rst很令人納悶 11/09 09:05

→ dododavid006: 測試過了這次沒有出現錯誤但結果一樣 11/09 12:13

推 dirkc: 扣除掉fw因素,rst我只想到兩個可能 1.port沒開 2.軟體沒 11/09 17:03

→ dirkc: accept(), 你說port有開成功,而nc在80不行在其他port可, 11/09 17:05

→ dirkc: 我只能亂想是別的程式從中作梗,或OS或其他更底層的問題 11/09 17:06

→ dododavid006: 真的沒辦法嗎雖然目前可以用換port的方式就是了… 11/10 08:58

推 dirkc: 很奇怪的現象,也無法複製環境。或許版上高手有其他辦法。 11/10 19:14

→ dirkc: 我也喜歡用ubuntu,可惜沒辦法幫到你... 11/10 19:15