这是一个创建于 2587 天前的主题,其中的信息可能已经有所发展或是发生改变。
背景
- 服务器: centos 7
- iptables 已关闭
- 阿里云端口已打开 80 端口, 关了 firewalld 即可外网访问可以证明这一点
现象
-
firewalld 打开即无法访问 nginx, 关闭即可访问 nginx, nginx 在服务器上通过 curl 可以正确显示, 在外网访问即无效
-
systemctl start firewalld, 外网无法访问, systemctl stop firewalld, 外网即可访问.
-
外网访问
~ curl -v http://39.107.204.247:80 * Rebuilt URL to: http://39.107.204.247:80/ * Trying 39.107.204.247... * TCP_NODELAY set * Connected to 39.107.204.247 (39.107.204.247) port 80 (#0) > GET / HTTP/1.1 > Host: 39.107.204.247 > User-Agent: curl/7.54.0 > Accept: */* > < HTTP/1.1 302 < Cache-Control: private < Expires: Thu, 01 Jan 1970 08:00:00 CST < Location: https://39.107.204.247/ < Content-Length: 0 < Date: Thu, 11 Oct 2018 01:54:33 GMT < * Connection #0 to host 39.107.204.247 left intact ~ - 服务器本机访问
[root@iZ2ze36uo36nxexxnfulpxZ ~]# curl -v http://39.107.204.247:80 * About to connect() to 39.107.204.247 port 80 (#0) * Trying 39.107.204.247... * Connected to 39.107.204.247 (39.107.204.247) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: 39.107.204.247 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx/1.12.2 < Date: Thu, 11 Oct 2018 01:55:06 GMT < Content-Type: text/html < Content-Length: 3700 < Last-Modified: Tue, 06 Mar 2018 09:26:21 GMT < Connection: keep-alive < ETag: "5a9e5ebd-e74" < Accept-Ranges: bytes < <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> ....省略 html 内容 firewalld 配置
- 备注: 已--reload 多次, 且多次尝试 start + stop
[root@iZ2ze36uo36nxexxnfulpxZ ~]# firewall-cmd --list-all public target: default icmp-block-inversion: no interfaces: sources: services: ssh dhcpv6-client http https mysql ports: 80/tcp 443/tcp 3306/tcp 3611/tcp 9000/tcp protocols: masquerade: no forward-ports: port=80:proto=tcp:toport=8080:toaddr= port=443:proto=tcp:toport=8443:toaddr= source-ports: icmp-blocks: rich rules: nginx
[root@iZ2ze36uo36nxexxnfulpxZ ~]# ps -ef|grep nginx root 20510 1 0 10 月 10 ? 00:00:00 nginx: master process /usr/sbin/nginx nginx 20511 20510 0 10 月 10 ? 00:00:00 nginx: worker process nginx 20512 20510 0 10 月 10 ? 00:00:00 nginx: worker process root 23573 23536 0 10:00 pts/0 00:00:00 grep --color=auto nginx -
想不出来啥原因, 请大佬指点
-
备注: 此台服务器还有一个 java 程序, 关闭 firewalld 则无法访问该程序, 但把该 java 程序关闭掉, 现象也是和上面一样, 所以应该不是该 java 程序的原因
2 条回复 2018-10-11 10:15:12 +08:00
 | 1 e9e499d78f 2018-10-11 10:09:52 +08:00 via iPhone  1 里面有个 forward 80 到 8080 的规则 |
 | 2 fov6363 OP @e9e499d78f 感谢,这么一说我忽然明白了....我没看懂那个 forward-ports 是什么意思, 你这样一说,我忽略明白了...那个 java 程序是 8080 端口的..我尝试改一波 |
Select Language