我有运行Nginx服务器(无论哪个服务器):
$sudo netstat -tulpn | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4268/Nginx tcp6 0 0 :::80 :::* LISTEN 4268/Nginx
然后我发送请求到127.0.0.1
$curl -v 127.0.0.1
* Rebuilt URL to: 127.0.0.1/ * Hostname was NOT found in DNS cache * Trying 127.0.0.1... * connect to 127.0.0.1 port 80 Failed: Connection refused * Failed to connect to 127.0.0.1 port 80: Connection refused * Closing connection 0 curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
$telnet localhost 80
Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused
好的,在/ etc / hosts中:
127.0.1.1 ubuntu-work 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters
iptables禁用$sudo iptables -L:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
有趣的是,我可以连接到除127.0.0.1(localhost)之外的任何地址127 … *.而且我也可以连接我的子网ip-address 10.0.2.15.
如果我在服务器配置(例如Listen 88)中将端口80更改为另一端,则可以正常工作.
我尝试了$sudo nmap -sS 127.0.0.1 -p 80并获得了信息 – 80 / tcp关闭,但如果在端口80上运行Nginx服务器怎么可能呢?
Nmap scan report for localhost (127.0.0.1) Host is up (0.00011s latency). PORT STATE SERVICE 80/tcp closed http Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds
loopback接口启动:$ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:86:5f:e3
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe86:5fe3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:588 errors:0 dropped:0 overruns:0 frame:0
TX packets:616 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:262986 (262.9 KB) TX bytes:103011 (103.0 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:276 errors:0 dropped:0 overruns:0 frame:0
TX packets:276 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:32750 (32.7 KB) TX bytes:32750 (32.7 KB)
其他iptables表
输出$sudo iptables -t nat -nvL:
Chain PREROUTING (policy ACCEPT 1 packets,40 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 20559 0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 20558 Chain INPUT (policy ACCEPT 1 packets,40 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 1043 packets,65731 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:80 redir ports 20559 0 0 REDIRECT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:443 redir ports 20558 Chain POSTROUTING (policy ACCEPT 1043 packets,65731 bytes) pkts bytes target prot opt in out source destination
我没有得到sudo iptables -t mangle -nVL的任何输出,只有版本:iptables v1.4.21
输出sudo iptables -t mangle -nL
Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination
如果您对阻止localhost:80有任何想法,请帮助我.
解决方法
没有什么阻止端口80.您只有防火墙NAT规则,它将连接到该端口的路由重定向到其他未打开的端口.
Chain PREROUTING (policy ACCEPT 1 packets,40 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 20559 0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 20558 Chain OUTPUT (policy ACCEPT 1043 packets,65731 bytes) pkts bytes target prot opt in out source destination 0 0 REDIRECT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:80 redir ports 20559 0 0 REDIRECT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:443 redir ports 20558
