Estou executando o servidor nginx (não importa qual servidor):
$ sudo netstat -tulpn | grep 80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 4268/nginx
tcp6 0 0 :::80 :::* LISTEN 4268/nginx
E então eu enviei a solicitação para 127.0.0.1
$ curl -v 127.0.0.1
* Rebuilt URL to: 127.0.0.1/
* Hostname was NOT found in DNS cache
* Trying 127.0.0.1...
* connect to 127.0.0.1 port 80 failed: Connection refused
* Failed to connect to 127.0.0.1 port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused
$ telnet localhost 80
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
Tudo bem em / etc / hosts :
127.0.1.1 ubuntu-work
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
iptables desativado $ sudo iptables -L
:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
É interessante que eu possa me conectar a qualquer endereço 127 .. . * exceto 127.0.0.1 (localhost). E também posso me conectar com o meu endereço IP de sub-rede 10.0.2.15. E se eu mudar a porta 80 para outra na configuração do servidor (por exemplo, Listen 88), ela funcionará.
Eu tentei $ sudo nmap -sS 127.0.0.1 -p 80
e consegui informações - 80 / tcp fechado , mas como é possível se estiver executando o servidor nginx na porta 80?
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
PORT STATE SERVICE
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds
a interface de loopback está ativa: $ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:86:5f:e3
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe86:5fe3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:588 errors:0 dropped:0 overruns:0 frame:0
TX packets:616 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:262986 (262.9 KB) TX bytes:103011 (103.0 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:276 errors:0 dropped:0 overruns:0 frame:0
TX packets:276 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:32750 (32.7 KB) TX bytes:32750 (32.7 KB)
Outras tabelas do iptables
Saída de $ sudo iptables -t nat -nvL
:
Chain PREROUTING (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 redir ports 20559
0 0 REDIRECT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 20558
Chain INPUT (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1043 packets, 65731 bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:80 redir ports 20559
0 0 REDIRECT tcp -- * * 0.0.0.0/0 127.0.0.1 tcp dpt:443 redir ports 20558
Chain POSTROUTING (policy ACCEPT 1043 packets, 65731 bytes)
pkts bytes target prot opt in out source destination
Eu não recebi nenhuma saída sudo iptables -t mangle -nVL
, apenas versão:iptables v1.4.21
Saída de sudo iptables -t mangle -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Por favor, ajude-me se você tiver alguma idéia sobre o bloqueio do localhost: 80.
iptables
mesas, por favor (ou seja,iptables -t nat -nvL
eiptables -t mangle -nVL
)Respostas:
Nada está bloqueando a porta 80. Você apenas possui regras NAT de firewall que estão redirecionando conexões para essa porta para outras portas que não estão abertas.
Remova essas regras para resolver o problema.
fonte