我最近把sphinx移到了和我们的db相同的服务器上,所以我们的架构是:
当我尝试连接到sphinx在ip.to.db.server
我得到以下错误:
Sphinx response connection to ip.to.db.server:9312 failed (errno=113, msg=No route to host)
有什么特别的我需要做的,使端口9312访问我的networking应用程序?
当前TCP
端口LISTEN
ing:
tcp 0 0 0.0.0.0:9306 0.0.0.0:* LISTEN 23496/searchd tcp 0 0 0.0.0.0:9312 0.0.0.0:* LISTEN 23496/searchd
iptables -L
输出:
Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh RH-Firewall-1-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* SSH */ ACCEPT tcp -- anywhere anywhere tcp dpt:lmsocialserver /* monit */ ACCEPT tcp -- anywhere anywhere tcp dpt:https /* HTTPS */ ACCEPT tcp -- anywhere anywhere tcp dpt:webcache /* HTTPProxy */ ACCEPT tcp -- anywhere anywhere tcp dpt:http /* HTTP */ ACCEPT tcp -- anywhere anywhere tcp dpt:mysql /* MySQL */ ACCEPT all -- ipremoved_by_poster anywhere /* Rackspace monitoring */ ACCEPT all -- ipremoved_by_poster anywhere /* Rackspace monitoring */ ACCEPT all -- ipremoved_by_poster anywhere /* Rackspace monitoring */ ACCEPT all -- ipremoved_by_poster anywhere /* Rackspace monitoring */ ACCEPT all -- ipremoved_by_poster anywhere /* Rackspace monitoring */ ACCEPT all -- ipremoved_by_poster anywhere /* Rackspace monitoring */ ACCEPT all -- ipremoved_by_poster anywhere /* Rackspace monitoring */ ACCEPT all -- anywhere anywhere /* localhost */ ACCEPT icmp -- anywhere anywhere icmp any /* ping */ ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain fail2ban-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere
到目前为止,我已经做了很多search,没有运气。 任何帮助深表感谢。
Ë
问题是IPTABLES
阻止我的远程连接,所以我添加了两行是安全的:
vi /etc/sysconfig/iptables
添加以下几行:
-A RH-Firewall-1-INPUT -i eth1 -p tcp -m tcp --dport 9312 -m comment --comment "Sphinx" -j ACCEPT -A RH-Firewall-1-INPUT -s your.remote.ip.address/32 -i eth0 -p tcp -m tcp --dport 9312 -j ACCEPT
把端口9312
调整到狮身人面像正在监听的任何端口。
然后我跑service iptables restart
和狮身人面像是一去!
感谢@mdpc和@sciurus指向正确的方向。
NOTE:
Rackspace使用RH-Firewall-1-INPUT
,但您可能只需要使用INPUT
,或者不同的东西