而不是所需的网页,我得到超时。 如果我试图在服务器上使用wget获取页面,它可以正常工作,但是如果我想用浏览器连接,则会发生超时。
s15312615:/etc/apache2 # netstat -l Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost.localdom:smtp *:* LISTEN tcp 0 0 *:www-http *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 *:snpp *:* LISTEN Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node Path unix 2 [ ACC ] STREAM LISTENING 8857 private/verify unix 2 [ ACC ] STREAM LISTENING 8863 private/proxymap unix 2 [ ACC ] STREAM LISTENING 8866 private/smtp unix 2 [ ACC ] STREAM LISTENING 8869 private/relay unix 2 [ ACC ] STREAM LISTENING 8875 private/error unix 2 [ ACC ] STREAM LISTENING 6037 @/var/run/hald/dbus-aXRNnAXQQw unix 2 [ ACC ] STREAM LISTENING 5897 /var/run/acpid.socket unix 2 [ ACC ] STREAM LISTENING 8034 /var/run/mcelog-client unix 2 [ ACC ] STREAM LISTENING 8018 /var/run/nscd/socket unix 2 [ ACC ] STREAM LISTENING 8019 /var/run/.nscd_socket unix 2 [ ACC ] STREAM LISTENING 8878 private/discard unix 2 [ ACC ] STREAM LISTENING 8881 private/local unix 2 [ ACC ] STREAM LISTENING 8884 private/virtual unix 2 [ ACC ] STREAM LISTENING 8887 private/lmtp unix 2 [ ACC ] STREAM LISTENING 5991 @/var/run/hald/dbus-98LA968QdN unix 2 [ ACC ] STREAM LISTENING 8890 private/anvil unix 2 [ ACC ] STREAM LISTENING 8893 private/scache unix 2 [ ACC ] STREAM LISTENING 8896 private/maildrop unix 2 [ ACC ] STREAM LISTENING 8845 private/rewrite unix 2 [ ACC ] STREAM LISTENING 8899 private/cyrus unix 2 [ ACC ] STREAM LISTENING 8848 private/bounce unix 2 [ ACC ] STREAM LISTENING 8902 private/uucp unix 2 [ ACC ] STREAM LISTENING 8851 private/defer unix 2 [ ACC ] STREAM LISTENING 8905 private/ifmail unix 2 [ ACC ] STREAM LISTENING 8854 private/trace unix 2 [ ACC ] STREAM LISTENING 8908 private/bsmtp unix 2 [ ACC ] STREAM LISTENING 8911 private/procmail unix 2 [ ACC ] STREAM LISTENING 8914 private/retry unix 2 [ ACC ] STREAM LISTENING 8917 private/proxywrite unix 2 [ ACC ] STREAM LISTENING 8840 public/cleanup unix 2 [ ACC ] STREAM LISTENING 8860 public/flush unix 2 [ ACC ] STREAM LISTENING 8872 public/showq unix 2 [ ACC ] STREAM LISTENING 5964 /var/run/dbus/system_bus_socket iptables输出:
s15312615:/etc/apache2 # iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state ESTABLISHED ACCEPT icmp -- anywhere anywhere state RELATED input_ext all -- anywhere anywhere input_ext all -- anywhere anywhere LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET ' DROP all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING ' Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR ' Chain forward_ext (0 references) target prot opt source destination Chain input_ext (2 references) target prot opt source destination DROP all -- anywhere anywhere PKTTYPE = broadcast ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp echo-request LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' ACCEPT tcp -- anywhere anywhere tcp dpt:ssh DROP all -- anywhere anywhere PKTTYPE = multicast DROP all -- anywhere anywhere PKTTYPE = broadcast LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext- DROP-DEFLT ' LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' LOG udp -- anywhere anywhere limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' DROP all -- anywhere anywhere Chain reject_func (0 references) target prot opt source destination REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
我该如何解决这个问题?
///编辑httpd.conf
### Global Environment ###################################################### # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests. # run under this user/group id Include /etc/apache2/uid.conf # - how many server processes to start (server pool regulation) # - usage of KeepAlive Include /etc/apache2/server-tuning.conf # ErrorLog: The location of the error log file. # If you do not specify an ErrorLog directive within a <VirtualHost> # container, error messages relating to that virtual host will be # logged here. If you *do* define an error logfile for a <VirtualHost> # container, that host's errors will be logged there and not here. ErrorLog /var/log/apache2/error_log # generated from APACHE_MODULES in /etc/sysconfig/apache2 Include /etc/apache2/sysconfig.d/loadmodule.conf # IP addresses / ports to listen on Include /etc/apache2/listen.conf # predefined logging formats Include /etc/apache2/mod_log_config.conf # generated from global settings in /etc/sysconfig/apache2 Include /etc/apache2/sysconfig.d/global.conf # optional mod_status, mod_info Include /etc/apache2/mod_status.conf Include /etc/apache2/mod_info.conf # optional cookie-based user tracking # read the documentation before using it!! Include /etc/apache2/mod_usertrack.conf # configuration of server-generated directory listings Include /etc/apache2/mod_autoindex-defaults.conf # associate MIME types with filename extensions TypesConfig /etc/apache2/mime.types DefaultType text/plain Include /etc/apache2/mod_mime-defaults.conf # set up (customizable) error responses Include /etc/apache2/errors.conf # global (server-wide) SSL configuration, that is not specific to # any virtual host Include /etc/apache2/ssl-global.conf # forbid access to the entire filesystem by default <Directory /> Options None AllowOverride None Order deny,allow Deny from all </Directory> # use .htaccess files for overriding, AccessFileName .htaccess # and never show them <Files ~ "^\.ht"> Order allow,deny Deny from all </Files> # List of resources to look for when the client requests a directory DirectoryIndex index.php index.html index.htm index.html.var ### 'Main' server configuration ############################################# # # The directives in this section set up the values used by the 'main' # server, which responds to any requests that aren't handled by a # <VirtualHost> definition. These values also provide defaults for # any <VirtualHost> containers you may define later in the file. # # All of these directives may appear inside <VirtualHost> containers, # in which case these default settings will be overridden for the # virtual host being defined. # #Include /etc/apache2/default-server.conf # Another way to include your own files # # The file below is generated from /etc/sysconfig/apache2, # include arbitrary files as named in APACHE_CONF_INCLUDE_FILES and # APACHE_CONF_INCLUDE_DIRS Include /etc/apache2/sysconfig.d/include.conf ### Virtual server configuration ############################################ # # VirtualHost: If you want to maintain multiple domains/hostnames on your # machine you can setup VirtualHost containers for them. Most configurations # use only name-based virtual hosts so the server doesn't need to worry about # IP addresses. This is indicated by the asterisks in the directives below. # # Please see the documentation at # <URL:http://httpd.apache.org/docs-2.2/vhosts/> # for further details before you try to setup virtual hosts. # # You may use the command line option '-S' to verify your virtual host # configuration. # #Include /etc/apache2/vhosts.d/*.conf Include /etc/apache2/vhosts.d/_vhost-master.conf # Note: instead of adding your own configuration here, consider # adding it in your own file (/etc/apache2/httpd.conf.local) # putting its name into APACHE_CONF_INCLUDE_FILES in # /etc/sysconfig/apache2 -- this will make system updates # easier :) AddOutputFilter INCLUDES .shtml AddType text/html .shtml AddType application/x-httpd-php .php AddType application/x-httpd-php-source .phps
iptables -L -v
Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 10 3008 ACCEPT all -- lo any anywhere anywhere 13599 889K ACCEPT all -- any any anywhere anywhere state ESTABLISHED 0 0 ACCEPT icmp -- any any anywhere anywhere state RELATED 2900 537K input_ext all -- eth0 any anywhere anywhere 0 0 input_ext all -- any any anywhere anywhere 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET ' 0 0 DROP all -- any any anywhere anywhere Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING ' Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 10 3008 ACCEPT all -- any lo anywhere anywhere 13313 5996K ACCEPT all -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED 0 0 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR ' Chain forward_ext (0 references) pkts bytes target prot opt in out source destination Chain input_ext (2 references) pkts bytes target prot opt in out source destination 1280 452K DROP all -- any any anywhere anywhere PKTTYPE = broadcast 0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench 10 461 ACCEPT icmp -- any any anywhere anywhere icmp echo-request 7 392 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-ACC-TCP ' 8 452 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh 0 0 DROP all -- any any anywhere anywhere PKTTYPE = multicast 0 0 DROP all -- any any anywhere anywhere PKTTYPE = broadcast 1288 67240 LOG tcp -- any any anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' 0 0 LOG icmp -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' 1 438 LOG udp -- any any anywhere anywhere limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT ' 1602 84345 DROP all -- any any anywhere anywhere Chain reject_func (0 references) pkts bytes target prot opt in out source destination 0 0 REJECT tcp -- any any anywhere anywhere reject-with tcp-reset 0 0 REJECT udp -- any any anywhere anywhere reject-with icmp-port-unreachable 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-proto-unreachable
/// EDIT2
uname -a Linux s15312615 2.6.34.8-0.2-default #1 SMP 2011-04-06 18:11:26 +0200 x86_64 x86_64 x86_64 GNU/Linux
如果我尝试打开端口80
iptables -A INPUT -p tcp dport html -j ACCEPT iptables -A OUTPUT -p tcp sport html -j ACCEPT
我明白了
Bad argument `dport' Try `iptables -h' or 'iptables --help' for more information.
同
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
该命令被接受,但它不会改变。
它看起来不像你在iptables设置中允许端口80上的传入连接,但是很难说没有看到iptables -L -v输出。 允许传入端口80到您的防火墙规则,它可能会工作。
事实上,防火墙是个问题。
在yast2我去 – >安全和用户 – >防火墙 – >允许的服务,并添加http服务器,瞧它工作!