在CentOS上运行Apache:
远程telnet请求:
$ telnet www.MYDOMAIN.com.cn 80 Trying XXX.XX.X.XX... Connected to www.MYDOMAIN.com.cn. Escape character is '^]'. GET / HTTP/1.1 User-Agent: curl/7.39.0 Host: www.MYDOMAIN.com.cn Accept: */* HTTP/1.1 200 OK Date: Wed, 17 Jun 2015 23:21:10 GMT Server: Apache/2.2.15 (CentOS) Last-Modified: Wed, 17 Jun 2015 19:31:35 GMT ETag: "601a7-8-518bbbd2925bd" Accept-Ranges: bytes Content-Length: 8 Connection: close Content-Type: text/html; charset=UTF-8 Hello ! Connection closed by foreign host. 远程curl请求:
$ curl -v http://www.MYDOMAIN.com.cn/ * Hostname was NOT found in DNS cache * Trying XXX.XX.X.XX... * Connected to www.MYDOMAIN.com.cn (XXX.XX.X.XX) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.39.0 > Host: www.MYDOMAIN.com.cn > Accept: */* >
因此,它似乎不是防火墙问题(iptables被configuration为让传入的TCPstream量通过端口80,这是因为远程telnet请求被回答)。
我一整天都在用这个抨击我的头:欢迎所有的build议。
编辑:
这似乎是一个PMTUD问题。 这是iptables-save的输出,我试着修复它(它仍然不起作用):
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [29:2820] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT *mangle :PREROUTING ACCEPT [6344:506105] :INPUT ACCEPT [601:53242] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [29:2820] :POSTROUTING ACCEPT [29:2820] -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu COMMIT