Não é possível acessar o servidor web, mas pode ssh para ele

6

Eu tenho um servidor Ubuntu, mas há algumas coisas estranhas que não consigo entender.

Eu não posso pingar para o servidor através do endereço IP, mas posso ssh para ele. Eu posso acessar o servidor apache dentro do servidor via linha de comando, mas não consigo acessar o navegador do meu Windows.

Que tipo de configuração preciso verificar agora?

    
por hungneox 16.03.2013 / 13:18

3 respostas

5

Você pode depurar o problema usando as seguintes ferramentas:

  1. Execute wireshark ou tcpdump e verifique se a solicitação HTTP está chegando ao servidor ou não.

  2. Use tcptraceroute

    $ tcptraceroute "webserver-ip" 80

  3. Pode ser o caso de o servidor estar escutando somente no host local (127.0.0.1) ao invés de escutar em todas as interfaces (0.0.0.0)

    $ sudo netstat -taupen | grep LISTEN

  4. Verifique as regras do iptables usando

    $ sudo iptables -nvL

  5. Verifique o status do SELinux, que também atua como firewall.

    $ sudo sestatus

por 16.03.2013 / 22:28
2
  1. Você pode ter regras de firewall bloqueando o acesso. Verifique a saída de iptables -L . Talvez tudo esteja bloqueado, exceto ssh.

  2. Os serviços podem não estar escutando nas interfaces ou portas corretas. Verifique a saída de netstat -ntl .

Se esses comandos não ajudarem a descobrir, adicione a saída deles na sua pergunta. Adicione também a saída de ifconfig .

    
por 16.03.2013 / 19:13
0

Estou tendo esse problema também. Aqui estão algumas saídas dos comandos acima

# netstat -taupen | grep LISTEN
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      0          19239      2490/smbd
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      0          19149      2475/perl
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          18616      1241/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          20281      2487/master
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          19238      2490/smbd
tcp6       0      0 :::8009                 :::*                    LISTEN      91         19311      1247/java
tcp6       0      0 :::139                  :::*                    LISTEN      0          19237      2490/smbd
tcp6       0      0 :::80                   :::*                    LISTEN      0          163453     4050/httpd
tcp6       0      0 :::8080                 :::*                    LISTEN      91         19310      1247/java
tcp6       0      0 :::21                   :::*                    LISTEN      0          19479      1282/vsftpd
tcp6       0      0 :::22                   :::*                    LISTEN      0          18618      1241/sshd
tcp6       0      0 ::1:25                  :::*                    LISTEN      0          20282      2487/master
tcp6       0      0 :::445                  :::*                    LISTEN      0          19236      2490/smbd
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      91         20467      1247/java

# netstat -ntl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN
tcp6       0      0 :::8009                 :::*                    LISTEN
tcp6       0      0 :::139                  :::*                    LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::8080                 :::*                    LISTEN
tcp6       0      0 :::21                   :::*                    LISTEN
tcp6       0      0 :::22                   :::*                    LISTEN
tcp6       0      0 ::1:25                  :::*                    LISTEN
tcp6       0      0 :::445                  :::*                    LISTEN
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN

Saída de tabelas de IP:

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
FORWARD_direct  all  --  anywhere             anywhere
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_IN_ZONES  all  --  anywhere             anywhere
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_OUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  --  anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_internal  all  --  anywhere             anywhere            [goto]
FWDI_internal  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_internal  all  --  anywhere             anywhere            [goto]
FWDO_internal  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_internal (2 references)
target     prot opt source               destination
FWDI_internal_log  all  --  anywhere             anywhere
FWDI_internal_deny  all  --  anywhere             anywhere
FWDI_internal_allow  all  --  anywhere             anywhere

Chain FWDI_internal_allow (1 references)
target     prot opt source               destination

Chain FWDI_internal_deny (1 references)
target     prot opt source               destination

Chain FWDI_internal_log (1 references)
target     prot opt source               destination

Chain FWDO_internal (2 references)
target     prot opt source               destination
FWDO_internal_log  all  --  anywhere             anywhere
FWDO_internal_deny  all  --  anywhere             anywhere
FWDO_internal_allow  all  --  anywhere             anywhere

Chain FWDO_internal_allow (1 references)
target     prot opt source               destination

Chain FWDO_internal_deny (1 references)
target     prot opt source               destination

Chain FWDO_internal_log (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_internal  all  --  anywhere             anywhere            [goto]
IN_internal  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_internal (2 references)
target     prot opt source               destination
IN_internal_log  all  --  anywhere             anywhere
IN_internal_deny  all  --  anywhere             anywhere
IN_internal_allow  all  --  anywhere             anywhere

Chain IN_internal_allow (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipp ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ns ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target     prot opt source               destination

Chain IN_internal_log (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination
[root@localhost etc]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
FORWARD_direct  all  --  anywhere             anywhere
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_IN_ZONES  all  --  anywhere             anywhere
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_OUT_ZONES  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  --  anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_internal  all  --  anywhere             anywhere            [goto]
FWDI_internal  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_internal  all  --  anywhere             anywhere            [goto]
FWDO_internal  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_internal (2 references)
target     prot opt source               destination
FWDI_internal_log  all  --  anywhere             anywhere
FWDI_internal_deny  all  --  anywhere             anywhere
FWDI_internal_allow  all  --  anywhere             anywhere

Chain FWDI_internal_allow (1 references)
target     prot opt source               destination

Chain FWDI_internal_deny (1 references)
target     prot opt source               destination

Chain FWDI_internal_log (1 references)
target     prot opt source               destination

Chain FWDO_internal (2 references)
target     prot opt source               destination
FWDO_internal_log  all  --  anywhere             anywhere
FWDO_internal_deny  all  --  anywhere             anywhere
FWDO_internal_allow  all  --  anywhere             anywhere

Chain FWDO_internal_allow (1 references)
target     prot opt source               destination

Chain FWDO_internal_deny (1 references)
target     prot opt source               destination

Chain FWDO_internal_log (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_internal  all  --  anywhere             anywhere            [goto]
IN_internal  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_internal (2 references)
target     prot opt source               destination
IN_internal_log  all  --  anywhere             anywhere
IN_internal_deny  all  --  anywhere             anywhere
IN_internal_allow  all  --  anywhere             anywhere

Chain IN_internal_allow (1 references)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ipp ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-ns ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:netbios-dgm ctstate NEW

Chain IN_internal_deny (1 references)
target     prot opt source               destination

Chain IN_internal_log (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination
    
por 20.07.2016 / 07:49