题 无法连接到127.0.0.1端口80


我跑了 nginx的 服务器(与哪个服务器无关):

$ sudo netstat -tulpn | grep 80

  tcp     0      0 0.0.0.0:80   0.0.0.0:*         LISTEN      4268/nginx      
  tcp6    0      0 :::80        :::*              LISTEN      4268/nginx

然后我发送请求到127.0.0.1

$ curl -v 127.0.0.1

* Rebuilt URL to: 127.0.0.1/
* Hostname was NOT found in DNS cache
*   Trying 127.0.0.1...
* connect to 127.0.0.1 port 80 failed: Connection refused
* Failed to connect to 127.0.0.1 port 80: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 127.0.0.1 port 80: Connection refused

$ telnet localhost 80

Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused

好的 / etc / hosts文件

127.0.1.1   ubuntu-work
127.0.0.1   localhost

# The following lines are desirable for IPv6 capable hosts 
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

iptables的 残 $ sudo iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 

有趣的是,我可以连接到任何地址127。。*除了127.0.0.1(localhost)。而且我也可以连接我的子网ip-address 10.0.2.15。 如果我在服务器配置(例如Listen 88)中将端口80更改为另一端,则可以正常工作。

我试过了 $ sudo nmap -sS 127.0.0.1 -p 80 并得到信息 - 80 / tcp关闭,但如果在端口80上运行nginx服务器怎么可能呢?

Nmap scan report for localhost (127.0.0.1)
Host is up (0.00011s latency).
PORT   STATE  SERVICE
80/tcp closed http

Nmap done: 1 IP address (1 host up) scanned in 1.12 seconds

loopback接口启动:  $ ifconfig

eth0  Link encap:Ethernet  HWaddr 08:00:27:86:5f:e3  
      inet addr:10.0.2.15  Bcast:10.0.2.255  Mask:255.255.255.0
      inet6 addr: fe80::a00:27ff:fe86:5fe3/64 Scope:Link
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
      RX packets:588 errors:0 dropped:0 overruns:0 frame:0
      TX packets:616 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000 
      RX bytes:262986 (262.9 KB)  TX bytes:103011 (103.0 KB)

lo    Link encap:Local Loopback  
      inet addr:127.0.0.1  Mask:255.0.0.0
      inet6 addr: ::1/128 Scope:Host
      UP LOOPBACK RUNNING  MTU:65536  Metric:1
      RX packets:276 errors:0 dropped:0 overruns:0 frame:0
      TX packets:276 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:0 
      RX bytes:32750 (32.7 KB)  TX bytes:32750 (32.7 KB)

其他iptables表

输出 $ sudo iptables -t nat -nvL

Chain PREROUTING (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 20559
0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 redir ports 20558

Chain INPUT (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 1043 packets, 65731 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:80 redir ports 20559
0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:443 redir ports 20558

Chain POSTROUTING (policy ACCEPT 1043 packets, 65731 bytes)
pkts bytes target     prot opt in     out     source               destination

我没有得到任何输出 sudo iptables -t mangle -nVL,只有版本: iptables v1.4.21

输出 sudo iptables -t mangle -nL

   Chain PREROUTING (policy ACCEPT)
   target     prot opt source               destination         

   Chain INPUT (policy ACCEPT)
   target     prot opt source               destination         

   Chain FORWARD (policy ACCEPT)
   target     prot opt source               destination         

   Chain OUTPUT (policy ACCEPT)
   target     prot opt source               destination         

   Chain POSTROUTING (policy ACCEPT)
   target     prot opt source               destination 

如果您对阻止localhost:80有任何想法,请帮助我。


13
2018-02-22 18:12




你的loopback接口了吗? - c4f4t0r
c4f4t0r,是的,我在上面添加了ifconfig输出。 - Al Che
另一个的输出 iptables 桌子,请(即 iptables -t nat -nvL 和 iptables -t mangle -nVL) - roaima


答案:


没有什么阻止端口80.您只有防火墙NAT规则,它将连接到该端口的路由重定向到其他未打开的端口。

Chain PREROUTING (policy ACCEPT 1 packets, 40 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 20559
0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 redir ports 20558

Chain OUTPUT (policy ACCEPT 1043 packets, 65731 bytes)
pkts bytes target     prot opt in     out     source               destination         
0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:80 redir ports 20559
0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            127.0.0.1            tcp dpt:443 redir ports 20558

删除这些规则以解决此问题。


9
2018-02-23 16:19



大。非常感谢。这个对我有用。 - Al Che