我试图打开端口8080,以便可以使用已在Ubuntu服务器上安装的Web面板应用程序(McMyAdmin)。总的来说,我对Linux / SSH相当陌生,但是由于各种指南和几个朋友的帮助,我能到达那里。我想知道是否有人可以告诉我在尝试打开端口8080时做错了什么。当我使用-nL检查规则时似乎显示没问题,但当我使用-vL时却没有显示。我不确定vL和nL之间的实际区别是什么,所以如果有人可以让我对此有所了解,那就太好了!
编辑:查看所有内容,端口80似乎也未打开,我想我也需要对此做一些...
name@server:/etc/iptables$ sudo iptables -nL
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 127.0.0.0/8 0.0.0.0/0 reject-with icmp-port-unreachable
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW icmptype 8
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25565
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
LOG all -- 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 7 prefix "iptables_INPUT_denied: "
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
name@server:/etc/iptables$ sudo iptables -vL
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 REJECT all -- !lo any 127.0.0.0/8 anywhere reject-with icmp-port-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere state NEW icmp echo-request
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh
0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:25565
61 3096 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:http-alt
862 69185 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
21 1648 LOG all -- any any anywhere anywhere limit: avg 3/min burst 5 LOG level debug prefix "iptables_INPUT_denied: "
21 1648 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 16 packets, 2992 bytes)
pkts bytes target prot opt in out source destination
您可以iptables
使用了解有关命令的信息man iptables
。
这样做表明,
-v, --verbose
Verbose output. This option makes the list command show the interface name, the rule options (if any), and the TOS masks. The
packet and byte counters are also listed, with the suffix 'K', 'M' or 'G' for 1000, 1,000,000 and 1,000,000,000 multipliers
respectively (but see the -x flag to change this). For appending, insertion, deletion and replacement, this causes detailed
information on the rule or rules to be printed. -v may be specified multiple times to possibly emit more detailed debug state‐
ments.
-n, --numeric
Numeric output. IP addresses and port numbers will be printed in numeric format. By default, the program will try to display
them as host names, network names, or services (whenever applicable).
因此,-n
显示编号而不是服务名称。-v
与并非相反-n
,但它显示名称(默认设置)和更多数据。
从本质上讲,它们都向您显示了相同的内容,即您具有该条目(第一个是数字,第二个是命名)。
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8080
61 3096 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:http-alt
http-alt
是端口8080的服务名称。基本上,这两个条目是同一行,但格式不同。
除了“打开端口”(这实际上意味着允许流量通过iptables防火墙)之外,您还需要准备就绪的软件来接受有关端口上的流量。McMyAdmin是否配置为侦听端口8080?
该netstat
命令(以及其他命令)可用于查看哪些进程正在侦听哪些端口。netstat -an
列出所有端口(-a
)并显示数字(-n
),使其与grep
。例如,netstat -an | grep 8080
将列出是否有任何进程正在使用端口8080。您希望看到类似这样的内容,
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN
实际数字可能会有所不同。您可以使用-p
来显示哪个进程正在使用该端口,尽管仅当以root身份运行该端口时才显示所有进程。
所以,sudo netstat -anp | grep 8080
会给类似的东西,
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 4856/some-process-name
如果没有任何输出,则表示没有使用或监听端口8080,因此您可以使用sudo netstat -anp
并查看进程列表,查看期望存在的进程以及监听的端口。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句