设备wget文件失败问题记录

最新推荐文章于 2024-06-05 11:01:17 发布

飞流三千掌

最新推荐文章于 2024-06-05 11:01:17 发布

阅读量1.2k

点赞数

分类专栏： network 文章标签： firewall

本文链接：https://blog.csdn.net/sundi19861113/article/details/103425875

版权

network 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

描述
root@kitt:/tmp# wget http://192.168.31.100:8090/iperf3
Connecting to 192.168.31.100:8090 (192.168.31.100:8090)
wget: can’t connect to remote host (192.168.31.100): Host is unreachable

原因分析：
wan-OptiPlex-7040 firewalld # tcpdump -i enp4s0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp4s0, link-type EN10MB (Ethernet), capture size 262144 bytes
16:25:40.382358 IP 192.168.31.100.43904 > kitt.lan.telnet: Flags [P.], seq 28680272:28680275, ack 2941050546, win 245, options [nop,nop,TS val 978131 ecr 222090], length 3
16:25:40.383699 IP 192.168.31.100.47413 > kitt.lan.domain: 10096+ PTR? 1.31.168.192.in-addr.arpa. (43)
16:25:40.383953 IP kitt.lan.telnet > 192.168.31.100.43904: Flags [P.], seq 1:64, ack 3, win 453, options [nop,nop,TS val 225483 ecr 978131], length 63
16:25:40.384031 IP 192.168.31.100.43904 > kitt.lan.telnet: Flags [.], ack 64, win 245, options [nop,nop,TS val 978132 ecr 225483], length 0
16:25:40.385106 IP kitt.lan.domain > 192.168.31.100.47413: 10096* 1/0/0 PTR kitt.lan. (70)
16:25:40.385846 IP 192.168.31.100.47413 > kitt.lan.domain: 23291+ PTR? 100.31.168.192.in-addr.arpa. (45)
16:25:40.386891 IP kitt.lan.domain > 192.168.31.100.47413: 23291* 1/0/0 A 192.168.31.1 (61)
16:25:41.140477 IP 192.168.31.100.43904 > kitt.lan.telnet: Flags [P.], seq 3:5, ack 64, win 245, options [nop,nop,TS val 978321 ecr 225483], length 2
16:25:41.141618 IP kitt.lan.telnet > 192.168.31.100.43904: Flags [P.], seq 64:66, ack 5, win 453, options [nop,nop,TS val 225559 ecr 978321], length 2
16:25:41.141670 IP 192.168.31.100.43904 > kitt.lan.telnet: Flags [.], ack 66, win 245, options [nop,nop,TS val 978321 ecr 225559], length 0
16:25:41.143697 IP kitt.lan.telnet > 192.168.31.100.43904: Flags [P.], seq 66:123, ack 5, win 453, options [nop,nop,TS val 225559 ecr 978321], length 57
16:25:41.143768 IP 192.168.31.100.43904 > kitt.lan.telnet: Flags [.], ack 123, win 245, options [nop,nop,TS val 978322 ecr 225559], length 0
16:25:41.143780 IP kitt.lan.54052 > 192.168.31.100.8090: Flags [S], seq 710895814, win 29200, options [mss 1460,sackOK,TS val 225559 ecr 0,nop,wscale 6], length 0
16:25:41.143824 IP 192.168.31.100 > kitt.lan: ICMP host 192.168.31.100 unreachable - admin prohibited, length 68
wan-OptiPlex-7040 firewalld # iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1145 926K ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
81 5083 ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
8550 1584K INPUT_direct all – * * 0.0.0.0/0 0.0.0.0/0
8550 1584K INPUT_ZONES_SOURCE all – * * 0.0.0.0/0 0.0.0.0/0
8550 1584K INPUT_ZONES all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all – * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
8550 1584K REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0
其中的reject-with icmp-host-prohibited这一个条目导致wget失败，firewall规则reject这个报文，需要把tcp的报文accept，第一次添加iptables -A INPUT -p tcp -j ACCEPT问题还在，是因为参数-A是把规则放到了最后，需要把这个规则放在前面，执行命令：
wan-OptiPlex-7040 firewalld # iptables -D INPUT -p tcp -j ACCEPT
wan-OptiPlex-7040 firewalld # iptables -I INPUT -p tcp -j ACCEPT
wan-OptiPlex-7040 firewalld # iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0
1147 926K ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
81 5083 ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
9271 1712K INPUT_direct all – * * 0.0.0.0/0 0.0.0.0/0
9271 1712K INPUT_ZONES_SOURCE all – * * 0.0.0.0/0 0.0.0.0/0
9271 1712K INPUT_ZONES all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all – * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
9271 1712K REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

ok，问题解决
root@kitt:/tmp# wget http://192.168.31.100:8090/iperf3
Connecting to 192.168.31.100:8090 (192.168.31.100:8090)
iperf3 100% |*********************************************************************************************************************************************************************************************| 131k 0:00:00 ETA
root@kitt:/tmp#

飞流三千掌

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
设备wget文件失败问题记录

描述root@kitt:/tmp# wget http://192.168.31.100:8090/iperf3Connecting to 192.168.31.100:8090 (192.168.31.100:8090)wget: can’t connect to remote host (192.168.31.100): Host is unreachable原因分析：wan-Opt...
复制链接

扫一扫