今天做项目的时候想请求虚拟机中的一个地址,设置的端口号是18332,但是外部怎么都访问不到,于是排查问题
1.输入lsof -i:18332查看端口号
[root@192 bin]# lsof -i:18332
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
bitcoind 16971 root 9u IPv6 55939 0t0 TCP localhost:18332 (LISTEN)
bitcoind 16971 root 10u IPv4 55941 0t0 TCP localhost:18332 (LISTEN)
发现没有什么异常,想到可能是防火墙,干脆把防火墙关了
systemctl stop firewalld
[root@192 bin]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
Aug 10 23:31:07 192.168.0.221 firewalld[14333]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Aug 10 23:31:07 192.168.0.221 firewalld[14333]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
Aug 10 23:31:30 192.168.0.221 firewalld[14333]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
Aug 10 23:33:20 192.168.0.221 systemd[1]: Stopping firewalld - dynamic firewall daemon...
Aug 10 23:33:21 192.168.0.221 systemd[1]: Stopped firewalld - dynamic firewall daemon.
先关了在说,继续用本机访问,还是不行,但是本机可以访问18333的端口,我就奇怪了,于是查看所有的端口号
[root@192 bin]# netstat -nultp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1008/sshd
tcp 0 0 127.0.0.1:18332 0.0.0.0:* LISTEN 16971/./bitcoind
tcp 0 0 0.0.0.0:18333 0.0.0.0:* LISTEN 16971/./bitcoind
tcp 0 0 127.0.0.1:18334 0.0.0.0:* LISTEN 16971/./bitcoind
tcp6 0 0 :::22 :::* LISTEN 1008/sshd
tcp6 0 0 ::1:18332 :::* LISTEN 16971/./bitcoind
tcp6 0 0 :::18333 :::* LISTEN 16971/./bitcoind
udp 0 0 127.0.0.1:323 0.0.0.0:* 768/chronyd
udp6 0 0 ::1:323 :::* 768/chronyd
果然发现了异常,18333的地址是0.0.0.0,18332的地址是127.0.0.1,这就说18332的端口只能用127.0.0.1这个地址访问,其他地址都不行了,所以在外部是不可能访问到这个端口的,即使关闭了防火墙也不行,百度了大半天终于找到了解决办法,用rinetd!
简介
Rinetd是为在一个Unix和Linux操作系统中为重定向传输控制协议(TCP)连接的一个工具。Rinetd是单一过程的服务器,它处理任何数量的连接到在配置文件etc/rinetd中指定的地址/端口对。尽管rinetd使用非闭锁I/O运行作为一个单一过程,它可能重定向很多连接而不对这台机器增加额外的负担。
- 先安装gcc,如果有的话就不跳过
yum -y install gcc gcc-c++ make
- 下载解压,进入目录,然后安装
wget http://www.boutell.com/rinetd/http/rinetd.tar.gz
tar -zxvf rinetd-0.70.tar.gz
cd rinetd-0.70
./configure
make && make install
rinetd -v #查看版本
rinetd 0.70
- 修改配置文件
[root@192 etc]# vim /usr/local/etc/rinetd.conf
# uncomment the following line if you want web-server style logfile format
# logcommon
192.168.0.221 18800 127.0.0.1 18332 #加入一行,192.168.0.221是虚拟机的ip
- 保存配置文件,启动rinetd
[root@192 etc]# rinetd #启动命令很简单
然后再次查看端口
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.0.221:18800 0.0.0.0:* LISTEN 16095/rinetd #第一个就是了
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1008/sshd
tcp 0 0 127.0.0.1:18332 0.0.0.0:* LISTEN 16971/./bitcoind
tcp 0 0 0.0.0.0:18333 0.0.0.0:* LISTEN 16971/./bitcoind
tcp 0 0 127.0.0.1:18334 0.0.0.0:* LISTEN 16971/./bitcoind
tcp6 0 0 :::22 :::* LISTEN 1008/sshd
tcp6 0 0 ::1:18332 :::* LISTEN 16971/./bitcoind
tcp6 0 0 :::18333 :::* LISTEN 16971/./bitcoind
udp 0 0 127.0.0.1:323 0.0.0.0:* 768/chronyd
udp6 0 0 ::1:323 :::* 768/chronyd
这是再用主机访问192.168.0.221:18800;就可以放文到虚拟机的120.0.0.1:18332端口了
还可以查下两个端口
[root@192 etc]# ss -anplt|grep 18332
LISTEN 0 128 127.0.0.1:18332 *:* users:(("bitcoind",pid=16971,fd=10))
LISTEN 0 128 ::1:18332 :::* users:(("bitcoind",pid=16971,fd=9))
[root@192 etc]# ss -anplt|grep 18800
LISTEN 0 128 192.168.0.221:18800 *:* users:(("rinetd",pid=16095,fd=4))
ok就是这样
参考:
linux下127.0.0.1(localhost)端口转到外网实现