为什么主机总是响应`RST`虽然服务器正在监听端口?
我正在使用gitlab docker image部署一个服务,并且主机上的web端口是8080 。 运行gitlab ,我可以看到端口是OK的:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES b85d87da48df genezys/gitlab:7.5.2 "/bin/sh -c 'gitlab- 25 minutes ago Up 25 minutes 0.0.0.0:2222->22/tcp, 0.0.0.0:8080->80/tcp gitlab_app
netstat命令也显示OK:
[root@localhost backup]# netstat -nlp | grep 8080 tcp6 0 0 :::8080 :::* LISTEN 12489/docker-proxy
但是networking浏览器无法成功连接8080 ( http://10.137.20.112:8080/ ),并且tcpdump输出如下所示:
[root@localhost ~]# tcpdump -i enp2s0f1 port 8080 -vv tcpdump: listening on enp2s0f1, link-type EN10MB (Ethernet), capture size 65535 bytes 02:40:00.808034 IP (tos 0x0, ttl 128, id 4031, offset 0, flags [DF], proto TCP (6), length 52) perfls15.americas.hpqcorp.net.53178 > 10.137.20.112.webcache: Flags [S], cksum 0x17d1 (correct), seq 997417494, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 02:40:00.808141 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 40) 10.137.20.112.webcache > perfls15.americas.hpqcorp.net.53178: Flags [R.], cksum 0x788a (correct), seq 0, ack 997417495, win 0, length 0 02:40:01.322048 IP (tos 0x0, ttl 128, id 4032, offset 0, flags [DF], proto TCP (6), length 52) perfls15.americas.hpqcorp.net.53178 > 10.137.20.112.webcache: Flags [S], cksum 0x17d1 (correct), seq 997417494, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 02:40:01.322123 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 40) 10.137.20.112.webcache > perfls15.americas.hpqcorp.net.53178: Flags [R.], cksum 0x788a (correct), seq 0, ack 1, win 0, length 0 02:40:01.821289 IP (tos 0x0, ttl 128, id 4033, offset 0, flags [DF], proto TCP (6), length 48) ......
我不明白为什么主机总是响应RST ,任何人都可以给一些debugging线索?
检查“iptables -L -n”的输出。 如果在输出中没有看到端口8080打开,则可能需要这样做
在RHEL7中,你需要使用如下的firewall-cmd
firewall-cmd --zone=public --add-port=8080/tcp --permanent firewall-cmd --reload