[英]why does the host always response `RST` though the server is listening on the port?
我正在使用gitlab docker image
部署服务,主机上的Web端口为8080
。 运行gitlab
,我可以看到端口正常:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
b85d87da48df genezys/gitlab:7.5.2 "/bin/sh -c 'gitlab- 25 minutes ago Up 25 minutes 0.0.0.0:2222->22/tcp, 0.0.0.0:8080->80/tcp gitlab_app
netstat
命令也会显示OK:
[root@localhost backup]# netstat -nlp | grep 8080
tcp6 0 0 :::8080 :::* LISTEN 12489/docker-proxy
但是Web浏览器无法成功连接8080
( http://10.137.20.112:8080/ ), tcpdump
输出如下所示:
[root@localhost ~]# tcpdump -i enp2s0f1 port 8080 -vv
tcpdump: listening on enp2s0f1, link-type EN10MB (Ethernet), capture size 65535 bytes
02:40:00.808034 IP (tos 0x0, ttl 128, id 4031, offset 0, flags [DF], proto TCP (6), length 52)
perfls15.americas.hpqcorp.net.53178 > 10.137.20.112.webcache: Flags [S], cksum 0x17d1 (correct), seq 997417494, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
02:40:00.808141 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 40)
10.137.20.112.webcache > perfls15.americas.hpqcorp.net.53178: Flags [R.], cksum 0x788a (correct), seq 0, ack 997417495, win 0, length 0
02:40:01.322048 IP (tos 0x0, ttl 128, id 4032, offset 0, flags [DF], proto TCP (6), length 52)
perfls15.americas.hpqcorp.net.53178 > 10.137.20.112.webcache: Flags [S], cksum 0x17d1 (correct), seq 997417494, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
02:40:01.322123 IP (tos 0x0, ttl 63, id 0, offset 0, flags [DF], proto TCP (6), length 40)
10.137.20.112.webcache > perfls15.americas.hpqcorp.net.53178: Flags [R.], cksum 0x788a (correct), seq 0, ack 1, win 0, length 0
02:40:01.821289 IP (tos 0x0, ttl 128, id 4033, offset 0, flags [DF], proto TCP (6), length 48)
......
我看不到主机为什么总是响应RST
,有人可以提供一些调试提示吗?
检查“ iptables -L -n”的输出。 如果您看不到该输出中打开的端口8080,则可能需要这样做
对于RHEL7,您需要使用以下firewall-cmd
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.