amazon ec2 中国区,建立了http服务器后,外网无法访问。
这是个奇怪的问题,在新建的实例搭建里搭建了apache服务器,外网无法访问。是主机设置哪里有了问题,还是因为其他原因? 实例内可以访问到外网。
# 这里是在aws ec2实例内扫描,80端口确实打开。
ubuntu@ip-172-31-26-XX:~$ nmap 127.0.0.1
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-12 05:56 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00026s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 0.04 seconds
然后从一台外网主机扫描,80端口被过滤掉了。
➜ ~ nmap 54.223.209.XX
Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-12 13:51 CST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.03 seconds
➜ ~ nmap -Pn 54.223.209.XX
Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-12 13:52 CST
Nmap scan report for ec2-54-223-209-XX.cn-north-1.compute.amazonaws.com.cn (54.223.209.XX)
Host is up (0.0079s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp filtered http
443/tcp filtered https
8080/tcp filtered http-proxy
Nmap done: 1 IP address (1 host up) scanned in 1.29 seconds
于是检查防火墙,然并卵。
ubuntu@ip-172-31-26-XX:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
对外安全组设置:
端口 协议 来源 ciman
22 tcp 0.0.0.0/0 ✔
0-65535 tcp 0.0.0.0/0 ✔
80 tcp 0.0.0.0/0, 106.39.200.4/32 ✔
0-65535 udp 0.0.0.0/0 ✔
-1 icmp 0.0.0.0/0 ✔
ubuntu@ip-172-31-26-65:~$ sudo lsof -i:80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
apache2 6885 root 4u IPv6 15540 0t0 TCP *:http (LISTEN)
apache2 6888 www-data 4u IPv6 15540 0t0 TCP *:http (LISTEN)
apache2 6889 www-data 4u IPv6 15540 0t0 TCP *:http (LISTEN)
amazon-web-services aws运维-aws代维 amazon-ses 亚马逊云 云主机
不撸但不可
9 years, 9 months ago
