Iptables+Nginx+Tomcat6
Ubuntu 9.10 X86
没有安装apache,就是个干净系统
想装nginx+mysql+Tomcat6
只安装nginx,使用缺省配置文件
我主要是想实现NIGINX实现tomcat6的负载.
TOMCAT6也是默认端口没有改变过
.
出现的情况都一样:无论使用ip还是域名,都无法连接, firefox和ie都说无法连接,没有给出具体的错误号
而在主机上使用curl 127.0.0.1却可以看到nginx欢迎页的代码
2010/03/03 04:42:43 [error] 306#0: *63 connect() failed (111: Connection refused) while connecting to upstream, client: 115.170.22.159, server: zhoujin.com, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "freeoa.com"
如果关掉IPTABLES就没有问题.
配置的策略如下:
# Generated by iptables-save v1.4.4 on Tue Mar 2 19:00:03 2010
*nat
:PREROUTING ACCEPT [78:4861]
:POSTROUTING ACCEPT [10:622]
:OUTPUT ACCEPT [10:622]
COMMIT
# Completed on Tue Mar 2 19:00:03 2010
# Generated by iptables-save v1.4.4 on Tue Mar 2 19:00:03 2010
*mangle
:PREROUTING ACCEPT [1578:202403]
:INPUT ACCEPT [1578:202403]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1437:944115]
:POSTROUTING ACCEPT [1437:944115]
COMMIT
# Completed on Tue Mar 2 19:00:03 2010
# Generated by iptables-save v1.4.4 on Tue Mar 2 19:00:03 2010
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1410:942495]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i venet0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
-A INPUT -j DROP
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 3306 -j ACCEPT
-A OUTPUT -s 127.0.0.1/32 -p tcp -m tcp --dport 8080 -j ACCEPT
COMMIT
# Completed on Tue Mar 2 19:00:03 2010
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
在服务器上要规则不要随便去加这个DROP,不然在服务器屏掉所有端口号。呵呵
引用来自“红薯”的帖子
# 下面是我机器上的配置
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [69433329:72212483414]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Jan 11 14:01:33 2010
# 下面是我机器上的配置
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [69433329:72212483414]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Jan 11 14:01:33 2010
引用来自“范堡”的帖子
在 IPtables 上把 相对于的端口开了麽?
在 IPtables 上把 相对于的端口开了麽?