# netstat -nap | head -2
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
In short, your process is bound to a loopback interface which cannot receive packets from an external network. You'll need to reconfigure the process bound to port 8020 to bind to an external interface to be able to connect to it from another host.
The long answer is that the two addresses you site (127.0.0.1 and 0.0.0.0) are both special in certain ways, and it is useful to understand what you're seeing.
Addresses in the 127.0.0.0/8 Internet Protocol address block (of which 127.0.0.1 is one) are reserved for use internally on a host. See rfc5735 for details, but there's nothing special about these addresses except that all IP hosts use the same rules and aren't setup to route these addresses outside a host or router.
On your computer, you'll usually see a special "loopback" network interface that has 127.0.0.1 assigned.
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
This interface is special and never connected to an external network. It is used when a program wants to connect to a service on the local machine as 127.0.0.1 will almost always be configured as an active network interface. Packets will only arrive on this interface if they are sent from a local process.
The other address you site, 0.0.0.0 is special and usually represents all IP addresses mapped to any network interface on your computer. When a program wants to listen for connections arriving on any network interface or IP address, it will bind a TCP/UDP port to 0.0.0.0 to listen for connections.
In your case, however, you're reporting netstat output listing 0.0.0.0 on lines describing TCP sockets in a LISTEN state. In this case, netstat is listing sockets listening for connections and using 0.0.0.0:* as a place holder for the foreign address field of it's output. In this case, 0.0.0.0:* signifies that the socket is waiting for a connection from any host.
Regarding your question on "tcp 0" vs. "unix 2", these are the first two columns of your netstat output. A look at the column headers from your netstat command is useful:
# netstat -nap | head -2
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
What you're reporting as "tcp 0" simply means a socket using the TCP protocol has zero bytes in the received queue waiting for the program connected to this socket to consume. Similarly, "unix 2" is what's called a unix socket with two bytes waiting in its receive queue for the connected process to consume.
TCP sockets are part of the TCP/IP stack that can be used locally or across IP networks for processes to communicate. UNIX sockets, on the other hand, are simpler and only used for what's called IPC or inter-process communication which only happens between two processes both running on the local system, and there's no networking involved (no addresses and ports anyway). UNIX sockets are considered to be more efficient than TCP sockets, but they are obviously more limited in function. On UNIX-like systems UNIX sockets are implemented as a file on the file system of a special "socket" type that both processes using the socket read and write to as a communication channel.
1) Without binding it to 0.0.0.0, you can still access the service through a tunnel. This is similar to using a proxy as David Schwartz mentioned. There's a few assumptions I'm making for this example:
The server is running a service bound to 127.0.0.1:8020, we'll call it 'myservice'.
The server is running OpenSSH server 'sshd' on the default port of TCP 22, and the user can log in with the username 'myusername'.
The client is running a system with OpenSSH client installed.
The server is accessible via the IP address of 10.20.30.40.
On the client, SSH to the server with the following command:
Once you log in, minimize the SSH window. In another window on the client, run netstat to find listening ports. You should see 127.0.0.1:12345, just like on the server.
On the client, connect to the service on 127.0.0.1:12345. You should now be connected to the 'myservice' instance on the server, even though you made the connection to the client's local loopback interface.
The trick here is that SSH is tunneling a listening socket on the client to the listening socket on the server. I've made the port numbers different for clarity.
1) You would either need to modify the server to bind to a publicly accessible address (or 0.0.0.0) or run a local proxy to handle the connection.
2) TCP connections use the TCP protocol, the one used for connection-oriented traffic on the Internet. UNIX connections use a strictly local protocol that is much simpler than TCP (because it doesn't have to deal with dropped packets, lost routes, corrupted data, out of order packets, and so on).
发布评论
评论(4)
简而言之,您的进程被绑定到一个环回接口,该接口无法接收来自外部网络的数据包。您需要重新配置绑定到端口 8020 的进程以绑定到外部接口,以便能够从另一台主机连接到它。
长的答案是,您站点的两个地址(127.0.0.1 和 0.0.0.0)在某些方面都很特殊,了解您所看到的内容很有用。
127.0.0.0/8 Internet 协议地址块(其中 127.0.0.1 是其中之一)中的地址保留供主机内部使用。有关详细信息,请参阅 rfc5735,但这些地址没有什么特别之处,除了所有 IP 主机都使用相同的规则,并且未设置为在主机或路由器外部路由这些地址。
在您的计算机上,您通常会看到一个分配了 127.0.0.1 的特殊“环回”网络接口。
该接口比较特殊,永远不会连接到外部网络。当程序想要连接到本地计算机上的服务时使用它,因为 127.0.0.1 几乎总是被配置为活动网络接口。只有从本地进程发送的数据包才会到达此接口。
您站点的另一个地址 0.0.0.0 很特殊,通常代表映射到您计算机上任何网络接口的所有 IP 地址。当程序想要侦听到达任何网络接口或 IP 地址的连接时,它会将 TCP/UDP 端口绑定到 0.0.0.0 来侦听连接。
然而,在您的情况下,您报告的 netstat 输出在描述处于 LISTEN 状态的 TCP 套接字的行上列出了 0.0.0.0。在本例中,netstat 列出侦听连接的套接字,并使用 0.0.0.0:* 作为其输出的外部地址字段的占位符。在这种情况下,0.0.0.0:* 表示套接字正在等待来自任何主机的连接。
关于您关于“tcp 0”与“unix 2”的问题,这些是 netstat 输出的前两列。查看 netstat 命令中的列标题很有用:
您报告的“tcp 0”仅意味着使用 TCP 协议的套接字在接收队列中有零字节等待连接到该套接字的程序使用。类似地,“unix 2”是所谓的 unix 套接字,其接收队列中有两个字节等待连接的进程使用。
TCP 套接字是 TCP/IP 堆栈的一部分,可在本地或跨 IP 网络用于进程通信。另一方面,UNIX 套接字更简单,仅用于所谓的 IPC 或进程间通信,这种通信仅发生在本地系统上运行的两个进程之间,并且不涉及网络(无论如何都没有地址和端口)。 UNIX套接字被认为比TCP套接字更高效,但它们的功能显然更加有限。在类 UNIX 系统上,UNIX 套接字被实现为文件系统上特殊“套接字”类型的文件,两个进程都使用套接字作为通信通道进行读写。
In short, your process is bound to a loopback interface which cannot receive packets from an external network. You'll need to reconfigure the process bound to port 8020 to bind to an external interface to be able to connect to it from another host.
The long answer is that the two addresses you site (127.0.0.1 and 0.0.0.0) are both special in certain ways, and it is useful to understand what you're seeing.
Addresses in the 127.0.0.0/8 Internet Protocol address block (of which 127.0.0.1 is one) are reserved for use internally on a host. See rfc5735 for details, but there's nothing special about these addresses except that all IP hosts use the same rules and aren't setup to route these addresses outside a host or router.
On your computer, you'll usually see a special "loopback" network interface that has 127.0.0.1 assigned.
This interface is special and never connected to an external network. It is used when a program wants to connect to a service on the local machine as 127.0.0.1 will almost always be configured as an active network interface. Packets will only arrive on this interface if they are sent from a local process.
The other address you site, 0.0.0.0 is special and usually represents all IP addresses mapped to any network interface on your computer. When a program wants to listen for connections arriving on any network interface or IP address, it will bind a TCP/UDP port to 0.0.0.0 to listen for connections.
In your case, however, you're reporting netstat output listing 0.0.0.0 on lines describing TCP sockets in a LISTEN state. In this case, netstat is listing sockets listening for connections and using 0.0.0.0:* as a place holder for the foreign address field of it's output. In this case, 0.0.0.0:* signifies that the socket is waiting for a connection from any host.
Regarding your question on "tcp 0" vs. "unix 2", these are the first two columns of your netstat output. A look at the column headers from your netstat command is useful:
What you're reporting as "tcp 0" simply means a socket using the TCP protocol has zero bytes in the received queue waiting for the program connected to this socket to consume. Similarly, "unix 2" is what's called a unix socket with two bytes waiting in its receive queue for the connected process to consume.
TCP sockets are part of the TCP/IP stack that can be used locally or across IP networks for processes to communicate. UNIX sockets, on the other hand, are simpler and only used for what's called IPC or inter-process communication which only happens between two processes both running on the local system, and there's no networking involved (no addresses and ports anyway). UNIX sockets are considered to be more efficient than TCP sockets, but they are obviously more limited in function. On UNIX-like systems UNIX sockets are implemented as a file on the file system of a special "socket" type that both processes using the socket read and write to as a communication channel.
1)不绑定0.0.0.0,仍然可以通过隧道访问服务。这类似于 David Schwartz 提到的使用代理。我对此示例做了一些假设:
在客户端上,使用以下命令通过 SSH 连接到服务器:
登录后,最小化 SSH 窗口。在客户端的另一个窗口中,运行netstat查找监听端口。您应该看到 127.0.0.1:12345,就像在服务器上一样。
在客户端上,连接到 127.0.0.1:12345 上的服务。即使您已连接到客户端的本地环回接口,您现在也应该连接到服务器上的“myservice”实例。
这里的技巧是 SSH 将客户端上的侦听套接字通过隧道传输到服务器上的侦听套接字。为了清楚起见,我将端口号设置为不同。
1) Without binding it to 0.0.0.0, you can still access the service through a tunnel. This is similar to using a proxy as David Schwartz mentioned. There's a few assumptions I'm making for this example:
On the client, SSH to the server with the following command:
Once you log in, minimize the SSH window. In another window on the client, run netstat to find listening ports. You should see 127.0.0.1:12345, just like on the server.
On the client, connect to the service on 127.0.0.1:12345. You should now be connected to the 'myservice' instance on the server, even though you made the connection to the client's local loopback interface.
The trick here is that SSH is tunneling a listening socket on the client to the listening socket on the server. I've made the port numbers different for clarity.
1) 您需要修改服务器以绑定到可公开访问的地址(或 0.0.0.0),或者运行本地代理来处理连接。
2) TCP 连接使用 TCP 协议,该协议用于 Internet 上面向连接的流量。 UNIX 连接使用严格的本地协议,该协议比 TCP 简单得多(因为它不必处理丢失的数据包、丢失的路由、损坏的数据、乱序的数据包等)。
1) You would either need to modify the server to bind to a publicly accessible address (or 0.0.0.0) or run a local proxy to handle the connection.
2) TCP connections use the TCP protocol, the one used for connection-oriented traffic on the Internet. UNIX connections use a strictly local protocol that is much simpler than TCP (because it doesn't have to deal with dropped packets, lost routes, corrupted data, out of order packets, and so on).
1)你不能(如果你的意思是从另一台机器 - 127.0.0.1是本地主机,并且根据定义你只能从本地机器连接到它
2)第一列显示套接字的域 - tcp是tcp套接字,unix是unix域套接字。
至于你问题3的答案;-)
3) 42
1) You cannot (if you mean from another machine - 127.0.0.1 is localhost and by definition you can only connect to it from the local machine
2) The first column shows the domain of the sockets - tcp are tcp sockets and unix are unix domain sockets.
And as for the answer to you question 3 ;-)
3) 42