我正在设置一个拥有两台流浪汉机器的开发环境。一个是http服务器,另一个是redis服务器。我无法通过两台机器之间的端口6379连接。我也无法从主机连接到流浪汉机器。我在Centos中设置了这种类型的配置,但这是我第一次使用Ubuntu进行的实验。以下是详细信息,包含专用网络地址:
主持人:OSX Yosemite(192.168.33.1)
Vagrant Machines:ubuntu1404-x64
HTTP(192.168.33.22) redis的(192.168.33.20)
Redis conf:
bind 0.0.0.0
port 6379
在redis vagrant上,我可以通过以下方式连接到redis:
redis-cli -h 192.168.33.20
我可以通过以下方式连接到流浪汉机器上的主机redis:
redis-cli -h 192.168.33.1
但是我无法远程连接到vagrant redis服务器(来自主机或其他流浪汉机器)
在流浪汉机器上,我得到以下输出:
$ sudo netstat -nlpt | grep 6379
6:tcp 0 0 0.0.0.0:6379 0.0.0.0:* LISTEN 1004/redis-server 0
从主机我得到以下内容:
$:nmap -Pn -p 6379 192.168.33.20
Starting Nmap 5.51 ( http://nmap.org ) at 2015-03-15 10:48 PDT
Nmap scan report for 192.168.33.20
Host is up.
PORT STATE SERVICE
6379/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 3.39 seconds
在redis机器上,我尝试用
禁用防火墙sudo ufw disable
启用防火墙并添加(当前状态):
sudo ufw allow 6379
现在我在redis guest上得到以下输出:
$ sudo ufw status
Status: active
To Action From
-- ------ ----
6379 ALLOW Anywhere
6379 (v6) ALLOW Anywhere (v6)
但一切都没有改变。我仍然无法从其他流浪汉机器或我的主机到达该端口。 Nmap仍将端口列为"已过滤"。
编辑:如下面的评论中所述,此代码是我接管的项目,Vagrantfile是使用pupphpet创建的。 Vagrantfile是样板文件,所有配置都来自yaml文件。这是redis guest的配置:
---
vagrantfile-local:
vm:
box: puphpet/ubuntu1404-x64
box_url: puphpet/ubuntu1404-x64
hostname: ''
memory: '512'
cpus: '1'
chosen_provider: virtualbox
network:
private_network: 192.168.33.20
forwarded_port:
3KP0kJvFLAaL:
host: '6822'
guest: '22'
post_up_message: ''
provider:
virtualbox:
modifyvm:
natdnshostresolver1: on
vmware:
numvcpus: 1
parallels:
cpus: 1
provision:
puppet:
manifests_path: puphpet/puppet
manifest_file: site.pp
module_path: puphpet/puppet/modules
options:
- '--verbose'
- '--hiera_config /vagrant/puphpet/puppet/hiera.yaml'
- '--parser future'
synced_folder:
dQPBnJQ4bGCM:
owner: www-data
group: www-data
source: ./
target: /var/www
sync_type: nfs
rsync:
args:
- '--verbose'
- '--archive'
- '-z'
exclude:
- .vagrant/
auto: 'false'
usable_port_range:
start: 10200
stop: 10500
ssh:
host: null
port: null
private_key_path: null
username: vagrant
guest_port: null
keep_alive: true
forward_agent: false
forward_x11: false
shell: 'bash -l'
vagrant:
host: detect
server:
install: '1'
packages:
- vim
users_groups:
install: '1'
groups: { }
users: { }
cron:
install: '1'
jobs: { }
firewall:
install: '1'
rules: null
apache:
install: '0'
settings:
user: www-data
group: www-data
default_vhost: true
manage_user: false
manage_group: false
sendfile: 0
modules: { }
vhosts:
ryf0d2cn58ci:
servername: awesome.dev
serveraliases:
- www.awesome.dev
docroot: /var/www/awesome
port: '80'
setenv:
- 'APP_ENV dev'
directories:
thl9sg0zbb5i:
provider: directory
path: /var/www/awesome
options:
- Indexes
- FollowSymlinks
- MultiViews
allow_override:
- All
require:
- all
- granted
custom_fragment: ''
engine: php
custom_fragment: ''
ssl_cert: ''
ssl_key: ''
ssl_chain: ''
ssl_certs_dir: ''
mod_pagespeed: 0
nginx:
install: '0'
settings:
default_vhost: 1
proxy_buffer_size: 128k
proxy_buffers: '4 256k'
upstreams: { }
vhosts:
ken6pmlb2civ:
proxy: ''
server_name: awesome.dev
server_aliases:
- www.awesome.dev
www_root: /var/www/awesome
listen_port: '80'
location: \.php$
index_files:
- index.html
- index.htm
- index.php
envvars:
- 'APP_ENV dev'
engine: php
client_max_body_size: 1m
ssl_cert: ''
ssl_key: ''
php:
install: '1'
version: '56'
composer: '1'
composer_home: ''
modules:
php:
- cli
- intl
- mcrypt
pear: { }
pecl:
- pecl_http
ini:
display_errors: On
error_reporting: '-1'
session.save_path: /var/lib/php/session
timezone: America/Chicago
mod_php: 0
ruby:
install: '1'
versions:
ADSqflP7ScSN:
version: ''
nodejs:
install: '1'
npm_packages: { }
python:
install: '1'
packages: { }
versions:
B69DoSTPPd85:
version: ''
mysql:
install: '1'
override_options: { }
root_password: '123'
adminer: 0
databases:
4c8zPdNREcop:
grant:
- ALL
name: dbname
host: localhost
user: dbuser
password: '123'
sql_file: ''
redis:
install: '1'
settings:
conf_port: '6379'
conf_bind: '0.0.0.0'
答案 0 :(得分:1)
问题是防火墙。由于我是Ubuntu的新手,我虽然ufw取代了iptables,但它似乎是它的前端。我不确定为什么在ufw中添加规则并没有改变iptables,但我认为这是iptables上INPUT链中的这一行:
DROP all -- anywhere anywhere /* 999 drop all */
也许ufw被附加到iptables链的底部? 无论如何,在删除规则上方手动添加端口6379的规则可以解决问题。