我使用terraform创建资源,我在子网172.1.0.0中有一个节点,没有为该节点分配安全组或规则;节点有两个端点22和80.
我使用nmap确认端口是打开的,它们是:
nmap -Pn -sT -p T:11 some-ingress.cloudapp.net
Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-08 19:02 EAT
Nmap scan report for some-ingress.cloudapp.net (1.2.3.4
Host is up (0.31s latency).
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 1.34 seconds
nmap -Pn -sT -p T:80 some-ingress.cloudapp.net
Starting Nmap 6.47 ( http://nmap.org ) at 2016-07-08 19:02 EAT
Nmap scan report for some-ingress.cloudapp.net (1.2.3.4)
Host is up (0.036s latency).
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 0.09 seconds
我已在节点上安装了nginx,并且正在运行curl 172.1.0.4
和curl 127.0.0.1
,而curl 0.0.0.0
会为我提供默认的nginx页面。
然而,curl <public ip>
或curl <dns name>
正在运行,我得到了
curl: (56) Recv failure: Connection reset by peer
我的iptables规则是:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
ACCEPT udp -- anywhere anywhere udp dpt:bootps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
为什么我不能在节点的公共IP上访问nginx?
节点位于虚拟网络172.1.0.0/16
中,子网172.1.0.0/24
我可以根据需要发布地形配置。