Question

我有一个在本地网络上运行的服务器，该服务器正在侦听端口8080。该服务器提供了RESTful接口应该将一些JSON返回给客户端。该服务器正在运行CentOS 7的计算机上运行。我在Firewalld中打开了端口8080，并且我的SELinux设置为“允许”模式。

我有一个已配置为接收HTTP请求并将其转发到端口8080上的服务器的防火墙。我还有一个URL：www.myservice.net，该URL已配置为转到我的防火墙所在的IP地址已连接。

我的服务器的本地地址是10.20.2.101。当我使用以下命令访问服务器时：

http://10.20.2.101:8080/getinfo

我没问题。我的服务器返回了我期望的JSON。

不幸的是，当我尝试使用以下方法从网络外部访问服务器时：

http://www.myservice.net:8080/getinfo

我连接失败。连接尝试始终超时。

我已经使用tcpdump查看发生了什么（我怀疑防火墙可能配置有误），而我看到的是在两种情况下，HTTP请求都到达服务器上的端口，并且当我在本地发出请求时，服务器会看到HTTP请求并对其进行处理。不幸的是，当我从网络外部发出请求时，请求到达了服务器，但是形式为许多零大小的数据包，并且HTTP请求完全没有响应！

有人可以提供一些为什么HTTP请求无法通过开放端口通过的想法吗？为什么我的服务器无法处理来自本地网络外部的请求？我是否需要在Linux机器上配置其他东西，以允许服务器处理外部请求？

TCPDUMP日志（由Elmar Brauch建议）：

这是我执行tcpdump然后转到http://10.20.2.101:8080/getinfo时得到的：

 [root@Server1 ~] sudo tcpdump --interface any -vvv port 8080
 cpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

 11:22:18.259543 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.49234: Flags [S.], cksum 0x2d9e (correct), seq 2007505089, ack 3327267992, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:22:18.259555 IP (tos 0x0, ttl 128, id 34480, offset 0, flags [DF], proto TCP (6), length 40)
     10.20.2.102.49233 > Server1.webcache: Flags [.], cksum 0xf3b7 (correct), seq 1, ack 1, win 8212, length 0
 11:22:18.259741 IP (tos 0x0, ttl 128, id 34481, offset 0, flags [DF], proto TCP (6), length 40)
 10.20.2.102.49234 > Server1.webcache: Flags [.], cksum 0xc06c (correct), seq 1, ack 1, win 8212, length 0
 11:22:18.262208 IP (tos 0x0, ttl 128, id 34482, offset 0, flags [DF], proto TCP (6), length 515)
     10.20.2.102.49233 > Server1.webcache: Flags [P.], cksum 0x344c (correct), seq 1:476, ack 1, win 8212, length 475: HTTP, length: 475
         GET /home/devices HTTP/1.1
         Host: 10.20.2.101:8080
         Connection: keep-alive
         Cache-Control: max-age=0
         Upgrade-Insecure-Requests: 1
         User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
         Accept-Encoding: gzip, deflate
         Accept-Language: en-US,en;q=0.9

 11:22:18.262283 IP (tos 0x0, ttl 64, id 25534, offset 0, flags [DF], proto TCP (6), length 40)
     Server1.webcache > 10.20.2.102.49233: Flags [.], cksum 0x1104 (correct), seq 1, ack 476, win 237, length 0
 11:22:19.058618 IP (tos 0x0, ttl 64, id 25535, offset 0, flags [DF], proto TCP (6), length 1500)
     Server1.webcache > 10.20.2.102.49233: Flags [.], cksum 0x72ed (correct), seq 1:1461, ack 476, win 237, length 1460: HTTP, length: 1460
         HTTP/1.1 200 
         Content-Type: application/json
         Content-Length: 4157
         Date: Fri, 23 Oct 2020 15:22:19 GMT
         Keep-Alive: timeout=60
         Connection: keep-alive

 {"devices":[{"name":"Generic Z-Wave Switch","label":"Upstairs Bathroom ","type":"Generic Z-Wave Switch","id":"48","date":"2020-10-23T12:44:43+0000","model":null,"manufacturer":null,"capabilities":["Switch","Polling","Configuration","Refresh","Actuator"],"attributes":{"switch":"on","dataType":"ENUM","values":["on","off"]},"commands":[{"command":"configure"},{"command":"flash"},{"command":"off"},{"command":"on"},{"command":"poll"},{"command":"refresh"}]},{"name":"Generic Z-Wave Switch","label":"Master Bedroom","type":"Generic Z-Wave Switch","id":"33","date":"2020-10-22T05:24:20+0000","model":null,"manufacturer":null,"capabilities":["Switch","Polling","Configuration","Refresh","Actuator"],"attributes":{"switch":"off","dataType":"ENUM","values":["on","off"]},"commands":[{"command":"configure"},{"command":"flash"},{"command":"off"},{"command":"on"},{"command":"poll"},{"command":"refresh"}]},{"name":"Generic Z-Wave Dimmer","label":"Soft Light Left","type":"Generic Z-Wave Dimmer","id":"35","date":"2020-10-23T07:59:29+0000","model":null,"manufacturer":null,"capabilities":["Switch","Polling","Configuration","SwitchLevel","Refresh","Actuator","ChangeLevel"],"attributes":{"level":"50","dataType":"ENUM","values":["on","off"],"switch":"off"},"commands":[{"command":"configure"},{"command":"flash"}[!http]
 11:22:19.058654 IP (tos 0x0, ttl 64, id 25536, offset 0, flags [DF], proto TCP (6), length 1500)
     Server1.webcache > 10.20.2.102.49233: Flags [.], cksum 0x2556 (correct), seq 1461:2921, ack 476, win 237, length 1460: HTTP
 11:22:19.058813 IP (tos 0x0, ttl 64, id 25537, offset 0, flags [DF], proto TCP (6), length 1433)
     Server1.webcache > 10.20.2.102.49233: Flags [P.], cksum 0x720c (correct), seq 2921:4314, ack 476, win 237, length 1393: HTTP
 11:22:19.058847 IP (tos 0x0, ttl 128, id 34495, offset 0, flags [DF], proto TCP (6), length 40)
     10.20.2.102.49233 > Server1.webcache: Flags [.], cksum 0xe674 (correct), seq 476, ack 2921, win 8212, length 0
 11:22:19.099351 IP (tos 0x0, ttl 128, id 34496, offset 0, flags [DF], proto TCP (6), length 40)
     10.20.2.102.49233 > Server1.webcache: Flags [.], cksum 0xe108 (correct), seq 476, ack 4314, win 8207, length 0
 11:22:19.836579 IP (tos 0x0, ttl 128, id 19059, offset 0, flags [none], proto TCP (6), length 40)

这是我执行tcpdump然后转到http://www.myservice.net:8080/getinfo时得到的：

 [root@Server1 ~] sudo tcpdump --interface any -vvv port 8080
 cpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes

 11:30:03.179202 IP (tos 0x0, ttl 128, id 62073, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50314 > Server1.webcache: Flags [S], cksum 0x1bef (correct), seq 1931050208, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:03.179300 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50314: Flags [S.], cksum 0xdf0a (correct), seq 2621843822, ack 1931050209, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:03.179525 IP (tos 0x0, ttl 128, id 62074, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50315 > Server1.webcache: Flags [S], cksum 0x7b62 (correct), seq 1808868532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:03.179586 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50315: Flags [S.], cksum 0x7832 (correct), seq 3006388430, ack 1808868533, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:03.429672 IP (tos 0x0, ttl 128, id 62075, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50317 > Server1.webcache: Flags [S], cksum 0x595c (correct), seq 1229678910, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:03.429760 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50317: Flags [S.], cksum 0x57e7 (correct), seq 446918562, ack 1229678911, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:04.178228 IP (tos 0x0, ttl 128, id 62076, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50314 > Server1.webcache: Flags [S], cksum 0x1bef (correct), seq 1931050208, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:04.178281 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
 Server1.webcache > 10.20.2.102.50314: Flags [S.], cksum 0xdf0a (correct), seq 2621843822, ack 1931050209, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:04.180307 IP (tos 0x0, ttl 128, id 62077, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50315 > Server1.webcache: Flags [S], cksum 0x7b62 (correct), seq 1808868532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:04.180352 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50315: Flags [S.], cksum 0x7832 (correct), seq 3006388430, ack 1808868533, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:04.430286 IP (tos 0x0, ttl 128, id 62078, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50317 > Server1.webcache: Flags [S], cksum 0x595c (correct), seq 1229678910, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:04.430369 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50317: Flags [S.], cksum 0x57e7 (correct), seq 446918562, ack 1229678911, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:04.999555 IP (tos 0x0, ttl 128, id 18649, offset 0, flags [none], proto TCP (6), length 40)
     gateway.49152 > Server1.webcache: Flags [S], cksum 0x3912 (correct), seq 5001, win 0, length 0
 11:30:04.999680 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)
     Server1.webcache > gateway.49152: Flags [S.], cksum 0x9a7a (correct), seq 1713090206, ack 5002, win 29200, options [mss 1460], length 0
 11:30:04.999877 IP (tos 0x0, ttl 64, id 57772, offset 0, flags [DF], proto TCP (6), length 75)
     gateway.49152 > Server1.webcache: Flags [R.], cksum 0x492b (correct), seq 1:36, ack 1, win 65468, length 35 [RST+ (Ref.Id: ?suf6sk4amEkP4kj2W8w4]
 11:30:05.202582 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
 Server1.webcache > 10.20.2.102.50315: Flags [S.], cksum 0x7832 (correct), seq 3006388430, ack 1808868533, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:05.602523 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50314: Flags [S.], cksum 0xdf0a (correct), seq 2621843822, ack 1931050209, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:05.802578 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50317: Flags [S.], cksum 0x57e7 (correct), seq 446918562, ack 1229678911, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:06.179304 IP (tos 0x0, ttl 128, id 62079, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50314 > Server1.webcache: Flags [S], cksum 0x1bef (correct), seq 1931050208, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:06.179394 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50314: Flags [S.], cksum 0xdf0a (correct), seq 2621843822, ack 1931050209, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:06.181185 IP (tos 0x0, ttl 128, id 62080, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50315 > Server1.webcache: Flags [S], cksum 0x7b62 (correct), seq 1808868532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:06.181249 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50315: Flags [S.], cksum 0x7832 (correct), seq 3006388430, ack 1808868533, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:06.431882 IP (tos 0x0, ttl 128, id 62081, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50317 > Server1.webcache: Flags [S], cksum 0x595c (correct), seq 1229678910, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:06.431969 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50317: Flags [S.], cksum 0x57e7 (correct), seq 446918562, ack 1229678911, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:08.402585 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50315: Flags [S.], cksum 0x7832 (correct), seq 3006388430, ack 1808868533, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:08.602590 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50314: Flags [S.], cksum 0xdf0a (correct), seq 2621843822, ack 1931050209, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:09.002511 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50317: Flags [S.], cksum 0x57e7 (correct), seq 446918562, ack 1229678911, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:09.999574 IP (tos 0x0, ttl 128, id 46329, offset 0, flags [none], proto TCP (6), length 40)
     gateway.49152 > Server1.webcache: Flags [S], cksum 0x3912 (correct), seq 5001, win 0, length 0
 11:30:09.999693 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)
     Server1.webcache > gateway.49152: Flags [S.], cksum 0x7d44 (correct), seq 1791215404, ack 5002, win 29200, options [mss 1460], length 0
 11:30:09.999890 IP (tos 0x0, ttl 64, id 47531, offset 0, flags [DF], proto TCP (6), length 75)
     gateway.49152 > Server1.webcache: Flags [R.], cksum 0x2bf6 (correct), seq 1:36, ack 1, win 65467, length 35 [RST+ (Ref.Id: ?suf6sk4amEkP4kj2W8w4]
 11:30:10.179919 IP (tos 0x0, ttl 128, id 62082, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50314 > Server1.webcache: Flags [S], cksum 0x1bef (correct), seq 1931050208, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:10.180006 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50314: Flags [S.], cksum 0xdf0a (correct), seq 2621843822, ack 1931050209, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:10.181844 IP (tos 0x0, ttl 128, id 62083, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50315 > Server1.webcache: Flags [S], cksum 0x7b62 (correct), seq 1808868532, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:10.181909 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50315: Flags [S.], cksum 0x7832 (correct), seq 3006388430, ack 1808868533, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:10.431653 IP (tos 0x0, ttl 128, id 62084, offset 0, flags [DF], proto TCP (6), length 52)
     10.20.2.102.50317 > Server1.webcache: Flags [S], cksum 0x595c (correct), seq 1229678910, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
 11:30:10.431736 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50317: Flags [S.], cksum 0x57e7 (correct), seq 446918562, ack 1229678911, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:14.002588 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50247: Flags [S.], cksum 0xacca (correct), seq 380393816, ack 3187915306, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:14.202518 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50246: Flags [S.], cksum 0xcdaa (correct), seq 3215572129, ack 1497625028, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:14.202553 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50314: Flags [S.], cksum 0xdf0a (correct), seq 2621843822, ack 1931050209, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:14.402583 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50315: Flags [S.], cksum 0x7832 (correct), seq 3006388430, ack 1808868533, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:14.602590 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50249: Flags [S.], cksum 0xca29 (correct), seq 3355912456, ack 2761569575, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:14.602644 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 52)
     Server1.webcache > 10.20.2.102.50317: Flags [S.], cksum 0x57e7 (correct), seq 446918562, ack 1229678911, win 29200, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
 11:30:14.999526 IP (tos 0x0, ttl 128, id 32202, offset 0, flags [none], proto TCP (6), length 40)
     gateway.49152 > Server1.webcache: Flags [S], cksum 0x3912 (correct), seq 5001, win 0, length 0
 11:30:14.999650 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 44)

 ...More of the same, left out for brevity...

能够在本地访问Spring Boot服务，但不能通过Internet访问

0 个答案: