Websphere Liberty安装在Ubuntu(IP 10.0.0.5),Ubuntu安装在虚拟机VMware,网络使用桥接模式,Liberty安装完后,可以成功启动,Liberty server端口9080。
从Ubuntu 可以telnet 127.0.0.1 9080
但不能 telnet 10.0.0.5 9080
从外部主机(物理机ip 10.0.0.4,windows防火墙已关闭)可以访问21、22端口,但不能访问9080端口,也有尝试切换Liberty端口为其他端口,均不能访问。
检测端口监听情况如下
root@ubuntu:~# netstat -ntupl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 829/sshd
tcp6 0 0 :::21 :::* LISTEN 832/vsftpd
tcp6 0 0 :::22 :::* LISTEN 829/sshd
tcp6 0 0 127.0.0.1:9080 :::* LISTEN 993/java
tcp6 0 0 127.0.0.1:55521 :::* LISTEN 993/java
udp 0 0 0.0.0.0:68 0.0.0.0:* 799/dhclient
检查防火墙,也有尝试 ufw disable
root@ubuntu:~# ufw status
Status: active
To Action From
9080 ALLOW Anywhere
9088 ALLOW Anywhere
9088/tcp ALLOW Anywhere
9080/tcp ALLOW Anywhere
9443/tcp ALLOW Anywhere
Anywhere ALLOW 10.0.0.4 9088
Anywhere ALLOW 10.0.0.5 9088
9080 (v6) ALLOW Anywhere (v6)
9088 (v6) ALLOW Anywhere (v6)
9088/tcp (v6) ALLOW Anywhere (v6)
9080/tcp (v6) ALLOW Anywhere (v6)
9443/tcp (v6) ALLOW Anywhere (v6)
iptable 有尝试添加路由规则
iptables -F
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
检查规则
root@ubuntu:~# iptables -S
-P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -i lo -j ACCEPT
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A INPUT -p tcp -m tcp --dport 9088 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9081 -j ACCEPT
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j ACCEPT
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 9080 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 9080 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 9088 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 9088 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 9088 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 9080 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 9443 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
哪位大神,帮指点下。鄙人将感激不尽。