我在谷歌云上有一个虚拟机,我试图通过TCP端口8890连接到它。我已经在GCP中设置了防火墙规则,所以问题出现在虚拟机防火墙上。
我使用Debian 10作为操作系统,我已经安装了ufw。ufw status命令输出如下:
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
2222 ALLOW Anywhere
21 ALLOW Anywhere
Nginx Full ALLOW Anywhere
21/tcp ALLOW Anywhere
49152:65535/tcp ALLOW Anywhere
5432 ALLOW Anywhere
8890 ALLOW Anywhere
8890/tcp ALLOW Anywhere
8890/udp ALLOW Anywhere
Anywhere ALLOW 127.0.0.1
22/tcp (v6) ALLOW Anywhere (v6)
2222 (v6) ALLOW Anywhere (v6)
21 (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
21/tcp (v6) ALLOW Anywhere (v6)
49152:65535/tcp (v6) ALLOW Anywhere (v6)
5432 (v6) ALLOW Anywhere (v6)
8890 (v6) ALLOW Anywhere (v6)
8890/tcp (v6) ALLOW Anywhere (v6)
8890/udp (v6) ALLOW Anywhere (v6)
但如果尝试telnet localhost 8890:
尝试::1…尝试127.0.0.1……telnet:无法连接到远程主机:Connection refused
netstat -tulpn | grep LISTEN命令输出如下:
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 614/nginx: master p
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 607/sshd
tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 561/postgres
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 614/nginx: master p
tcp6 0 0 :::80 :::* LISTEN 614/nginx: master p
tcp6 0 0 :::21 :::* LISTEN 433/vsftpd
tcp6 0 0 :::22 :::* LISTEN 607/sshd
tcp6 0 0 :::5432 :::* LISTEN 561/postgres
tcp6 0 0 :::443 :::* LISTEN 614/nginx: master p
这是来自Google Cloud的日志JSON:
{
insertId: "1m9sozhg3119gk8"
jsonPayload: {
connection: {
dest_ip: "10.132.0.2"
dest_port: 8890
protocol: 6
src_ip: "194.158.251.129"
src_port: 61330
}
disposition: "ALLOWED"
instance: {
project_id: "quokka-319212"
region: "europe-west1"
vm_name: "mkb-quokka"
zone: "europe-west1-b"
}
remote_location: {
continent: "Europe"
country: "che"
region: "Ticino"
}
rule_details: {
action: "ALLOW"
direction: "INGRESS"
ip_port_info: [
0: {
ip_protocol: "TCP"
port_range: [
0: "8890"
]
}
]
priority: 100
reference: "network:default/firewall:port-8890"
source_range: [
0: "0.0.0.0/0"
]
}
vpc: {
project_id: "quokka-319212"
subnetwork_name: "default"
vpc_name: "default"
}
}
logName: "projects/quokka-319212/logs/compute.googleapis.com%2Ffirewall"
receiveTimestamp: "2021-08-11T12:54:47.345480725Z"
resource: {
labels: {
location: "europe-west1-b"
project_id: "quokka-319212"
subnetwork_id: "4380110765229239135"
subnetwork_name: "default"
}
type: "gce_subnetwork"
}
timestamp: "2021-08-11T12:54:41.981790820Z"
}
确认问题是在远程,而不是在谷歌云防火墙
这是预期的行为。为了看到
tcp 0 0 0.0.0.0:8890 0.0.0.0:*
执行以下操作
1 apt-get install python # install python
2 python -m SimpleHTTPServer 8890 # server listening on port 8890
3 Open a new window #wheel top right corner > new connection to instance
4 netstat -tulpn | grep LISTEN
原因:只有当服务或其他程序正在监听该端口上的连接时,Netstat才会显示该端口。