lnmp安装后,启用memcached成功,但是连接超时
军哥,安装并启用memcached后,输入telnet 127.0.0.1 11211后,提示连接超时Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection timed out
关闭iptables之后,连接正常,考虑是端口问题。于是设置iptables
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP udp--0.0.0.0/0 0.0.0.0/0 udp dpt:11211
DROP tcp--0.0.0.0/0 0.0.0.0/0 tcp dpt:11211
ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 tcp dpt:22
ACCEPT all--127.0.0.1 127.0.0.1
ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 tcp dpt:80
ACCEPT tcp--127.0.0.1 0.0.0.0/0 tcp dpt:11211
ACCEPT udp--127.0.0.1 0.0.0.0/0 udp dpt:11211
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 tcp spt:22 state ESTABLISHED
ACCEPT all--127.0.0.1 127.0.0.1
ACCEPT tcp--0.0.0.0/0 0.0.0.0/0 tcp spt:80 state ESTABLISHED
之后iptables -L出现:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP udp--anywhere anywhere udp dpt:memcache
DROP tcp--anywhere anywhere tcp dpt:memcache
ACCEPT tcp--anywhere anywhere tcp dpt:ssh
ACCEPT all--localhost localhost
ACCEPT tcp--anywhere anywhere tcp dpt:http
ACCEPT tcp--localhost anywhere tcp dpt:memcache
ACCEPT udp--localhost anywhere udp dpt:memcache
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp--anywhere anywhere tcp spt:ssh state ESTABLISHED
ACCEPT all--localhost localhost
ACCEPT tcp--anywhere anywhere tcp spt:http state ESTABLISHED
我这样设置应该是正确的吧,但是还是无法连接到127.0.0.1 11211
我用的是lnmp1.3centos7 1.3 的话memcached的规则应该是加到规则末尾的,而且是只有DROP,没有127.0.0.1 11211的accept,就是1.2的话也是127.0.0.1 11211的accept在前 DROP在后
可以按https://www.vpser.net/security/linux-iptables.html 将INPUT里面的前两条删掉
页:
[1]