无法打开端口443，尽管apache在监听，ufw还是在机器上本地打开

Question

大家好，乌本图爱好者们。我尝试在我的服务器上打开端口443 (在一个专用网络上)已经有一段时间了，但是我被困住了。它是在ufw上打开的，apache正在监听该端口，但不知怎么的，我无法从同一专用网络上的不同机器访问该端口(两者都位于同一路由器上)。

在这里，我列出了通常的端口故障排除命令的输出。非常感谢您能给我的帮助，谢谢！)

注意:我正在运行Ubuntu13.04(我知道它很旧，但是我有一个不允许我升级的项目)。

服务器内部wget的结果192.168.0.11443(它显然是连接的)

wget https://192.168.0.11 -无支票证书

Connecting to 192.168.0.11:443... connected.
WARNING: cannot verify 192.168.0.11's certificate, issued by ‘/C=AT/O=ZeroSSL/CN=ZeroSSL RSA Domain Secure Site CA’:
  Unable to locally verify the issuer's authority.
result of wget from machine on the same private network (clearly not connecting)

wget https://192.168.0.11 -无支票证书

Connecting to 192.168.0.11:443... failed: Operation timed out.
Retrying.

nmap的结果-sT 192.168.0.11来自服务器内部(IP的服务器)。显然是打开的。

Nmap scan report for 192.168.0.11
Host is up (0.00050s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
1723/tcp open  pptp
8009/tcp open  ajp13
8080/tcp open  http-proxy
8081/tcp open  blackice-icecap

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

nmap -sT 192.168.0.11 (来自同一专用网络上的客户端)的结果-端口看起来已关闭

Starting Nmap 7.91 ( https://nmap.org ) at 2021-12-16 09:10 EST
Nmap scan report for 192.168.0.11
Host is up (0.0021s latency).
Not shown: 997 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
444/tcp closed snpp

Nmap done: 1 IP address (1 host up) scanned in 4.16 seconds

netstat -tlnp的结果(看起来apache是绑定和侦听的)

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      1232/mysqld     
tcp        0      0 0.0.0.0:8081            0.0.0.0:*               LISTEN      1207/mono       
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      2074/dnsmasq    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      993/sshd        
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1061/cupsd      
tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN      1248/pptpd      
tcp6       0      0 :::8009                 :::*                    LISTEN      1370/java       
tcp6       0      0 :::80                   :::*                    LISTEN      27146/apache2   
tcp6       0      0 :::8080                 :::*                    LISTEN      1370/java       
tcp6       0      0 :::22                   :::*                    LISTEN      993/sshd        
tcp6       0      0 ::1:631                 :::*                    LISTEN      1061/cupsd      
tcp6       0      0 :::443                  :::*                    LISTEN      27146/apache2   
tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      1370/java
Result of sudo lsof -iTCP -sTCP:LISTEN -P (looks like apache is listening)

COMMAND   PID     USER   FD   TYPE  DEVICE SIZE/OFF NODE NAME
sshd      993     root    3u  IPv4    8811      0t0  TCP *:22 (LISTEN)
sshd      993     root    4u  IPv6    8813      0t0  TCP *:22 (LISTEN)
cupsd    1061     root    9u  IPv6 1121403      0t0  TCP ip6-localhost:631 (LISTEN)
cupsd    1061     root   10u  IPv4 1121404      0t0  TCP localhost:631 (LISTEN)
mono     1207 dekiwiki    5u  IPv4   10961      0t0  TCP *:8081 (LISTEN)
mysqld   1232    mysql   10u  IPv4   12403      0t0  TCP localhost:3306 (LISTEN)
pptpd    1248     root    6u  IPv4   10654      0t0  TCP *:1723 (LISTEN)
java     1370   tomcat   48u  IPv6   11175      0t0  TCP *:8080 (LISTEN)
java     1370   tomcat   53u  IPv6   11179      0t0  TCP *:8009 (LISTEN)
java     1370   tomcat   72u  IPv6   14691      0t0  TCP localhost:8005 (LISTEN)
dnsmasq  2074   nobody    5u  IPv4   12631      0t0  TCP aperture:53 (LISTEN)
apache2 27146     root    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27146     root    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27151 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27151 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27152 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27152 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27153 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27153 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27154 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27154 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27155 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27155 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)
apache2 27158 www-data    4u  IPv6 1141498      0t0  TCP *:80 (LISTEN)
apache2 27158 www-data    6u  IPv6 1141502      0t0  TCP *:443 (LISTEN)

不明飞行物状况的结果：

Status: active

To                         Action      From
--                         ------      ----
443                        ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
444/tcp                    ALLOW       Anywhere
22                         ALLOW       Anywhere
80                         ALLOW       Anywhere
443                        ALLOW       Anywhere (v6)
443/tcp                    ALLOW       Anywhere (v6)
444/tcp                    ALLOW       Anywhere (v6)
22                         ALLOW       Anywhere (v6)
80                         ALLOW       Anywhere (v6)

sudo iptables -L的结果这是一个很大的输出，所以我把它放在pastebin中(我尝试了sudo iptables -I INPUT 5 -p tcp -dport 443 -j ACCEPT)

https://pastebin.com/DV8A3EFF

Answer 1

对于那些正努力解决同样问题的人，我将apache更改为端口8443，并将所有443通信量转发到8443。我还是不知道为什么443端口会被阻塞。现在起作用了。

当我将apache切换到8443时，8443端口在nmap -P上打开了。然而，当我切换回443时，443端口没有打开。所以很明显，有一些东西阻止了443被打开。

这是有可能的，它与我的Tp-链接弓箭手X-60路由器。不确定，为什么专用网内的443通信被阻塞。