基本C服務器：連接被拒絕錯誤

Question

我有一個程序應該接受端口62085處的連接併發回測試消息。代碼在accept（）處掛起，即使客戶端嘗試連接也不會返回。爲什麼服務器拒絕連接？它可能是防火牆問題嗎？

在OS X 10.8.3下編譯時，此代碼適用於我，但在Oracle Enterprise Linux上運行時拒絕連接。 accept()將永遠不會接受連接，並且從另一臺設備遠程登錄到端口會出現Connection Refused錯誤。以下是netstat的輸出，證明程序實際上正在監聽我想要的端口。我嘗試了其他端口，62084,666和8080，以查看是否有東西阻塞該端口。 （netstat輸出來自兩個不同的命令）。

tcp  0  0 0.0.0.0:62085    0.0.0.0:*     LISTEN  11815/del-chef 

    tcp  0  0 129.133.124.83:62085  0.0.0.0:*     LISTEN  15101/del-chef 

iptables顯示它也允許在所有端口上連接。

Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   
ACCEPT  all -- anywhere    anywhere   state RELATED,ESTABLISHED 
ACCEPT  icmp -- anywhere    anywhere    
ACCEPT  all -- anywhere    anywhere    
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:ssh 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:http 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:https 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:yo-main 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:terabase 
REJECT  all -- anywhere    anywhere   reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT) 
target  prot opt source    destination   
REJECT  all -- anywhere    anywhere   reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination` 

和sudo iptables -t mangle -L輸出

該命令的輸出是

Chain PREROUTING (policy ACCEPT) 
target  prot opt source    destination   

Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain FORWARD (policy ACCEPT) 
target  prot opt source    destination   

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain POSTROUTING (policy ACCEPT) 
target  prot opt source    destination   

無論是OS X設備和Enterprise Linux服務器在同一個網絡上運行，所以我糊塗至於爲什麼當我執行telnet XXX.XXX.XXX.XXX 62085時，我收到Connection Refused錯誤。

相關的代碼如下：

#include <sys/socket.h> 
#include <netinet/in.h> 
#include <arpa/inet.h> 
#include <stdio.h> 
#include <stdlib.h> 
#include <unistd.h> 
#include <errno.h> 
#include <string.h> 
#include <sys/types.h> 
#include <netdb.h> 
#include <fcntl.h> 
#include <syslog.h> 
#include <signal.h> 

#define BACKLOG 10 
#define PORT "62085" 

void main() { 
    struct sockaddr_in cli_addr; 
    socklen_t addr_size; 
    struct addrinfo hints, *res, *p; 
    int sockfd, new_fd; 
    memset(&hints, 0, sizeof(hints)); 
    hints.ai_family = AF_INET; // use IPv4 
    hints.ai_socktype = SOCK_STREAM; 
    hints.ai_flags = AI_PASSIVE;  // fill in my IP for me 

    if (getaddrinfo(NULL, PORT, &hints, &res) != 0){ 
     syslog(LOG_ERR, "getaddrinfo() error"); 
     exit(1); 
    } 
    for (p = res; p != NULL; p = p->ai_next){ 
     if ((sockfd = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1){ 
      syslog(LOG_ERR, "Error creating socket"); 
      continue; 
     } 
     int yes = 1; 
     if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1){ 
      syslog(LOG_ERR, "Error settings socket options"); 
      exit(1); 
     } 
     if (bind(sockfd, p->ai_addr, p->ai_addrlen) == -1){ 
      close(sockfd); 
      syslog(LOG_ERR, "Error binding socket"); 
      continue; 
     } 

     break;  
    } 
    if (p == NULL){ 
     close(sockfd); 
     syslog(LOG_ERR, "Error binding socket"); 
     exit(1); 
    } 
    freeaddrinfo(res); // free memory now that it is no longer in use 

    if (listen(sockfd, BACKLOG) == -1){ 
     close(sockfd); 
     syslog(LOG_ERR, "Error listening"); 
     exit(1); 
    } 
    syslog(LOG_INFO, "Waiting for connections"); 
    addr_size = sizeof(cli_addr); 
    if (new_fd = accept(sockfd, (struct sockaddr *)&cli_addr, &addr_size) == -1){ 
     syslog(LOG_ERR, "Error accepting connection"); 
    } 
} 

Answer 1

原來，這是iptables，發行service stop iptables允許代碼工作。我最終加入以下規則iptables的：

sudo iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp --dport 62085 -j ACCEPT

Answer 2

沒有什麼錯，你已經顯示的代碼，所以這個問題是外部應用程式。由於你的套接字顯然是在監聽，並且沒有耗盡其積壓，所以連接拒絕錯誤意味着操作系統本身，或者可能/可能是防火牆/路由器，在連接到達你的應用程序之前拒絕連接。