基本C服务器：连接被拒绝错误

Question

我有一个程序应该接受端口62085处的连接并发回测试消息。代码在accept（）处挂起，即使客户端尝试连接也不会返回。为什么服务器拒绝连接？它可能是防火墙问题吗？

在OS X 10.8.3下编译时，此代码适用于我，但在Oracle Enterprise Linux上运行时拒绝连接。 accept()将永远不会接受连接，并且从另一台设备远程登录到端口会出现Connection Refused错误。以下是netstat的输出，证明程序实际上正在监听我想要的端口。我尝试了其他端口，62084,666和8080，以查看是否有东西阻塞该端口。 （netstat输出来自两个不同的命令）。

tcp  0  0 0.0.0.0:62085    0.0.0.0:*     LISTEN  11815/del-chef 

    tcp  0  0 129.133.124.83:62085  0.0.0.0:*     LISTEN  15101/del-chef 

iptables显示它也允许在所有端口上连接。

Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   
ACCEPT  all -- anywhere    anywhere   state RELATED,ESTABLISHED 
ACCEPT  icmp -- anywhere    anywhere    
ACCEPT  all -- anywhere    anywhere    
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:ssh 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:http 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:https 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:yo-main 
ACCEPT  tcp -- anywhere    anywhere   state NEW tcp dpt:terabase 
REJECT  all -- anywhere    anywhere   reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT) 
target  prot opt source    destination   
REJECT  all -- anywhere    anywhere   reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination` 

和sudo iptables -t mangle -L输出

该命令的输出是

Chain PREROUTING (policy ACCEPT) 
target  prot opt source    destination   

Chain INPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain FORWARD (policy ACCEPT) 
target  prot opt source    destination   

Chain OUTPUT (policy ACCEPT) 
target  prot opt source    destination   

Chain POSTROUTING (policy ACCEPT) 
target  prot opt source    destination   

无论是OS X设备和Enterprise Linux服务器在同一个网络上运行，所以我糊涂至于为什么当我执行telnet XXX.XXX.XXX.XXX 62085时，我收到Connection Refused错误。

相关的代码如下：

#include <sys/socket.h> 
#include <netinet/in.h> 
#include <arpa/inet.h> 
#include <stdio.h> 
#include <stdlib.h> 
#include <unistd.h> 
#include <errno.h> 
#include <string.h> 
#include <sys/types.h> 
#include <netdb.h> 
#include <fcntl.h> 
#include <syslog.h> 
#include <signal.h> 

#define BACKLOG 10 
#define PORT "62085" 

void main() { 
    struct sockaddr_in cli_addr; 
    socklen_t addr_size; 
    struct addrinfo hints, *res, *p; 
    int sockfd, new_fd; 
    memset(&hints, 0, sizeof(hints)); 
    hints.ai_family = AF_INET; // use IPv4 
    hints.ai_socktype = SOCK_STREAM; 
    hints.ai_flags = AI_PASSIVE;  // fill in my IP for me 

    if (getaddrinfo(NULL, PORT, &hints, &res) != 0){ 
     syslog(LOG_ERR, "getaddrinfo() error"); 
     exit(1); 
    } 
    for (p = res; p != NULL; p = p->ai_next){ 
     if ((sockfd = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1){ 
      syslog(LOG_ERR, "Error creating socket"); 
      continue; 
     } 
     int yes = 1; 
     if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, sizeof(int)) == -1){ 
      syslog(LOG_ERR, "Error settings socket options"); 
      exit(1); 
     } 
     if (bind(sockfd, p->ai_addr, p->ai_addrlen) == -1){ 
      close(sockfd); 
      syslog(LOG_ERR, "Error binding socket"); 
      continue; 
     } 

     break;  
    } 
    if (p == NULL){ 
     close(sockfd); 
     syslog(LOG_ERR, "Error binding socket"); 
     exit(1); 
    } 
    freeaddrinfo(res); // free memory now that it is no longer in use 

    if (listen(sockfd, BACKLOG) == -1){ 
     close(sockfd); 
     syslog(LOG_ERR, "Error listening"); 
     exit(1); 
    } 
    syslog(LOG_INFO, "Waiting for connections"); 
    addr_size = sizeof(cli_addr); 
    if (new_fd = accept(sockfd, (struct sockaddr *)&cli_addr, &addr_size) == -1){ 
     syslog(LOG_ERR, "Error accepting connection"); 
    } 
} 

Answer 1

原来，这是iptables，发行service stop iptables允许代码工作。我最终加入以下规则iptables的：

sudo iptables -I INPUT 5 -m state --state NEW -m tcp -p tcp --dport 62085 -j ACCEPT

Answer 2

没有什么错，你已经显示的代码，所以这个问题是外部应用程式。由于你的套接字显然是在监听，并且没有耗尽其积压，所以连接拒绝错误意味着操作系统本身，或者可能/可能是防火墙/路由器，在连接到达你的应用程序之前拒绝连接。