Hello, everyone. Today, I will analyze a port mapping problem.
Fault Description
On the U2000 V200R014C60, a user opens the NE Explorer but finds that:
1.In the case of an OSN 9800 U32, the error message "Unable to connect. Firefox can't establish a connection to the server atXXX." is displayed.
2.In the case of a WDM or SDH NE,WDM Interfaceis absent from the navigation tree or "Failed to connect with WebServer" is displayed in the lower left corner.
Problem Identification
Linux has lost the mapping rules for ports 80 and 443 in the ip tables.
Cause Analysis
1. Log in to the OS as the oss user run the daem_ps command to view all httpd services.
2.Test the CAU by entering https://U2000 server IP address/cauin the address box of Internet Explorer.
The CAU tool is not available.
3.Test the CLI by entering telnet IP address 80.
Port 80 cannot be connected in telnet mode.
4. Log in to the Linux OS as the root user and run the following commands:
/usr/sbin/iptables -t nat -L | grep 31837
/usr/sbin/iptables -t nat -L | grep 31838
If errors are reported or no information is returned in all the preceding steps, the mapping rules for ports 80 and 443 are lost. The http services of the U2000 are not running, and related functions are unavailable
Solution
Because the ip tables is written in the kernel, it does not store port mapping rules permanently. Instead, port mapping rules are lost after OS restart. To address this issue, you have to add the port mapping rules, as follows:
1. Run the following commands to add the port mapping rules:
/usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 31837
/usr/sbin/iptables -t nat -A OUTPUT -p tcp -o lo --dport 80 -j REDIRECT --to-ports 31837
/usr/sbin/iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 31838
/usr/sbin/iptables -t nat -A OUTPUT -p tcp -o lo --dport 443 -j REDIRECT --to-ports 31838
2. Run the following commands to save the iptables information to a file:
iptables-save> /opt/oss/iptables.save
3. Add the following command to the/etc/init.d/boot.localfile:
iptables-restore /opt/oss/iptables.save
4. Log in to the Linux OS as the rootuser and query the port mapping rules again.
The rules ware present.
1.Before making any rectification on the live network, ask Huawei U2000 R&D engineers to review the rectification plan to ensure that the rectification will cause no adverse impact on the U2000.
2.Collect the following information when necessary:
− OS logs:var\log\message*
− Information returned by the supportconfig command:var/log/nts_*
