1) You would either need to modify the server to bind to a publicly accessible address (or 0.0.0.0) or run a local proxy to handle the connection.

1) 您需要修改服务器以绑定到可公开访问的地址（或 0.0.0.0）或运行本地代理来处理连接。

2) TCP connections use the TCP protocol, the one used for connection-oriented traffic on the Internet. UNIX connections use a strictly local protocol that is much simpler than TCP (because it doesn't have to deal with dropped packets, lost routes, corrupted data, out of order packets, and so on).

2) TCP 连接使用 TCP 协议，该协议用于 Internet 上面向连接的流量。UNIX 连接使用比 TCP 简单得多的严格本地协议（因为它不必处理丢弃的数据包、丢失的路由、损坏的数据、乱序的数据包等）。

1) You cannot (if you mean from another machine - 127.0.0.1 is localhost and by definition you can only connect to it from the local machine

1）你不能（如果你的意思是从另一台机器 - 127.0.0.1 是本地主机，根据定义你只能从本地机器连接到它

2) The first column shows the domain of the sockets - tcp are tcp sockets and unix are unix domain sockets.

2) 第一列显示套接字的域 - tcp 是 tcp 套接字，unix 是 unix 域套接字。

And as for the answer to you question 3 ;-)

至于你的问题3的答案;-)

3) 42

3) 42

In short, your process is bound to a loopback interface which cannot receive packets from an external network. You'll need to reconfigure the process bound to port 8020 to bind to an external interface to be able to connect to it from another host.

简而言之，您的进程绑定到无法从外部网络接收数据包的环回接口。您需要重新配置绑定到端口 8020 的进程以绑定到外部接口，以便能够从另一台主机连接到它。

The long answer is that the two addresses you site (127.0.0.1 and 0.0.0.0) are both special in certain ways, and it is useful to understand what you're seeing.

长的答案是您站点的两个地址（127.0.0.1 和 0.0.0.0）在某些方面都很特殊，了解您所看到的内容很有用。

Addresses in the 127.0.0.0/8 Internet Protocol address block (of which 127.0.0.1 is one) are reserved for use internally on a host. See rfc5735for details, but there's nothing special about these addresses except that all IP hosts use the same rules and aren't setup to route these addresses outside a host or router.

127.0.0.0/8 Internet 协议地址块（其中 127.0.0.1 是其中之一）中的地址保留供主机内部使用。有关详细信息，请参阅rfc5735，但这些地址没有什么特别之处，只是所有 IP 主机都使用相同的规则，并且没有设置为将这些地址路由到主机或路由器之外。

On your computer, you'll usually see a special "loopback" network interface that has 127.0.0.1 assigned.

在您的计算机上，您通常会看到一个特殊的“环回”网络接口，该接口分配了 127.0.0.1。

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0

This interface is special and never connected to an external network. It is used when a program wants to connect to a service on the local machine as 127.0.0.1 will almost always be configured as an active network interface. Packets will only arrive on this interface if they are sent from a local process.

这个接口很特殊，从不连接外部网络。当程序想要连接到本地机器上的服务时使用它，因为 127.0.0.1 几乎总是被配置为活动网络接口。如果数据包是从本地进程发送的，则它们只会到达此接口。

The other address you site, 0.0.0.0 is special and usually represents all IP addresses mapped to any network interface on your computer. When a program wants to listen for connections arriving on any network interface or IP address, it will bind a TCP/UDP port to 0.0.0.0 to listen for connections.

您站点的另一个地址 0.0.0.0 是特殊的，通常代表映射到您计算机上任何网络接口的所有 IP 地址。当程序想要侦听到达任何网络接口或 IP 地址的连接时，它会将 TCP/UDP 端口绑定到 0.0.0.0 以侦听连接。

In your case, however, you're reporting netstat output listing 0.0.0.0 on lines describing TCP sockets in a LISTEN state. In this case, netstat is listing sockets listening for connections and using 0.0.0.0:* as a place holder for the foreign address field of it's output. In this case, 0.0.0.0:* signifies that the socket is waiting for a connection from any host.

但是，在您的情况下，您在描述处于 LISTEN 状态的 TCP 套接字的行上报告 netstat 输出列表 0.0.0.0。在这种情况下，netstat 列出侦听连接的套接字并使用 0.0.0.0:* 作为其输出的外部地址字段的占位符。在这种情况下，0.0.0.0:* 表示套接字正在等待来自任何主机的连接。

Regarding your question on "tcp 0" vs. "unix 2", these are the first two columns of your netstat output. A look at the column headers from your netstat command is useful:

关于您关于“tcp 0”与“unix 2”的问题，这些是您的 netstat 输出的前两列。从您的 netstat 命令查看列标题很有用：

# netstat -nap | head -2
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name 

What you're reporting as "tcp 0" simply means a socket using the TCP protocol has zero bytes in the received queue waiting for the program connected to this socket to consume. Similarly, "unix 2" is what's called a unix socket with two bytes waiting in its receive queue for the connected process to consume.

您报告为“tcp 0”的内容仅表示使用 TCP 协议的套接字在接收队列中等待连接到该套接字的程序使用的字节数为零。类似地，“unix 2”是所谓的 unix 套接字，其中有两个字节在其接收队列中等待连接的进程使用。

TCP sockets are part of the TCP/IP stack that can be used locally or across IP networks for processes to communicate. UNIX sockets, on the other hand, are simpler and only used for what's called IPC or inter-process communication which only happens between two processes both running on the local system, and there's no networking involved (no addresses and ports anyway). UNIX sockets are considered to be more efficient than TCP sockets, but they are obviously more limited in function. On UNIX-like systems UNIX sockets are implemented as a file on the file system of a special "socket" type that both processes using the socket read and write to as a communication channel.

TCP 套接字是 TCP/IP 堆栈的一部分，可以在本地或跨 IP 网络使用，以便进程进行通信。另一方面，UNIX 套接字更简单，仅用于所谓的 IPC 或进程间通信，这种通信只发生在本地系统上运行的两个进程之间，并且不涉及网络（无论如何都没有地址和端口）。UNIX 套接字被认为比 TCP 套接字更高效，但它们的功能显然更有限。在类 UNIX 系统上，UNIX 套接字被实现为文件系统上特殊“套接字”类型的文件，两个进程都使用套接字读取和写入作为通信通道。

1) Without binding it to 0.0.0.0, you can still access the service through a tunnel. This is similar to using a proxy as David Schwartz mentioned. There's a few assumptions I'm making for this example:

1）不绑定0.0.0.0，依然可以通过隧道访问服务。这类似于 David Schwartz 提到的使用代理。我对这个例子做了一些假设：

1. The server is running a service bound to 127.0.0.1:8020, we'll call it 'myservice'.
2. The server is running OpenSSH server 'sshd' on the default port of TCP 22, and the user can log in with the username 'myusername'.
3. The client is running a system with OpenSSH client installed.
4. The server is accessible via the IP address of 10.20.30.40.

1. 服务器正在运行绑定到 127.0.0.1:8020 的服务，我们将其称为“myservice”。
2. 服务器在 TCP 22 的默认端口上运行 OpenSSH 服务器“sshd”，用户可以使用用户名“myusername”登录。
3. 客户端正在运行安装了 OpenSSH 客户端的系统。
4. 服务器可通过 IP 地址 10.20.30.40 访问。

On the client, SSH to the server with the following command:

在客户端，使用以下命令通过 SSH 连接到服务器：

ssh -L 12345:localhost:8020 [email protected]

Once you log in, minimize the SSH window. In another window on the client, run netstat to find listening ports. You should see 127.0.0.1:12345, just like on the server.

登录后，最小化 SSH 窗口。在客户端的另一个窗口中，运行 netstat 以查找侦听端口。您应该会看到 127.0.0.1:12345，就像在服务器上一样。

On the client, connect to the service on 127.0.0.1:12345. You should now be connected to the 'myservice' instance on the server, even though you made the connection to the client's local loopback interface.

在客户端上，连接到 127.0.0.1:12345 上的服务。您现在应该连接到服务器上的“myservice”实例，即使您已连接到客户端的本地环回接口。

The trick here is that SSH is tunneling a listening socket on the client to the listening socket on the server. I've made the port numbers different for clarity.

这里的技巧是 SSH 将客户端上的侦听套接字隧道连接到服务器上的侦听套接字。为清楚起见，我已将端口号设置为不同。