我试图做python烧瓶教程,它运行在5000端口的服务器。我可以连接到我的(远程)服务器,当我停止iptables,但是当我有iptables运行,连接超时。
我无法确定哪些规则阻止了我的连接。
# /sbin/iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:commplex-main ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:commplex-main Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Firewall-1-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain RH-Firewall-1-INPUT (2 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp any ACCEPT esp -- anywhere anywhere ACCEPT ah -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:ipp ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:distinct ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http REJECT all -- anywhere anywhere reject-with icmp-host-prohibited 所以当我停止iptables,我可以连接。 运行时,我无法连接。 这表明这是防火墙进行阻塞,对吧?
任何想法从哪里开始?
它看起来像你使用类似的东西
iptables -A INPUT ...
将端口5000的规则添加到您的防火墙configuration中。
请注意,您的INPUT链首先要将所有数据包发送到RH-Firewall-1-INPUT链。 最后这件事是
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Ipatbles处理数据包并根据规则按顺序执行,然后出现在列表中,首先获胜。 这意味着数据包永远不会到达你的
tcp -- anywhere anywhere state NEW tcp dpt:commplex-main tcp -- anywhere anywhere tcp dpt:commplex-main
INPUT链末端的规则。
您需要使用-I(插入)选项将端口5000的规则添加到INPUT或RH-Firewall-1-INPUT链
iptables -I RH-Firewall-1-INPUT ...
因为使用-A(add)将规则放在链的末尾,而我把它们放在提供的行号之后,或者如果没有提供–lune-number,则放在行1。