服务器: Ubuntu服务器10.04 LTS
我有我的iptableslocking,所以只有ssh和http通信被允许在我试图隧道sql示例: ssh -L 3306:127.0.0.1:3306 [email protected]它工作正常,如果我将我的INPUT设置为允许,但作为你可以看到下面的设置,以便我的端口被阻塞。 我认为它只是我需要添加的一个规则,但我发现在谷歌上的一切都失败了。 想法?
iptables.up.rules
*filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [57:4388] -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -j REJECT --reject-with icmp-port-unreachable COMMIT terminal输出
xxx@xxx:/etc# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT icmp -- anywhere anywhere icmp any Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
您需要允许数据包通过回送到达:
-A INPUT -i lo -j ACCEPT
您可以通过确保通过回送到达的数据包也具有回送地址来收紧规则:
-A INPUT -d 127.0.0.1/32 -i lo -j ACCEPT