如何查找遇到 [UFW BLOCK] 的服务或流程

Question

对于您的示例阻止数据包，关键指标是目标端口 123。这是网络时间协议端口。因此，提示是服务是 NTP，Ubuntu 确实在运行它。第二个指标是查找为的目标地址golem.canonical.com，我假设它是 Ubuntu NTP 主机。实际上，对进行反向查找ntp.ubuntu.com会得到相同的 IP，因此它有一些别名：

$ nslookup ntp.ubuntu.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   ntp.ubuntu.com
Address: 91.189.89.198
Name:   ntp.ubuntu.com
Address: 91.189.89.199
Name:   ntp.ubuntu.com
Address: 91.189.94.4
Name:   ntp.ubuntu.com
Address: 91.189.91.157

因此该服务是 NTP。

通过以下方式检查（此示例在服务器上，也许桌面也一样）：

$ systemctl status systemd-timesyncd
● systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2020-08-19 15:22:05 PDT; 16h ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 640 (systemd-timesyn)
     Status: "Initial synchronization to time server 91.189.89.199:123 (ntp.ubuntu.com)."
      Tasks: 2 (limit: 18892)
     Memory: 1.2M
     CGroup: /system.slice/systemd-timesyncd.service
             └─640 /lib/systemd/systemd-timesyncd

Aug 19 15:22:05 s18 systemd[1]: Starting Network Time Synchronization...
Aug 19 15:22:05 s18 systemd[1]: Started Network Time Synchronization.
Aug 19 15:22:11 s18 systemd-timesyncd[640]: Network configuration changed, trying to establish connection.
Aug 19 15:22:11 s18 systemd-timesyncd[640]: Initial synchronization to time server 91.189.89.199:123 (ntp.ubuntu.com).

虽然我的正在工作，但是你的将无法同步，因为你阻止了数据包。

Answer 1

对于您的示例阻止数据包，关键指标是目标端口 123。这是网络时间协议端口。因此，提示是服务是 NTP，Ubuntu 确实在运行它。第二个指标是查找为的目标地址golem.canonical.com，我假设它是 Ubuntu NTP 主机。实际上，对进行反向查找ntp.ubuntu.com会得到相同的 IP，因此它有一些别名：

$ nslookup ntp.ubuntu.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   ntp.ubuntu.com
Address: 91.189.89.198
Name:   ntp.ubuntu.com
Address: 91.189.89.199
Name:   ntp.ubuntu.com
Address: 91.189.94.4
Name:   ntp.ubuntu.com
Address: 91.189.91.157

因此该服务是 NTP。

通过以下方式检查（此示例在服务器上，也许桌面也一样）：

$ systemctl status systemd-timesyncd
● systemd-timesyncd.service - Network Time Synchronization
     Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2020-08-19 15:22:05 PDT; 16h ago
       Docs: man:systemd-timesyncd.service(8)
   Main PID: 640 (systemd-timesyn)
     Status: "Initial synchronization to time server 91.189.89.199:123 (ntp.ubuntu.com)."
      Tasks: 2 (limit: 18892)
     Memory: 1.2M
     CGroup: /system.slice/systemd-timesyncd.service
             └─640 /lib/systemd/systemd-timesyncd

Aug 19 15:22:05 s18 systemd[1]: Starting Network Time Synchronization...
Aug 19 15:22:05 s18 systemd[1]: Started Network Time Synchronization.
Aug 19 15:22:11 s18 systemd-timesyncd[640]: Network configuration changed, trying to establish connection.
Aug 19 15:22:11 s18 systemd-timesyncd[640]: Initial synchronization to time server 91.189.89.199:123 (ntp.ubuntu.com).

虽然我的正在工作，但是你的将无法同步，因为你阻止了数据包。

如何查找遇到 [UFW BLOCK] 的服务或流程

答案1

相关内容