我在我的centOS服务器上使用了svnserve。我的服务器上开放了端口号 3690。可以看到,命令的结果iptables-L如下图所示
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5901
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ddi-tcp-1
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere tcp dpt:svn
ACCEPT tcp -- anywhere anywhere tcp dpt:search-agent
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:svn
我已经在我的服务器上启动了 svnserve,因为我可以使用命令在我的服务器上成功签出svn co svn://ip 地址/名称。
尽管如此,当我尝试从我的笔记本电脑上查看时。据说连接被拒绝。而且,我还测试了连接telnet ip 端口,据说telnet:无法连接到远程主机。这是很困惑,因为我打开了 3690 端口,而我的 svn 服务肯定正在监听 3690 端口。这可能是什么原因?我应该怎么做才能远程访问svn服务器?
答案1
IPtables 从上到下处理规则。问题是这样的:
请查看以下规则:
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- anywhere anywhere tcp dpt:svn
规则执行后,Reject all
所有数据包都将被丢弃,包括您的svn
规则。这就是您无法连接的原因。
解决方案:
如果您确实想丢弃所有其他数据包,请将以下规则作为 INPUT 链上的最新规则:
iptables -A INPUT -j REJECT --reject-with icmp-host-prohibited