我已完成 OpenVPN 服务器设置并能够从客户端连接 VPN 服务器。另外,我还修改了 Iptables 规则来访问专用网络(Docker、MySQL 和 Kafka)。
从 VPN 客户端,我可以访问 MySQL 和 Kafka 服务器,但无法访问 Docker 服务器。我在下面提到了 Docker 服务器 Iptable 规则。
请检查并帮助我连接 Docker 服务器。
MySQL 服务器规则(从 VPN 客户端工作)
root@app-db:/home/Mysqldb# sudo iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere icmp echo-request
3 ACCEPT tcp -- 192.168.30.0/24 anywhere
4 ACCEPT tcp -- anywhere anywhere tcp dpt:27017
5 ACCEPT tcp -- app-server anywhere tcp dpt:27017 state NEW,ESTABLISHED
6 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere app-server tcp spt:27017 state ESTABLISHED
2 ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
Docker 服务器规则:(无法从 VPN 客户端运行)
root@Docker-server:/home/contus# sudo iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
2 ACCEPT tcp -- ec2-xxx.xxx.xxx.xxx.compute-1.amazonaws.com anywhere tcp dpt:ssh
3 ACCEPT tcp -- pool-xx.xx.x.xx.washdc..net anywhere
4 ACCEPT tcp -- xxx.xxx.xxx.0/24 anywhere tcp dpt:ssh
5 ACCEPT tcp -- xxx.xxx.xxx.xxx anywhere
6 ACCEPT tcp -- ec2-xx.xx.xx.xx.compute-1.amazonaws.com anywhere
7 ACCEPT tcp -- 192.168.30.0/24 anywhere
8 ACCEPT tcp -- 10.8.0.0/24 anywhere tcp dpt:http ctstate NEW,ESTABLISHED
9 ACCEPT icmp -- anywhere anywhere icmp echo-request
10 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
11 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
12 ACCEPT tcp -- anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 DOCKER-USER all -- anywhere anywhere
2 DOCKER-INGRESS all -- anywhere anywhere
3 DOCKER-ISOLATION all -- anywhere anywhere
4 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
5 DOCKER all -- anywhere anywhere
6 ACCEPT all -- anywhere anywhere
7 ACCEPT all -- anywhere anywhere
8 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
9 DOCKER all -- anywhere anywhere
10 ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp spt:http ctstate ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere icmp echo-reply
3 ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
4 ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
Chain DOCKER (2 references)
num target prot opt source destination
Chain DOCKER-INGRESS (1 references)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:4000
2 ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:4000
3 ACCEPT tcp -- anywhere anywhere tcp dpt:3000
4 ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:3000
5 ACCEPT tcp -- anywhere anywhere tcp dpt:5000
6 ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:5000
7 RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION (1 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere
2 DROP all -- anywhere anywhere
3 RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere