bareosdir == 192.168.57.130
sshLandingBay == 192.168.57.195
bigPi == 192.168.57.196
我在路由器上运行了:
tcpdump -i eth0 -w - 'port 9102 or port 9103'
当我执行从 bareosdir 到 bigPi 的备份时,我得到:
12:07:57.624013 IP bigPi.jalfrezisimmersauce.com.9102 > bareosdir.jalfrezisimmersauce.com.39320: Flags [P.], seq 282:318, ack 1002, win 501, length 36
12:07:57.624166 IP bareosdir.jalfrezisimmersauce.com.39320 > bigPi.jalfrezisimmersauce.com.9102: Flags [P.], seq 1002:1053, ack 318, win 502, length 51
12:07:57.624313 IP bigPi.jalfrezisimmersauce.com.9102 > bareosdir.jalfrezisimmersauce.com.39320: Flags [.], ack 1053, win 501, length 0
12:07:57.624654 IP bigPi.jalfrezisimmersauce.com.55268 > bareosdir.jalfrezisimmersauce.com.9103: Flags [S], seq 3028865621, win 64240, options [mss 1460,sackOK,TS val 3811050966 ecr 0,nop,wscale 7], length 0
当我尝试在 sshLandingBay 上执行一次时,我得到:
2:01:01.689401 IP bareosdir.jalfrezisimmersauce.com.39410 > sshLandingBay.jalfrezisimmersauce.com.9102: Flags [S], seq 3364306509, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
在 sshLandingBay 本身上,我收到以下消息,指出防火墙已阻止该请求,因此它通过路由器,但没有通过 sshLandingBay 上的防火墙:
[1470801.998206] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:58:25:25:00:24:a5:d7:34:9b:08:00:45:00:00:34:79:75:40:00 SRC=192.168.57.130 DST=192.168.57.195 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3
1093 DF PROTO=TCP SPT=39410 DPT=9102 WINDOW=64240 RES=0x00 SYN URGP=0
pi@sshLandingBay:~ $ sudo ufw status
Status: active
然而我的 ufw 设置如下:
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
9102 ALLOW 192.168.57.130
为什么我的本地防火墙阻止了 BareOS 服务器的请求?
答案1
我iptables -xvnL按照上面的建议运行并发现规则并未得到应用。
于是我跑了:
sudo ufw disable
sudo ufw enable
然后它就起作用了,我猜那就是COMMIT的SQL ufw。