我正在尝试构建iptables以保护我的系统。保存 iptables 后,我无法连接到任何网页(通过浏览器或 wget)。这可能与 DNS 有关吗?我尝试访问http://74.125.71.103,但也无法连接。
以下是我的 iptables 规则:
/bin/bash #!/bin/bash #清除现有规则 iptables -F iptables -X iptables -t nat -F iptables -t nat -X iptables -t mangle -F iptables -t mangle -X #清除现有规则 #删除所有输入。 iptables -P 输入删除 #接受输出或者转发 iptables -P 转发接受 iptables -P 输出接受 #接受本地数据传输 iptables -A 输入 -i lo -j 接受 #记录到/var/log/messages iptables -A INPUT -j LOG --日志级别 4 #接受ssh连接 iptables -A 输入 -p tcp --dport 22 -j 接受 #接受http连接 iptables -A 输入 -p tcp --dport 80 -j 接受 #接受ping回复 iptables -A 输入 -p icmp --icmp-type echo-reply -j 接受 #限制 ping 请求每秒 2 次。 iptables -A 输入 -p icmp --icmp-type echo-request -m 限制 --limit 30/m --limit-burst 1 -j 接受 #如果超过 2/s,则丢弃 iptables -A INPUT -p icmp --icmp 类型 echo 请求 -j DROP #?????? iptables -N syn洪水攻击 #?????? iptables -A syn-flood -m limit --limit 50/s --limit-burst 10 -j 返回 #?????? iptables -A syn-flood -j DROP #?????? iptables -I 输入 -j syn-flood
/var/log/syslog
8 月 10 日 11:47:56 daivd-VirtualBox 内核:[6257.401990] IN=eth0 OUT= MAC=08:00:27:6a:eb:c3:10:56:ca:03:de:ac:08:00 SRC=74.125.71.103 DST=10.10.11.40 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=15037 PROTO=TCP SPT=80 DPT=33029 WINDOW=14180 RES=0x00 ACK SYN URGP=0 8 月 10 日 11:47:56 daivd-VirtualBox 内核:[6257.658071] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:70:56:81:bc:2e:2d:08:00 SRC=10.10.10.242 DST=255.255.255.255 LEN=139 TOS=0x00 PREC=0x00 TTL=64 ID=33713 PROTO=UDP SPT=17500 DPT=17500 LEN=119 8 月 10 日 11:47:56 daivd-VirtualBox 内核:[6257.658494] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:70:56:81:bc:2e:2d:08:00 SRC=10.10.10.242 DST=10.10.255.255 LEN=139 TOS=0x00 PREC=0x00 TTL=64 ID=20162 PROTO=UDP SPT=17500 DPT=17500 LEN=119 8 月 10 日 11:47:57 daivd-VirtualBox 内核:[6257.799861] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:16:0a:2d:2a:08:00 SRC=10.10.10.222 DST=255.255.255.255 LEN=215 TOS=0x00 PREC=0x00 TTL=128 ID=27336 PROTO=UDP SPT=17500 DPT=17500 LEN=195 8 月 10 日 11:47:57 daivd-VirtualBox 内核:[6257.802066] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:1f:16:0a:2d:2a:08:00 SRC=10.10.10.222 DST=255.255.255.255 LEN=215 TOS=0x00 PREC=0x00 TTL=128 ID=27337 PROTO=UDP SPT=17500 DPT=17500 LEN=195 8 月 10 日 11:47:57 daivd-VirtualBox 内核:[6257.804386] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1f:16:0a:2d:2a:08:00 SRC=10.10.10.222 DST=10.10.255.255 LEN=215 TOS=0x00 PREC=0x00 TTL=128 ID=27338 PROTO=UDP SPT=17500 DPT=17500 LEN=195 8 月 10 日 11:47:58 daivd-VirtualBox 内核:[6258.928197] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=29997 PROTO=UDP SPT=58306 DPT=2654 LEN=320 8 月 10 日 11:47:58 daivd-VirtualBox 内核:[6258.931578] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=349 TOS=0x00 PREC=0x00 TTL=128 ID=29998 PROTO=UDP SPT=58307 DPT=2654 LEN=329 8 月 10 日 11:47:58 daivd-VirtualBox 内核:[6259.127332] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:de:73:e7:08:00 SRC=10.10.10.137 DST=10.10.255.255 LEN=68 TOS=0x00 PREC=0x00 TTL=128 ID=19951 PROTO=UDP SPT=65239 DPT=1947 LEN=48 8 月 10 日 11:47:58 daivd-VirtualBox 内核:[6259.231502] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=181 PROTO=UDP SPT=51641 DPT=10019 LEN=136 8 月 10 日 11:47:58 daivd-VirtualBox 内核:[6259.349181] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=140 TOS=0x00 PREC=0x00 TTL=128 ID=14095 PROTO=UDP SPT=17500 DPT=17500 LEN=120 8 月 10 日 11:47:59 daivd-VirtualBox 内核:[6259.845218] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=14099 PROTO=UDP SPT=63475 DPT=61117 LEN=52 8 月 10 日 11:47:59 daivd-VirtualBox 内核:[6260.255308] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=186 PROTO=UDP SPT=61588 DPT=10019 LEN=136 8 月 10 日 11:48:00 daivd-VirtualBox 内核:[6261.175927] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=189 PROTO=UDP SPT=61591 DPT=10019 LEN=136 8 月 10 日 11:48:00 daivd-VirtualBox 内核:[6261.585895] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:17:84:08:00 SRC=10.10.10.150 DST=255.255.255.255 LEN=179 TOS=0x00 PREC=0x00 TTL=128 ID=9256 PROTO=UDP SPT=17500 DPT=17500 LEN=159 8 月 10 日 11:48:00 daivd-VirtualBox 内核:[6261.591672] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:25:64:d1:17:84:08:00 SRC=10.10.10.150 DST=10.10.255.255 LEN=179 TOS=0x00 PREC=0x00 TTL=128 ID=9257 PROTO=UDP SPT=17500 DPT=17500 LEN=159 8 月 10 日 11:48:01 daivd-VirtualBox 内核:[6261.898906] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30004 PROTO=UDP SPT=58308 DPT=2654 LEN=320 8 月 10 日 11:48:02 daivd-VirtualBox 内核:[6263.225809] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=195 PROTO=UDP SPT=50581 DPT=10019 LEN=136 8 月 10 日 11:48:03 daivd-VirtualBox 内核:[6264.248651] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=202 PROTO=UDP SPT=51358 DPT=10019 LEN=136 8 月 10 日 11:48:04 daivd-VirtualBox 内核:[6264.862692] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=14116 PROTO=UDP SPT=63475 DPT=61117 LEN=52 8 月 10 日 11:48:04 daivd-VirtualBox 内核:[6264.965751] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:3a:08:00 SRC=10.10.11.6 DST=255.255.255.255 LEN=252 TOS=0x00 PREC=0x00 TTL=128 ID=26137 PROTO=UDP SPT=17500 DPT=17500 LEN=232 8 月 10 日 11:48:04 daivd-VirtualBox 内核:[6264.968274] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:3a:08:00 SRC=10.10.11.6 DST=10.10.255.255 LEN=252 TOS=0x00 PREC=0x00 TTL=128 ID=26138 PROTO=UDP SPT=17500 DPT=17500 LEN=232 8 月 10 日 11:48:04 daivd-VirtualBox 内核:[6264.971535] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30008 PROTO=UDP SPT=58310 DPT=2654 LEN=320 8 月 10 日 11:48:05 daivd-VirtualBox 内核:[6266.296596] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=204 PROTO=UDP SPT=51364 DPT=10019 LEN=136 8 月 10 日 11:48:06 daivd-VirtualBox 内核:[6267.217873] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=206 PROTO=UDP SPT=51367 DPT=10019 LEN=136 8 月 10 日 11:48:07 daivd-VirtualBox 内核:[6268.038646] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30012 PROTO=UDP SPT=58312 DPT=2654 LEN=320 8 月 10 日 11:48:07 daivd-VirtualBox 内核:[6268.041875] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=349 TOS=0x00 PREC=0x00 TTL=128 ID=30013 PROTO=UDP SPT=58313 DPT=2654 LEN=329 8 月 10 日 11:48:07 daivd-VirtualBox 内核:[6268.241592] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=207 PROTO=UDP SPT=51370 DPT=10019 LEN=136 8 月 10 日 11:48:09 daivd-VirtualBox 内核:[6269.879465] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=14131 PROTO=UDP SPT=63475 DPT=61117 LEN=52 8 月 10 日 11:48:09 daivd-VirtualBox 内核:[6270.189338] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:24:1d:76:a7:5f:08:00 SRC=10.10.10.138 DST=255.255.255.255 LEN=324 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=17500 DPT=17500 LEN=304 8 月 10 日 11:48:09 daivd-VirtualBox 内核:[6270.292031] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=209 PROTO=UDP SPT=51376 DPT=10019 LEN=136 8 月 10 日 11:48:09 daivd-VirtualBox 内核:[6270.296862] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:13:08:00 SRC=10.10.10.162 DST=10.10.255.255 LEN=213 TOS=0x00 PREC=0x00 TTL=128 ID=7101 PROTO=UDP SPT=17500 DPT=17500 LEN=193 8 月 10 日 11:48:10 daivd-VirtualBox 内核:[6271.008001] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30019 PROTO=UDP SPT=58314 DPT=2654 LEN=320 8 月 10 日 11:48:10 daivd-VirtualBox 内核:[6271.313573] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=211 PROTO=UDP SPT=51379 DPT=10019 LEN=136 8 月 10 日 11:48:11 daivd-VirtualBox 内核:[6272.346588] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=214 PROTO=UDP SPT=58513 DPT=10019 LEN=136 8 月 10 日 11:48:13 daivd-VirtualBox 内核:[6273.978028] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30022 PROTO=UDP SPT=58316 DPT=2654 LEN=320 8 月 10 日 11:48:13 daivd-VirtualBox 内核:[6273.981011] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=347 TOS=0x00 PREC=0x00 TTL=128 ID=30023 PROTO=UDP SPT=58317 DPT=2654 LEN=327 8 月 10 日 11:48:13 daivd-VirtualBox 内核:[6274.283547] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=216 PROTO=UDP SPT=58519 DPT=10019 LEN=136 8 月 10 日 11:48:14 daivd-VirtualBox 内核:[6274.900480] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:d4:be:d9:eb:05:8c:08:00 SRC=10.10.10.241 DST=10.10.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=14151 PROTO=UDP SPT=63475 DPT=61117 LEN=52 8 月 10 日 11:48:14 daivd-VirtualBox 内核:[6275.205953] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:de:75:f9:08:00 SRC=10.10.10.173 DST=255.255.255.255 LEN=251 TOS=0x00 PREC=0x00 TTL=128 ID=23940 PROTO=UDP SPT=17500 DPT=17500 LEN=231 8 月 10 日 11:48:15 daivd-VirtualBox 内核:[6276.331356] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=218 PROTO=UDP SPT=58525 DPT=10019 LEN=136 8 月 10 日 11:48:16 daivd-VirtualBox 内核:[6277.049930] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:00:25:64:d1:18:64:08:00 SRC=10.10.10.126 DST=255.255.255.255 LEN=340 TOS=0x00 PREC=0x00 TTL=128 ID=30030 PROTO=UDP SPT=58318 DPT=2654 LEN=320 8 月 10 日 11:48:16 daivd-VirtualBox 内核:[6277.253796] IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:ff:78:45:c4:04:10:1d:08:00 SRC=10.10.11.4 DST=255.255.255.255 LEN=156 TOS=0x00 PREC=0x00 TTL=128 ID=220 PROTO=UDP SPT=58528 DPT=10019 LEN=136
知道为什么我无法访问互联网吗?
附加信息:我可以ping74.125.71.103通,但不能ping通www.google.com
这与我的问题有关吗?
daivd@daivd-VirtualBox:~/Desktop/Script$ ping 74.125.71.103 PING 74.125.71.103 (74.125.71.103) 56(84) 字节数据。 来自 74.125.71.103 的 64 字节:icmp_req=1 ttl=54 时间=148 毫秒 来自 74.125.71.103 的 64 字节:icmp_req=2 ttl=54 时间=14.9 毫秒 来自 74.125.71.103 的 64 字节:icmp_req=3 ttl=54 时间=9.37 毫秒 ^C --- 74.125.71.103 ping 统计 --- 发送 3 个数据包,接收 3 个数据包,0% 数据包丢失,耗时 2004 毫秒 rtt 最小值/平均值/最大值/mdev = 9.371/57.686/148.765/64.442 毫秒 daivd@daivd-VirtualBox:~/Desktop/Script$ ping www.google.com ping:未知主机 www.google.com
答案1
您忘记在已建立或相关的通道上接受传入数据包。您的请求已发出,但防火墙丢弃了响应。