服务器:Ubuntu 15.04-2.6.32-042stab094.8
客户端:Windows 10
我对 iptables 做了一些更改,保存了所有规则,当然,之后又重新应用了它们,更改总结如下:
开放端口
- TCP:20、21、22、43、443
- UDP:123
默认政策
- 输入-放下
- 转发—接受
- 输出-接受
在更改之前,默认输入被接受,因此 filezilla 连接等。在删除所有传入(除指定的传入)后,FZ 无法连接
FZ使用SFTP协议正常登录
我是否缺少 sftp 连接所需的端口?
更新
过滤表
sudo iptables -L -t filter
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data /* FTP-Data IN (iface:ALL) */
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp /* FTP-Ctrl IN (iface:ALL) */
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* SSH IN (iface:ALL) */
ACCEPT tcp -- anywhere anywhere tcp dpt:whois /* Whois IN (iface:ALL) */
ACCEPT udp -- anywhere anywhere udp dpt:ntp /* NTP IN (iface:ALL) */
ACCEPT icmp -- anywhere anywhere /* Ping Request/Reply IN (iface:ALL) */
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- anywhere anywhere /* Ping Request/Reply OUT (iface:ALL) */
Chain LOGGING (0 references)
target prot opt source destination
NAT 表
sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- anywhere anywhere to:x.x.x.x <- server ip
MASQUERADE all -- 10.0.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination