我在通过 vpn 访问 Cryptully 聊天服务器时遇到问题。我采取了以下措施(S - 服务器端,C - 客户端):
S: python cryptully.py -s -p 1242
S: sudo netstat -autpln | grep 1242
tcp 0 0 0.0.0.0:1242 0.0.0.0:* LISTEN 4978/python
C: sudo openvpn --config /etc/openvpn/client.ovpn
C: sudo nmap -sS 10.8.0.1 -p 1242
Nmap scan report for 10.8.0.1
Host is up (0.000068s latency).
PORT STATE SERVICE
1242/tcp closed unknown
例如,端口号 80 和 22 可以访问:
C: sudo nmap -sS 10.8.0.1 -p 80
Nmap scan report for 10.8.0.1
Host is up (0.000069s latency).
PORT STATE SERVICE
80/tcp open http
C: sudo nmap -sS 10.8.0.1 -p 22
Nmap scan report for 10.8.0.1
Host is up (0.000058s latency).
PORT STATE SERVICE
22/tcp open ssh
还有来自服务器 iptables 的相关规则:
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
target prot opt in out source destination
ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:1194
ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
REJECT all -- !lo * 0.0.0.0/0 127.0.0.0/8 reject-with icmp-port-unreachable
ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- tun+ eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- eth0 tun+ 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 981K packets, 1013M bytes)
ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
另一个端口的测试结果如下:
S: python -m SimpleHTTPServer 8000
C: sudo nmap -sS 10.8.0.1 -p 8000
Host is up (0.000059s latency).
PORT STATE SERVICE
8000/tcp closed http-alt
C: sudo nmap -sS 192.168.1.183 -p 8000
Host is up (0.00019s latency).
PORT STATE SERVICE
8000/tcp filtered http-alt
即使sudo iptables -F
在 tun 接口上的端口仍然关闭之后,eth0 上的端口现在也是打开的。
S: python -m SimpleHTTPServer 8000
C: sudo nmap -sS 10.8.0.1 -p 8000
Host is up (0.000068s latency).
PORT STATE SERVICE
8000/tcp closed http-alt
C: sudo nmap -sS 192.168.1.183 -p 8000
Host is up (0.00021s latency).
PORT STATE SERVICE
8000/tcp open http-alt
这可能的原因是什么?
答案1
在我的客户端机器上使用相同的掩码关闭 openvpn 服务器后问题就消失了。我只是没有提到它已在我的客户端上执行,抱歉大家 :) 在这种情况下,一些请求会到达正确的目的地,而一些会出错。例如,我可以轻松访问 80 端口上的 nginx,但无法访问其他端口,这很奇怪...但现在问题已经消失,我很高兴 :) 新年快乐!