尽管在 IPTABLES 中配置了端口,但为什么我的端口没有打开

尽管在 IPTABLES 中配置了端口,但为什么我的端口没有打开

我正在树莓派上设置分割隧道 VPN,并希望确保我的 VPN 接口 (tun0) 不接受任何传入流量,除了我明确打开的端口:56292。我为此使用 iptables,尽管它看起来是正确的对我来说,我似乎无法通过防火墙。我已经从网络外部以及本地主机尝试过:

cat < /dev/tcp/127.0.0.1/56292

我的iptables -L -nv看起来像这样:

Chain INPUT (policy ACCEPT 35680 packets, 6816K bytes)
pkts bytes target     prot opt in     out     source               destination         
58  7392 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
1    60 ACCEPT     tcp  --  tun0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:56292
1    76 REJECT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
        
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
         pkts bytes target     prot opt in     out     source               destination  

Chain OUTPUT (policy ACCEPT 141K packets, 26M bytes)
 pkts bytes target     prot opt in     out     source               destination         
 9380 3625K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0            owner UID match 1001
    0     0 ACCEPT     all  --  *      tun0    0.0.0.0/0            0.0.0.0/0            owner UID match 1001
83686   10M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 REJECT     all  --  *      eth0   !192.168.2.50         0.0.0.0/0            reject-with icmp-port-unreachable

TCPDUMP 向我展示了这一点:

$ sudo tcpdump port 56292 -v -i tun0
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
21:37:51.114955 IP (tos 0x0, ttl 55, id 17284, offset 0, flags [DF], proto UDP (17), length 76)
    188.166.15.60.39516 > 10.18.108.196.56292: UDP, length 48
21:37:51.429340 IP (tos 0x0, ttl 55, id 47156, offset 0, flags [DF], proto TCP (6), length 60)
    188.166.15.60.33732 > 10.18.108.196.56292: Flags [S], cksum 0xd85f (correct), seq 2422478710, win 29200, options [mss 1357,nop,nop,TS val 1736027970 ecr 0,nop,wscale 6], length 0
21:37:51.429528 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 40)
    10.18.108.196.56292 > 188.166.15.60.33732: Flags [R.], cksum 0xc592 (correct), seq 0, ack 2422478711, win 0, length 0

答案1

您的路由器或电脑上的防火墙可能没有打开该端口。

如果您使用的是 Red Hat,这可能会有所帮助:https://superuser.com/questions/794104/how-to-permanently-disable-firewall-in-red-hat-linux

相关内容