在服务器上启用 UFW 后,远程计算机上的 CURL 超时

tag-icon tag-icon curl ufw
在服务器上启用 UFW 后,远程计算机上的 CURL 超时

我有两台机器。在主计算机上,我启用了 UFW。在客户端计算机上,如果我发出以下命令,则会超时

curl 192.168.15.212:8080/colibri/stats

如果我更改 UFW 规则以允许 ALL 中的 8080,则会有有效的响应,

sudo ufw allow 8080

但我希望保持该路径仅可由私有特定 IP 访问。感谢您的帮助。

以下是主服务器上当前的 UFW 规则集。

sudo ufw status numbered
Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 22                         ALLOW IN    Anywhere                   # SSH
[ 2] 80                         ALLOW IN    Anywhere                   # WEB
[ 3] 443                        ALLOW IN    Anywhere                   # WEB SSL
[ 4] 53                         ALLOW IN    Anywhere                   # DNS
[ 5] 123/udp                    ALLOW IN    Anywhere                   # NTP TimeSync
[ 6] 123/tcp                    DENY IN     Anywhere                   # Trojan 123
[ 7] 4443                       ALLOW IN    Anywhere                   # Jitsi2
[ 8] 10000:20000/udp            ALLOW IN    Anywhere                   # Jitsi3
[ 9] 4444                       ALLOW IN    Anywhere                   # Jitsi2
[10] 4440:4500/tcp              ALLOW IN    Anywhere                   # Jitsi2
[11] 4440:4500/udp              ALLOW IN    Anywhere                   # Jitsi2
[12] 5250:5300/tcp              ALLOW IN    Anywhere                   # prosody
[13] 8443/tcp                   ALLOW IN    Anywhere                   # clibri
[14] 8000:9000/udp              ALLOW IN    192.168.13.47              # Colibri
[15] 8080                       ALLOW IN    192.168.13.0/24           
[16] 8080/udp                   ALLOW IN    192.168.13.0/24            # Colibri
[17] 22 (v6)                    ALLOW IN    Anywhere (v6)              # SSH
[18] 80 (v6)                    ALLOW IN    Anywhere (v6)              # WEB
[19] 443 (v6)                   ALLOW IN    Anywhere (v6)              # WEB SSL
[20] 53 (v6)                    ALLOW IN    Anywhere (v6)              # DNS
[21] 123/udp (v6)               ALLOW IN    Anywhere (v6)              # NTP TimeSync
[22] 123/tcp (v6)               DENY IN     Anywhere (v6)              # Trojan 123
[23] 4443 (v6)                  ALLOW IN    Anywhere (v6)              # Jitsi2
[24] 10000:20000/udp (v6)       ALLOW IN    Anywhere (v6)              # Jitsi3
[25] 4444 (v6)                  ALLOW IN    Anywhere (v6)              # Jitsi2
[26] 4440:4500/tcp (v6)         ALLOW IN    Anywhere (v6)              # Jitsi2
[27] 4440:4500/udp (v6)         ALLOW IN    Anywhere (v6)              # Jitsi2
[28] 5250:5300/tcp (v6)         ALLOW IN    Anywhere (v6)              # prosody
[29] 8443/tcp (v6)              ALLOW IN    Anywhere (v6)              # clibri
[30] 8080 (v6)                  ALLOW IN    Anywhere (v6)

答案1

您可以使用 UFW 允许单个 IP 访问任何端口。在您的主机中运行:

sudo ufw allow from <client-IP> to any port 8080

检查您的客户端计算机是否开放了 8080 端口

答案2

因此,我通过启用 UFW 日志记录和监控日志来解决问题

 May  4 14:46:46 meet kernel: [364297.922390] 
[UFW BLOCK] IN=enoXX OUT= MAC=XXXXXXXXXXXXXXX 
SRC=192.168.250.2 
DST=192.168.XX.XXX 
LEN=40 TOS=0x00 PREC=0x00 TTL=44 ID=26775 
PROTO=TCP SPT=19662 DPT=23 
WINDOW=30150 RES=0x00 SYN URGP=0

关键是SRC IP,它不是192.168.13.47,而是192.168.250.2。这可能是由于切换或 13.47 是虚拟机这一事实造成的。

相关内容