我有一台安装了 ubuntu 20 的服务器ufw
,这是我的规则
To Action From
-- ------ ----
22/tcp LIMIT Anywhere
Nginx Full ALLOW Anywhere
5000 ALLOW Anywhere
25 ALLOW Anywhere
22 LIMIT Anywhere # allow SSH connections in
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere # allow https traffic update
Apache Full ALLOW Anywhere
587 ALLOW Anywhere
993 ALLOW Anywhere # godaddy IMAP
995 ALLOW Anywhere # godaddy POP3
465 ALLOW Anywhere # godaddy SMTP
SMTPTLS ALLOW Anywhere
80 ALLOW Anywhere
22/tcp (v6) LIMIT Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
5000 (v6) ALLOW Anywhere (v6)
25 (v6) ALLOW Anywhere (v6)
22 (v6) LIMIT Anywhere (v6) # allow SSH connections in
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6) # allow https traffic update
Apache Full (v6) ALLOW Anywhere (v6)
587 (v6) ALLOW Anywhere (v6)
993 (v6) ALLOW Anywhere (v6) # godaddy IMAP
995 (v6) ALLOW Anywhere (v6) # godaddy POP3
465 (v6) ALLOW Anywhere (v6) # godaddy SMTP
SMTPTLS (v6) ALLOW Anywhere (v6)
80 (v6) ALLOW Anywhere (v6)
53 ALLOW OUT Anywhere # allow DNS calls out
123 ALLOW OUT Anywhere # allow NTP out
80/tcp ALLOW OUT Anywhere
443/tcp ALLOW OUT Anywhere # allow HTTPS traffic out
43/tcp ALLOW OUT Anywhere # allow whois
25 ALLOW OUT Anywhere # allow MAIL out
SMTPTLS ALLOW OUT Anywhere # open TLS port 465 for use with SMPT to send e-mails
21/tcp ALLOW OUT Anywhere # allow FTP traffic out
53 (v6) ALLOW OUT Anywhere (v6) # allow DNS calls out
123 (v6) ALLOW OUT Anywhere (v6) # allow NTP out
80/tcp (v6) ALLOW OUT Anywhere (v6)
443/tcp (v6) ALLOW OUT Anywhere (v6) # allow HTTPS traffic out
43/tcp (v6) ALLOW OUT Anywhere (v6) # allow whois
25 (v6) ALLOW OUT Anywhere (v6) # allow MAIL out
SMTPTLS (v6) ALLOW OUT Anywhere (v6) # open TLS port 465 for use with SMPT to send e-mails
21/tcp (v6) ALLOW OUT Anywhere (v6) # allow FTP traffic out
我正在尝试curl
向另一台服务器发出请求
curl http://my.ip:5000
但此命令给出“连接超时”错误。
我认为问题出ufw
在不允许 HTTP 流量流出,因此我启用了端口 80 以允许流量进出,但没有工作。如果我完全禁用ufw
该curl
命令,则该命令可以正常工作并返回响应,但我无法弄清楚需要添加什么规则才能使其ufw
有效工作。
答案1
我假设您已将默认 OUT 规则设置为 DENY?
您已经开放了端口 80/tcp 的流量,但您正在尝试连接到服务器上的端口 5000。
尝试:
ufw allow out 5000/tcp