我无法从外部通过某些端口(如 4280(proserver)或 10000(webmin))访问我的服务器。
如果我从本地主机进行 telnet,我就可以访问。
我已经安装了 iredmail。
我不知道如何诊断问题,也不知道问题是否出在我的主机公司。但在抱怨之前,我想知道更多细节,以确定问题是否出在我这里。
iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-postfix tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,sieve
fail2ban-ssh tcp -- anywhere anywhere tcp dpt:ssh
fail2ban-roundcube tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,sieve
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,submission,ssmtp,ssh
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-dovecot (0 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-postfix (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-roundcube (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
网络状态-l
# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 localhost.localdo:10024 *:* LISTEN
tcp 0 0 localhost.localdom:9000 *:* LISTEN
tcp 0 0 localhost.localdo:10025 *:* LISTEN
tcp 0 0 localhost.localdo:mysql *:* LISTEN
tcp 0 0 *:submission *:* LISTEN
tcp 0 0 *:pop3 *:* LISTEN
tcp 0 0 localhost.localdom:9998 *:* LISTEN
tcp 0 0 *:imap2 *:* LISTEN
tcp 0 0 localhost.localdo:10031 *:* LISTEN
tcp 0 0 *:webmin *:* LISTEN
tcp 0 0 *:ssmtp *:* LISTEN
tcp 0 0 localhost.locald:domain *:* LISTEN
tcp 0 0 *:ssh *:* LISTEN
tcp 0 0 *:smtp *:* LISTEN
tcp 0 0 localhost.localdoma:953 *:* LISTEN
tcp 0 0 localhost.localdo:sieve *:* LISTEN
tcp 0 0 *:imaps *:* LISTEN
tcp 0 0 localhost.localdom:7777 *:* LISTEN
tcp 0 0 *:pop3s *:* LISTEN
tcp6 0 0 [::]:www [::]:* LISTEN
tcp6 0 0 ip6-localhost:domain [::]:* LISTEN
tcp6 0 0 [::]:ssh [::]:* LISTEN
tcp6 0 0 [::]:4280 [::]:* LISTEN
tcp6 0 0 ip6-localhost:953 [::]:* LISTEN
tcp6 0 0 [::]:4282 [::]:* LISTEN
tcp6 0 0 [::]:4283 [::]:* LISTEN
tcp6 0 0 [::]:https [::]:* LISTEN
tcp6 0 0 [::]:4285 [::]:* LISTEN
udp 0 0 localhost.locald:domain *:*
udp 0 0 *:10000 *:*
udp 0 0 localhost.localdoma:921 *:*
udp6 0 0 ip6-localhost:domain [::]:*
答案1
这里有几点需要注意
您的 iptables 默认策略设置为 DROP 数据包。这意味着,每个数据包都将被丢弃,除非 iptables 明确允许。并且在您的 INPUT 链中,没有规则允许您提到的端口。所以您需要通过 iptables 手动允许 webmin 和其他端口。
此外,由于您安装了 FAIL2BAN,它会在多次尝试访问服务器失败后阻止您的 IP,并且您在一段时间内(通常为一小时)无法登录,因此请先尝试禁用 fail2ban。在 iptables INPUT 链中添加特定的允许端口并测试连接。然后打开 fail2ban。