我的 iptables 设置为仅允许 ssh 连接。我尝试了 ssh 隧道,可以连接到我的服务器,但当我尝试在 Firefox 上将我的服务器用作代理时,页面会一直加载。
这是 ssh 隧道调试显示的内容。我知道是输出链导致了这个问题,因为如果我更改丢弃策略接受它就可以工作,但我宁愿打开特定端口,而不是打开所有端口。这可能吗?
debug1: Connection to port [tunnelport] forwarding to socks port 0 requested.
debug1: channel 14: new [dynamic-tcpip]
debug1: Connection to port [tunnelport] forwarding to socks port 0 requested.
debug1: channel 15: new [dynamic-tcpip]
debug1: Connection to port [tunnelport] forwarding to socks port 0 requested.
debug1: channel 16: new [dynamic-tcpip]
debug1: Connection to port [tunnelport] forwarding to socks port 0 requested.
debug1: channel 17: new [dynamic-tcpip]
这是我的 iptables
Chain INPUT (policy DROP)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports [sshport]
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:[sshport]
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:domain
这是我用来设置 ssh 隧道的命令
ssh -v -TND [tunnelport] -i 密钥路径 -p [sshport][电子邮件保护]
任何帮助都值得赞赏。谢谢。
答案1
我需要在 iptables 上启用端口 80 和 443(http 和 https)来解决这个问题。我可以单独使用 http,但像 google 和 facebook 这样的网站可能永远无法在合理的时间内加载。