为什么 iptables 阻止我的 80 端口流量?

tag-icon tag-icon iptables
为什么 iptables 阻止我的 80 端口流量?

我在 iptables 上设置了配置,只允许我需要的流量。我打开了端口 80...但启用 iptables 后,我无法访问我的网站。

这是配置...我哪里犯了错误?

-A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
-A OUTPUT -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
-A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT  -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT  -p tcp -m tcp --dport 20 -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT  -p tcp -m tcp --sport 1024: --dport 1024: -m conntrack --ctstate NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --sport 21 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -p tcp --sport 20 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --dport 20 -m state --state ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp --sport 1024: --dport 1024: -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A OUTPUT -i eth0 -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT  -p tcp -m tcp --dport 21 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT  -p tcp -m tcp --dport 20 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT  -p tcp -m tcp --sport 1024: --dport 1024: -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p udp -i eth0 --sport 53 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A FORWARD -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
-A OUTPUT -o eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_OUT:
-A INPUT -i eth0 -j LOG --log-level 7 --log-prefix BANDWIDTH_IN:
-P INPUT DROP
-P FORWARD DROP

相关内容