端口 443“正在监听”但“未打开”

端口 443“正在监听”但“未打开”

我在 Centos 6.6 上运行 Apache/2.2.15。

我有一个 Verizon 路由器,检查了端口转发,发现

    WorkstationName 192.168.1.6 HTTPS TCP Any -> 443    All Broadband Devices   Active

我进入命令行并输入

sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT

我也进入了

sudo netstat -anltp | grep LISTEN

并得到

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1462/mysqld         
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2297/sshd           
tcp        0      0 :::443                      :::*                        LISTEN      2340/httpd          
tcp        0      0 :::80                       :::*                        LISTEN      2340/httpd          
tcp        0      0 :::22                       :::*                        LISTEN      2297/sshd           

但是,当我输入我的网站名称(使用 http 可以正常工作)时,如下所示

https://websitename.com

它只是挂了。然后我去http://www.mynetworktest.com/ports.php并点击

测试 https - 端口 443

并得到

Port 443 is not open on my.ip.addre.ess

sudo iptables -L -n

给出

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
ACCEPT     tcp  --  192.168.1.1          0.0.0.0/0           tcp flags:!0x17/0x02 
ACCEPT     udp  --  192.168.1.1          0.0.0.0/0           
ACCEPT     tcp  --  151.198.0.38         0.0.0.0/0           tcp     flags:!0x17/0x02 
ACCEPT     udp  --  151.198.0.38         0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5 
DROP       all  --  0.0.0.0/0            255.255.255.255     
DROP       all  --  0.0.0.0/0            192.168.1.255       
DROP       all  --  224.0.0.0/8          0.0.0.0/0           
DROP       all  --  0.0.0.0/0            224.0.0.0/8         
DROP       all  --  255.255.255.255      0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0             
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID 
LSI        all  -f  0.0.0.0/0            0.0.0.0/0           limit: avg 10/min burst 5 
INBOUND    all  --  0.0.0.0/0            0.0.0.0/0           
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0     level 6 prefix `Unknown Input' 
DROP       all  --  69.84.207.246        0.0.0.0/0           
DROP       all  --  69.84.207.246        0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5 
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Forward' 

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.1.4          192.168.1.1         tcp dpt:53 
ACCEPT     udp  --  192.168.1.4          192.168.1.1         udp dpt:53 
ACCEPT     tcp  --  192.168.1.4          151.198.0.38        tcp dpt:53 
ACCEPT     udp  --  192.168.1.4          151.198.0.38        udp dpt:53 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  224.0.0.0/8          0.0.0.0/0           
DROP       all  --  0.0.0.0/0            224.0.0.0/8         
DROP       all  --  255.255.255.255      0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0             
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID 
OUTBOUND   all  --  0.0.0.0/0            0.0.0.0/0           
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0     level 6 prefix `Unknown Output' 
DROP       all  --  0.0.0.0/0            69.84.207.246       
DROP       all  --  0.0.0.0/0            69.84.207.246       
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:443 

Chain INBOUND (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
LSI        all  --  0.0.0.0/0            0.0.0.0/0           

Chain LOG_FILTER (5 references)
target     prot opt source               destination         

Chain LSI (2 references)
target     prot opt source               destination         
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04 
LOG        icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8 
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg     5/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain LSO (0 references)
target     prot opt source               destination         
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg     5/sec burst 5 LOG flags 0 level 6 prefix `Outbound ' 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTBOUND (1 references)
target     prot opt source               destination         
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

答案1

事实是,您在链的末尾添加了允许端口 443 的规则INPUT

但是你之前有一条规则,它删除了所有内容:

Chain INPUT (policy DROP)
[...]
DROP       all  --  0.0.0.0/0            0.0.0.0
[...]
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
[...]

规则iptables决定秩序!

用于iptables -I INPUT -p tcp --dport 443 -j ACCEPT将规则放在链的开头INPUT

标志-A(Append)将规则添加到指定链的末尾,这不是您想要的。

答案2

您在 INPUT 链的末尾添加了针对端口 443 的规则。规则 #13(如上所列)会丢弃任何与先前规则不匹配的流量。

-I添加规则时使用标志而不是-A。例如:

  sudo iptables -I INPUT 6 -p tcp --dport 443 -j ACCEPT

这样,流量就不会丢失。

相关内容