我正在尝试在运行 apache 的服务器上设置一项新服务,但似乎该特定端口上的传入流量被阻止了,尽管我不明白为什么。在第一台服务器上,我在任意端口上以监听模式运行 netcat:
nc -l 29392
在我的电脑上我运行
nc A.B.C.D 29392
并发送一些文本。服务器上没有显示任何内容。我使用 tcpdump 查看服务器上来自我计算机的任何传入流量,但什么也没有显示。当我在计算机上使用 tcpdump 查看传出数据时,我得到了以下信息:
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Packet Tap), capture size 65535 bytes
16:39:16.623882 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 966146053 ecr 0,sackOK,eol], length 0
16:39:17.626710 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 966147053 ecr 0,sackOK,eol], length 0
16:39:18.627732 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 966148053 ecr 0,sackOK,eol], length 0
16:39:19.629946 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 966149053 ecr 0,sackOK,eol], length 0
16:39:20.633474 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 966150053 ecr 0,sackOK,eol], length 0
16:39:21.634604 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 966151053 ecr 0,sackOK,eol], length 0
16:39:23.640121 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,nop,wscale 5,nop,nop,TS val 966153053 ecr 0,sackOK,eol], length 0
16:39:27.642574 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,sackOK,eol], length 0
16:39:35.674330 IP 192.168.0.14.56549 > A.B.C.D.29392: Flags [S], seq 1766083571, win 65535, options [mss 1460,sackOK,eol], length 0
^C
9 packets captured
303 packets received by filter
0 packets dropped by kernel
但我不确定其中是否有任何有趣的东西。
我的计算机被允许连接到该计算机上的其他端口。IP 表如下所示:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-apache-ardguest tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 80,443
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-apache-ardguest (1 references)
target prot opt source destination
DROP all -- X.Y.Z.V 0.0.0.0/0
RETURN all -- 0.0.0.0/0 0.0.0.0/0
-chainfail2ban-apache-ardguest
不应相关。hosts.deny
为空。我遗漏了什么?服务器正在运行 Ubuntu 10.04.4 LTS。