使用 Google 容器引擎 (GKE)容器优化镜像外部接口(临时 IP)似乎正在监听端口 110、143、993、995 等,如通过端口扫描所示nmap:
Nmap scan report for 236.185.xxx.xx.bc.googleusercontent.com (xx.xx.185.236)
Host is up (0.0025s latency).
Not shown: 65529 filtered ports
PORT STATE SERVICE
22/tcp open ssh
110/tcp open pop3
143/tcp open imap
993/tcp open imaps
995/tcp open pop3s
3389/tcp closed ms-wbt-server
我可以通过 telnet 连接但端口没有响应:
$telnet 35.192.xxx.xxx 993
Trying 35.192.xxx.xxx...
Connected to xxx.xxx.192.35.bc.googleusercontent.com.
Escape character is '^]'.
USER FOO
Connection closed by foreign host.
最后,如果您 ssh 到节点实例,则没有证据表明有任何东西在监听端口 110、143、993 或 995。
希望能够解开这个谜团!
答案1
我使用我的一个节点的 IP 地址在 VM 实例上运行了 nmap 扫描,得到了以下结果:
Starting Nmap 7.40 ( https://nmap.org ) at 2018-06-14 19:44 UTC
Nmap scan report for 70.133.xxx.xxx.bc.googleusercontent.com (35.224.133.70)
Host is up (0.0018s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
80/tcp closed http
443/tcp closed https
Nmap done: 1 IP address (1 host up) scanned in 4.86 seconds
但是,当我使用在线工具运行 nmap 扫描时,得到了以下结果:
Starting Nmap 7.01 ( https://nmap.org ) at 2018-06-14 19:46 UTC
Nmap scan report for 70.133.xxx.xxx.bc.googleusercontent.com (35.224.133.70)
Host is up (0.030s latency).
PORT STATE SERVICE VERSION
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp filtered telnet
80/tcp closed http
110/tcp filtered pop3
143/tcp filtered imap
443/tcp closed https
3389/tcp filtered ms-wbt-server
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.98 seconds
我检查了防火墙规则,以确保除 80 和 443 之外的其他端口都不被允许,并且只有它们开放。
为了确认ftp、pop3、imap等端口没有打开,我运行了telnet,得到了以下结果:
telnet 35.224.133.70 993
Trying 35.224.133.70...
telnet: Unable to connect to remote host: Connection timed out
您提到的端口不应打开。由于我已在不同集群的不同节点上运行 nmap,因此没有遇到相同的行为。此问题似乎特定于您的项目。我建议在我们的公共问题跟踪器上创建一个私人问题。您可以创建它这里。