我有一个启用了 etcd-member 的 coreos 实例。
在日志中,我收到了一堆请求,每次请求的源端口都会增加 2。在我看来,这看起来像是一个正在检查以找到要接受的有效源地址的程序。
我如何追踪它们来自哪里以及是什么服务?这是我的 iptables 配置,所以我假设它是本地的东西:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 11 -j ACCEPT
这是 etcd 日志的输出:
Oct 27 14:40:02 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:40:02.810784 I | embed: rejected connection from "127.0.0.1:40162" (error "remote error: tls: bad certificate", ServerName "")
Oct 27 14:40:02 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:40:02.808002 I | embed: rejected connection from "127.0.0.1:40158" (error "tls: first record does not look like a TLS handshake", ServerName "")
Oct 27 14:39:58 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:58.734359 I | embed: rejected connection from "127.0.0.1:40156" (error "tls: first record does not look like a TLS handshake", ServerName "")
Oct 27 14:39:58 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:58.734101 I | embed: rejected connection from "127.0.0.1:40152" (error "tls: first record does not look like a TLS handshake", ServerName "")
Oct 27 14:39:53 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:53.727212 I | embed: rejected connection from "127.0.0.1:40148" (error "tls: first record does not look like a TLS handshake", ServerName "")
Oct 27 14:39:53 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:53.726941 I | embed: rejected connection from "127.0.0.1:40144" (error "tls: first record does not look like a TLS handshake", ServerName "")
Oct 27 14:39:53 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:53.682223 I | embed: rejected connection from "127.0.0.1:40138" (error "tls: first record does not look like a TLS handshake", ServerName "")
Oct 27 14:39:53 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:53.681992 I | embed: rejected connection from "127.0.0.1:40136" (error "remote error: tls: bad certificate", ServerName "")
Oct 27 14:39:48 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:48.719532 I | embed: rejected connection from "127.0.0.1:40132" (error "tls: first record does not look like a TLS handshake", ServerName "")
Oct 27 14:39:48 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:48.719305 I | embed: rejected connection from "127.0.0.1:40128" (error "tls: first record does not look like a TLS handshake", ServerName "")
Oct 27 14:39:48 <HOSTNAME> etcd-wrapper[924]: 2018-10-27 14:39:48.602150 I | embed: rejected connection from "127.0.0.1:40124" (error "tls: first record does not look like a TLS handshake", ServerName "")
答案1
经过进一步挖掘,我发现这是由于 flannel 配置错误造成的。