我正在尝试设置我的服务器,以便端口 5432 (Postgres) 只能从本地主机访问。因此,我拒绝了所有内容,并重新添加了端口 5432,但我无法连接到它。
这是我的 UFW 配置:
$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), deny (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
80 ALLOW IN Anywhere
443 ALLOW IN Anywhere
127.0.0.1 5432 ALLOW IN 127.0.0.1
22 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
443 (v6) ALLOW IN Anywhere (v6)
80 ALLOW OUT Anywhere
22 ALLOW OUT Anywhere
443 ALLOW OUT Anywhere
53 ALLOW OUT Anywhere
33434:33524/udp ALLOW OUT Anywhere
127.0.0.1 5432 ALLOW OUT 127.0.0.1
80 (v6) ALLOW OUT Anywhere (v6)
22 (v6) ALLOW OUT Anywhere (v6)
443 (v6) ALLOW OUT Anywhere (v6)
53 (v6) ALLOW OUT Anywhere (v6)
33434:33524/udp (v6) ALLOW OUT Anywhere (v6)
和 netstat:
$ netstat -an | grep "LISTEN "
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN
tcp6 0 0 :::55056 :::* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::5432 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
只是为了确认确实是 ufw 阻止了连接,因为如果我禁用它,它就可以正常工作。知道我遗漏了什么吗?
答案1
从您的 netstat 中,我们可以看到只提到了端口 5432(即,监听 的 tcp6 行):::5432。这表明您的程序只监听IPv6。您的防火墙只允许IPv4。有两个选项,一个是您允许 IPv6 地址::1(相当于IPv6localhost)连接到防火墙中的该服务,另一个是让您的程序监听IPv4。最好的可能是两者都做。