SSH 可以工作,但 ping 和 https 没有响应

SSH 可以工作,但 ping 和 https 没有响应

背景: 我正在尝试配置一个 ubuntu 服务器以使用 https 运行 node.js 应用程序。我以前使用 http 一切正常(一年前配置的),我想打开 :443 的防火墙并将其重定向到 :8443:

sudo ufw allow 443/tcp
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 443 -j REDIRECT --to-port 8443

试用我的应用程序时,结果发现 https 请求未在应用程序中注册(应用程序日志中没有任何内容,浏览器从未收到对请求的响应)。当我 ping 服务器时,我也没有收到响应(它甚至没有超时)。我的云提供商仪表板也显示无法 ping 服务器,云提供商防火墙配置也显示 443 允许所有 tcp。...但是,我仍然可以毫无问题地 ssh 到服务器上。

问题 我该如何解决这个问题?据我所知

  • :443 在防火墙上被允许
  • :443 重定向至 :8443
  • 节点正在监听:8443
    sudo ufw status
    To                         Action      From
    --                         ------      ----
    80/tcp                     ALLOW       Anywhere                  
    443/tcp                    ALLOW       Anywhere                  
    80/tcp (v6)                ALLOW       Anywhere (v6)             
    443/tcp (v6)               ALLOW       Anywhere (v6)


    sudo iptables -t nat -L -n -v
    Chain PREROUTING (policy ACCEPT 9477 packets, 1121K bytes)
    pkts bytes target     prot opt in     out     source               destination         
    1413K   59M REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8080
        0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8080
        0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8080
        0     0 REDIRECT   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8080
        0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 redir ports 8080
        0     0 REDIRECT   tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 redir ports 8443

    Chain INPUT (policy ACCEPT 6826 packets, 410K bytes)
     pkts bytes target     prot opt in     out     source               destination         

    Chain OUTPUT (policy ACCEPT 74 packets, 6925 bytes)
     pkts bytes target     prot opt in     out     source               destination         

    Chain POSTROUTING (policy ACCEPT 74 packets, 6925 bytes)
     pkts bytes target     prot opt in     out     source               destination


    sudo netstat -ntlp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      108911/systemd-reso 
    tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      112287/sshd         
    tcp        0      0 0.0.0.0:1022            0.0.0.0:*               LISTEN      125785/sshd         
    tcp6       0      0 :::22                   :::*                    LISTEN      112287/sshd         
    tcp6       0      0 :::8443                 :::*                    LISTEN      125414/node         
    tcp6       0      0 :::1022                 :::*                    LISTEN      125785/sshd


sudo iptables -L -nv
Chain INPUT (policy DROP 120 packets, 30108 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8443
 381K   34M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8443
  998 94467 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
 8163 1107K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
  54M   15G ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
2892K  172M ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 5873 packets, 874K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-after-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-before-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-logging-allow (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-logging-deny (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-not-local (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-reject-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-skip-to-policy-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-track-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443

Chain ufw-user-limit (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-limit-accept (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-forward (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-input (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-logging-output (0 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain ufw-user-output (0 references)
 pkts bytes target     prot opt in     out     source               destination


答案1

重新启动 ufw。

sudo systemctl restart ufw

您的 iptables 输出显示,ufw 添加的大多数规则都丢失了。这是由于sudo iptables -F在 ufw 仍在运行时手动刷新表(例如)造成的,这当然也会刷新 ufw 的规则并导致大量破坏,但随机的互联网教程会告诉您这样做。

相关内容