尽管端口已打开并处于监听状态,但连接超时

tag-icon tag-icon linux ubuntu ip port
尽管端口已打开并处于监听状态,但连接超时

Contabo VPS 运行 Ubuntu 22.04 服务器,没有正在firewalld运行ufwfail2ban已经安装并配置好但目前已停止以弄清楚发生了什么。

我有一个nc -4 -k -l -v 173.212.xxx.xxx 1026进程正在运行并监听端口 1026。173.212.xxx.xxx这是 VPS 的公共 IP,可以从外部访问(例如,端口 22、80 和 443 可以正常工作)。

由于某种原因,我无法连接到173.212.xxx.xxx:1026,连接总是超时。但 SSH 和 HTTP/HTTPS 并非如此。我想知道为什么我无法连接到其他端口,尽管它们正在被监听,并且它们显示如下nmap

$ sudo nmap 173.212.xxx.xxx
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-21 16:11 CET
Nmap scan report for vmdxxx.contaboserver.net (173.212.xxx.xxx)
Host is up (0.0000090s latency).
Not shown: 988 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
1026/tcp open  LSA-or-nterm      # <-- not working
8088/tcp open  radan-http        # <-- Janus WebRTC server timing out as well (what I actually try to set up)
8089/tcp open  unknown

$ sudo iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:smtp
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:submission
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:pop3s
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imap2
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:imaps

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (1 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN      988/master          
tcp        0      0 173.212.xxx.xxx:1026    0.0.0.0:*               LISTEN      38682/nc            
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      747/sshd: /usr/sbin 
tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      988/master          
tcp        0      0 0.0.0.0:143             0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      913/mysqld          
tcp        0      0 127.0.0.1:33060         0.0.0.0:*               LISTEN      913/mysqld          
tcp        0      0 127.0.0.1:24            0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 127.0.0.1:4190          0.0.0.0:*               LISTEN      652/dovecot         
tcp        0      0 127.0.0.1:9998          0.0.0.0:*               LISTEN      39690/amavisd-new ( 
tcp        0      0 127.0.0.1:10024         0.0.0.0:*               LISTEN      39690/amavisd-new ( 
tcp        0      0 127.0.0.1:10025         0.0.0.0:*               LISTEN      988/master          
tcp        0      0 127.0.0.1:10026         0.0.0.0:*               LISTEN      39690/amavisd-new ( 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      623/systemd-resolve 
tcp        0      0 173.212.xxx.xxx:8188    0.0.0.0:*               LISTEN      36225/janus         
tcp6       0      0 :::587                  :::*                    LISTEN      988/master          
tcp6       0      0 :::995                  :::*                    LISTEN      652/dovecot         
tcp6       0      0 :::993                  :::*                    LISTEN      652/dovecot         
tcp6       0      0 :::110                  :::*                    LISTEN      652/dovecot         
tcp6       0      0 :::80                   :::*                    LISTEN      940/apache2         
tcp6       0      0 :::22                   :::*                    LISTEN      747/sshd: /usr/sbin 
tcp6       0      0 :::25                   :::*                    LISTEN      988/master          
tcp6       0      0 :::143                  :::*                    LISTEN      652/dovecot         
tcp6       0      0 :::443                  :::*                    LISTEN      940/apache2         
tcp6       0      0 :::8089                 :::*                    LISTEN      36225/janus         
tcp6       0      0 :::8088                 :::*                    LISTEN      36225/janus         
udp        0      0 127.0.0.53:53           0.0.0.0:*                           623/systemd-resolve 
udp6       0      0 :::5002                 :::*                                36225/janus         
udp6       0      0 :::5004                 :::*                                36225/janus         
udp6       0      0 :::5102                 :::*                                36225/janus         
udp6       0      0 :::5104                 :::*                                36225/janus         
udp6       0      0 :::5106                 :::*                                36225/janus

我可以连接到端口1026localhost但不能连接到远程主机。但为什么呢?我显然忽略了一些东西。有谁知道为什么所有端口都被从外部阻止了,即在哪里可以配置它?除了fail2ban几年前的设置之外,我不记得任何事情了。顺便说一句,我是个网络菜鸟。感谢您抽出时间!非常感谢您的帮助。

相关内容