我已经安装了 transmission,它监听默认端口 51413。
我已尝试为该端口打开一切。
iptables:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT icmp -- 'Server IP' anywhere state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT udp -- anywhere anywhere state RELATED,ESTABLISHED udp spt:domain dpts:1024:65535
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp spt:bootpc dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:9091
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:51513
ACCEPT tcp -- anywhere anywhere tcp spt:51413
ACCEPT udp -- anywhere anywhere udp spt:51413
LOGGING all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT icmp -- anywhere anywhere state NEW,RELATED,ESTABLISHED icmp echo-request
ACCEPT icmp -- anywhere anywhere state RELATED,ESTABLISHED icmp echo-reply
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp spt:9091
ACCEPT tcp -- anywhere anywhere tcp spt:51413
ACCEPT udp -- anywhere anywhere udp spt:51413
ACCEPT tcp -- anywhere anywhere tcp dpt:51413
ACCEPT udp -- anywhere anywhere udp dpt:51413
LOGGING all -- anywhere anywhere
DROP all -- anywhere anywhere
Chain LOGGING (2 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 12/min burst 5 LOG level warning prefix "FirewallDrops: "
DROP all -- anywhere anywhere
但它仍然不允许交通通过。
如果我刷新表格:
iptables -F
然后它就可以工作了,所以我想象我在 iptables 中遗漏了一些东西。
日志输出:
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:43:32 StretchSvr kernel: [ 9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:44:53 StretchSvr kernel: [ 90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/kern.log:May 5 18:45:01 StretchSvr kernel: [ 98.435703] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2373 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2372 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.258012] FirewallDrops: IN= OUT=lo SRC=127.0.0.1 DST=127.0.0.1 LEN=72 TOS=0x00 PREC=0xC0 TTL=64 ID=2371 PROTO=ICMP TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=44 TOS=0x00 PREC=0x00 TTL=64 ID=2370 DF PROTO=UDP SPT=51413 DPT=80 LEN=24 ]
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.298081] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=53 ID=55801 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/syslog:May 5 18:43:32 StretchSvr kernel: [ 9.305079] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.444453] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=62.210.137.203 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=54 ID=55802 PROTO=UDP SPT=1337 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.453131] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.225 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=6969 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.456361] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.226 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
/var/log/syslog:May 5 18:44:53 StretchSvr kernel: [ 90.458255] FirewallDrops: IN=eth0 OUT= MAC='Svr MAC Address' SRC=31.172.63.252 DST='Svr IP Address' LEN=44 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=UDP SPT=80 DPT=51413 LEN=24
任何帮助均感激不尽。
答案1
所以正如我在上面的评论中所解释的那样,这是我的打字错误,哈哈...我的 INPUT udp 端口号是 51513,而不是 51413...
但是,如果有人想知道,这些是我用来允许传输的规则:
iptables -A INPUT -m state --state RELATED,ESTABLISHED -p udp --dport 51413 -j ACCEPT
iptables -A OUTPUT -p udp --sport 51413 -j ACCEPT
感谢大家的意见