我想在我的 VPS 上托管 FiveM 服务器,但无法为此打开端口 (30120)。我已经向 UFW 和 iptables 添加了规则,但仍然无法通过nmap测试。以下是我得到的结果:
Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-06 14:53 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up.
Other addresses for localhost (not scanned): ::1
PORT STATE SERVICE
30120/tcp filtered unknown
Nmap done: 1 IP address (1 host up) scanned in 2.04 seconds
root@VPS:~# nmap -sV 30120 localhost
Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-06 14:53 CEST
setup_target: failed to determine route to 30120 (0.0.117.168)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Other addresses for localhost (not scanned): ::1
Not shown: 995 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 3.0.3
22/tcp open ssh OpenSSH 7.2p2 Ubuntu 4ubuntu2.2 (Ubuntu Linux; protocol 2.0)
53/tcp open domain ISC BIND 9.10.3-P4-Ubuntu
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
3306/tcp open mysql MySQL 5.5.5-10.0.31-MariaDB-0ubuntu0.16.04.2
Service Info: OSs: Unix, Linux; CPE: cpe:/o:linux:linux_kernel
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 9.07 seconds
如您所见,端口 30120 已被过滤,原因是它无法确定路由(我不确定这是什么意思)。UFW 和 netstat -aunt 说我已经在此端口上监听
root@VPS:~# ufw status
Status: active
To Action From
-- ------ ----
Apache ALLOW Anywhere
Apache Full ALLOW Anywhere
22 ALLOW Anywhere
9987 ALLOW Anywhere
10011 ALLOW Anywhere
30033 ALLOW Anywhere
25565 ALLOW Anywhere
20 ALLOW Anywhere
21 ALLOW Anywhere
30110 ALLOW Anywhere
30120 ALLOW Anywhere
3306 DENY Anywhere
Apache (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW Anywhere (v6)
22 (v6) ALLOW Anywhere (v6)
9987 (v6) ALLOW Anywhere (v6)
10011 (v6) ALLOW Anywhere (v6)
30033 (v6) ALLOW Anywhere (v6)
25565 (v6) ALLOW Anywhere (v6)
20 (v6) ALLOW Anywhere (v6)
21 (v6) ALLOW Anywhere (v6)
30110 (v6) ALLOW Anywhere (v6)
30120 (v6) ALLOW Anywhere (v6)
3306 (v6) DENY Anywhere (v6)
以下是 netstat 输出(xxx.xx.xx.xx - 我的 VPS 的 IP 地址):
root@VPS:~# netstat -aunt
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:30120 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:30033 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 xxx.xx.xx.xx:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:10011 0.0.0.0:* LISTEN
tcp 0 0 xxx.xx.xx.xx:22 37.47.130.222:4372 ESTABLISHED
tcp 0 0 xxx.xx.xx.xx:22 54.197.3.109:37996 SYN_RECV
tcp 0 0 xxx.xx.xx.xx:22 218.65.30.25:29523 ESTABLISHED
tcp 0 448 xxx.xx.xx.xx:22 37.47.130.222:16716 ESTABLISHED
tcp 0 0 xxx.xx.xx.xx:22 221.194.47.224:53806 TIME_WAIT
tcp 0 0 xxx.xx.xx.xx:22 221.194.47.224:56732 TIME_WAIT
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::30033 :::* LISTEN
tcp6 0 0 :::53 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:953 :::* LISTEN
tcp6 0 0 :::10011 :::* LISTEN
udp 0 0 xxx.xx.xx.xx:36538 194.97.114.3:2010 ESTABLISHED
udp 0 0 0.0.0.0:9987 0.0.0.0:*
udp 0 0 xxx.xx.xx.xx:2011 194.97.114.3:2010 ESTABLISHED
udp 0 0 xxx.xx.xx.xx:53 0.0.0.0:*
udp 0 0 127.0.0.1:53 0.0.0.0:*
udp6 0 0 :::9987 :::*
udp6 0 0 0.0.0.0:30120 :::*
udp6 0 0 :::53 :::*
我也打开了这个端口iptables
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http /* 'dapp_Apache' */
ACCEPT tcp -- anywhere anywhere multiport dports http,https /* 'dapp_Apache%20Full' */
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:9987
ACCEPT udp -- anywhere anywhere udp dpt:9987
ACCEPT tcp -- anywhere anywhere tcp dpt:10011
ACCEPT udp -- anywhere anywhere udp dpt:10011
ACCEPT tcp -- anywhere anywhere tcp dpt:30033
ACCEPT udp -- anywhere anywhere udp dpt:30033
ACCEPT tcp -- anywhere anywhere tcp dpt:25565
ACCEPT udp -- anywhere anywhere udp dpt:25565
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data
ACCEPT udp -- anywhere anywhere udp dpt:20
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp
ACCEPT udp -- anywhere anywhere udp dpt:fsp
ACCEPT tcp -- anywhere anywhere tcp dpt:30110
ACCEPT udp -- anywhere anywhere udp dpt:30110
ACCEPT tcp -- anywhere anywhere tcp dpt:30120
ACCEPT udp -- anywhere anywhere udp dpt:30120
DROP tcp -- anywhere anywhere tcp dpt:mysql
DROP udp -- anywhere anywhere udp dpt:mysql
有人知道为什么这个端口仍然关闭吗?