我有3个节点,从bash脚本加载了几乎相同的iptables规则,但是一个特定节点阻止端口53上的流量,尽管它列出了它接受它:
$iptables –list -v
Chain INPUT (policy DROP 8886 packets,657K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
2 122 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
20738 5600K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 any anywhere node1.com multiport dports http,smtp
0 0 ACCEPT udp -- eth1 any anywhere ns.node1.com udp dpt:domain
0 0 ACCEPT tcp -- eth1 any anywhere ns.node1.com tcp dpt:domain
0 0 ACCEPT all -- eth0 any node2.backend anywhere
21 1260 ACCEPT all -- eth0 any node3.backend anywhere
0 0 ACCEPT all -- eth0 any node4.backend anywhere
Chain FORWARD (policy DROP 0 packets,0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 15804 packets,26M bytes)
pkts bytes target prot opt in out source destination
nmap -sV -p 53 ns.node1.com //来自远程服务器
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-02-24 11:44 EST Interesting ports on ns.node1.com (1.2.3.4): PORT STATE SERVICE VERSION 53/tcp filtered domain Nmap finished: 1 IP address (1 host up) scanned in 0.336 seconds
有任何想法吗?
谢谢
解决方法
原文地址:https://www.jb51.cc/html/229343.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
