리눅스 분류
iptables에서 질문드립니다.
작성자 정보
- 이석 작성
- 작성일
컨텐츠 정보
- 1,495 조회
- 1 댓글
- 0 추천
- 목록
본문
8686포트를 사용하려고 합니다. 현재 iptables의 rule이 아래처럼 되어있구요 8686포트관련 부분은 직접 설정했습니다만 포트가 사용가능하지가 않습니다. 물론 맨아래 drop부분을 삭제하면 연결이 잘 됩니다만.. drop부분보다 앞쪽에 8686에대한 accept설정을 해줬는데 왜 포트연결이 안되는지 모르겠습니다.
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:8686 dpt:8686 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:imap state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:rndc state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:smtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:time state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:nicname state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state NEW,ESTABLISHED
DROP tcp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT tcp -- anywhere anywhere tcp spt:ftp-data state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpts:ftp-data:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:8686 dpt:8686 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:imap state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:rndc state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ftp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:ssh state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:smtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:time state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:nicname state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:http state NEW,ESTABLISHED
DROP tcp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
관련자료
-
이전
-
다음
댓글 1
홍보성님의 댓글
- 홍보성
- 작성일
어떤 어플리케이션 포트인지 모르겠지만 접속 시도하는 상대방 포트도 8686인 경우만 접속하도록 설정 되어있는거네요. 특정 프로그램이 아닌이상 이런 경우는 드물죠.
접속 시도하는 클라이언트의 접근 포트를 확인하세요.
일반적으로 포트를 열때는 iptables -A INPUT -p tcp --dport 8686 -j ACCEPT 이런식으로 엽니다. --sport는 제거해보시고 다시 해보세요.
접속 시도하는 클라이언트의 접근 포트를 확인하세요.
일반적으로 포트를 열때는 iptables -A INPUT -p tcp --dport 8686 -j ACCEPT 이런식으로 엽니다. --sport는 제거해보시고 다시 해보세요.