标签:iptables
iptables规则的关系,是自上而下进行过虑的。
所以添加规则时,要通过文件进行添加,这样的话,可以控制其顺序。
A机器:
[root@www ~]# netstat -an | grep 6100
tcp 0 0 0.0.0.0:6100 0.0.0.0:* LISTEN
tcp 0 0 192.168.5.140:6100 192.168.4.199:60194 ESTABLISHED
tcp 0 0 192.168.5.140:6100 192.168.4.199:60196 ESTABLISHED
tcp 0 0 192.168.5.140:6100 192.168.4.199:60193 ESTABLISHED
tcp 0 0 192.168.5.140:6100 192.168.4.199:60195 ESTABLISHED
然则:B机器:
[root@www ~]# telnet 192.168.5.140 5432
Trying 192.168.5.140...
Connected to 192.168.5.140.
Escape character is ‘^]‘.
^CConnection closed by foreign host
原因是:
[root@www ~]# more /etc/sysconfig/iptables
-A INPUT -j REJECT --reject-with icmp-host-prohibited
注:问题就出在这时,上面这个规则阻挡了下面的规则的执行
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT
所以调整如下:
[root@www ~]# more /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 6100 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
这样的话:
[root@www ~]# telnet 192.168.5.140 6100
Trying 192.168.5.140...
Connected to 192.168.5.140.
Escape character is ‘^]‘.
Connection closed by foreign host.
标签:iptables
原文地址:http://blog.csdn.net/maokexu123/article/details/42293131