iptables总结
来源:互联网 发布:gmail mac 客户端 编辑:程序博客网 时间:2024/05/06 22:41
问题:家用TPLINK-WR742N,一台SUSE,一台MAC,配置好网络后可ping通,但是不能ssh。
1. check确认sshd服务已经打开
2. ping的通说明网络正常,路由器工作也正常,很有可能就是防火墙问题,尝试关闭防火墙问题得到解决,命令如下:
$ sudo /sbin/SuSEfirewall2 stop
SuSEfirewall2: batch committing...SuSEfirewall2: Firewall rules unloaded.
引申:为什么防火墙关闭后ssh就能访问了呢,深层次原因是啥,究竟是哪条规则把ssh拒之门外了呢
iptables -L看到如下情况:
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state ESTABLISHED
ACCEPT icmp -- anywhere anywhere state RELATED
input_ext all -- anywhere anywhere
input_ext all -- anywhere anywhere
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain forward_ext (0 references)
target prot opt source destination
Chain input_ext (2 references)
target prot opt source destination
DROP all -- anywhere anywhere PKTTYPE = broadcast
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp echo-request
LOG all -- anywhere anywhere limit: avg 3/min burst 5 PKTTYPE = multicast LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere PKTTYPE = multicast
DROP all -- anywhere anywhere PKTTYPE = broadcast
LOG tcp -- anywhere anywhere limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG icmp -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG udp -- anywhere anywhere limit: avg 3/min burst 5 state NEW LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
DROP all -- anywhere anywhere
Chain reject_func (0 references)
target prot opt source destination
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
我们知道netfilter框架如下
参照http://www.pooy.net/iptables.html
- iptables总结
- iptables总结
- iptables 总结
- iptables总结
- iptables学习总结(一)
- 总结iptables的应用
- iptables语法总结
- Iptables学习总结
- Iptables 学习总结
- iptables使用总结
- iptables 学习总结
- iptables 用法总结
- iptables小总结
- iptables初步总结
- iptables 使用总结
- iptables 常用功能总结
- iptables学习概要总结
- Neutron之Iptables总结
- vs2012 webservice 实例
- 本月国内十大热门微处理器
- android面试常用 service的两种启动方式
- ssh免密码登录本机
- Resize Unity 2D Launcher in Ubuntu 12.04 (Precise Pangolin)
- iptables总结
- Ubuntu下安装JDK
- java面向对象(二) 初步认识封装性
- 基于注解的SpringMVC
- malloc,calloc,realloc的区别
- android开机启动
- spring 之 springMVC 学习1
- iOS多线程编程之NSThread的使用
- ZOJ Problem Set - 3819Average Score