運行 Ubuntu 22.04 伺服器的 Contabo VPS,沒有firewalld也沒有ufw運行,fail2ban已安裝和配置,但目前已停止以了解發生了什麼情況。
我有一個進程在連接nc -4 -k -l -v 173.212.xxx.xxx 1026埠 1026 上運行和偵聽。173.212.xxx.xxx
由於某種原因我無法連接到173.212.xxx.xxx:1026,連接總是超時。但 SSH 和 HTTP/HTTPS 的情況並非如此。我想知道為什麼我無法連接到其他端口,儘管它們被監聽並且它們顯示如下nmap:
$ sudo nmap 173.212.xxx.xxx
Starting Nmap 7.80 ( https://nmap.org ) at 2022-12-21 16:11 CET
Nmap scan report for vmdxxx.contaboserver.net (173.212.xxx.xxx)
Host is up (0.0000090s latency).
Not shown: 988 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
1026/tcp open LSA-or-nterm # <-- not working
8088/tcp open radan-http # <-- Janus WebRTC server timing out as well (what I actually try to set up)
8089/tcp open unknown
$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:submission
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s
ACCEPT tcp -- anywhere anywhere tcp dpt:imap2
ACCEPT tcp -- anywhere anywhere tcp dpt:imaps
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (1 references)
target prot opt source destination
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
$ sudo netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN 988/master
tcp 0 0 173.212.xxx.xxx:1026 0.0.0.0:* LISTEN 38682/nc
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 652/dovecot
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 652/dovecot
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 652/dovecot
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 747/sshd: /usr/sbin
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 988/master
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 652/dovecot
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 913/mysqld
tcp 0 0 127.0.0.1:33060 0.0.0.0:* LISTEN 913/mysqld
tcp 0 0 127.0.0.1:24 0.0.0.0:* LISTEN 652/dovecot
tcp 0 0 127.0.0.1:4190 0.0.0.0:* LISTEN 652/dovecot
tcp 0 0 127.0.0.1:9998 0.0.0.0:* LISTEN 39690/amavisd-new (
tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 39690/amavisd-new (
tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 988/master
tcp 0 0 127.0.0.1:10026 0.0.0.0:* LISTEN 39690/amavisd-new (
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 623/systemd-resolve
tcp 0 0 173.212.xxx.xxx:8188 0.0.0.0:* LISTEN 36225/janus
tcp6 0 0 :::587 :::* LISTEN 988/master
tcp6 0 0 :::995 :::* LISTEN 652/dovecot
tcp6 0 0 :::993 :::* LISTEN 652/dovecot
tcp6 0 0 :::110 :::* LISTEN 652/dovecot
tcp6 0 0 :::80 :::* LISTEN 940/apache2
tcp6 0 0 :::22 :::* LISTEN 747/sshd: /usr/sbin
tcp6 0 0 :::25 :::* LISTEN 988/master
tcp6 0 0 :::143 :::* LISTEN 652/dovecot
tcp6 0 0 :::443 :::* LISTEN 940/apache2
tcp6 0 0 :::8089 :::* LISTEN 36225/janus
tcp6 0 0 :::8088 :::* LISTEN 36225/janus
udp 0 0 127.0.0.53:53 0.0.0.0:* 623/systemd-resolve
udp6 0 0 :::5002 :::* 36225/janus
udp6 0 0 :::5004 :::* 36225/janus
udp6 0 0 :::5102 :::* 36225/janus
udp6 0 0 :::5104 :::* 36225/janus
udp6 0 0 :::5106 :::* 36225/janus
我可以1026從遠端主機連接到端口localhost,但不能從遠端主機連接到連接埠。但為什麼?我顯然錯過了一些東西。有誰知道為什麼顯然所有連接埠都被外部阻止,即可以在哪裡進行配置?除了fail2ban幾年前的設定之外,我已經不記得任何事情了。順便說一句,我是一個網路菜鳥。感謝您抽出寶貴的時間!非常感謝您的幫忙。