这是一个创建于 4426 天前的主题,其中的信息可能已经有所发展或是发生改变。
防火墙如下设置后发现 SSH 就不能动态转发了,请教一下是否是因为某个端口或者协议没有打开?
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT ah -- anywhere anywhere
ACCEPT esp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT ah -- anywhere anywhere
ACCEPT esp -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 |
1
imshawer OP 应该是解决了,需要再加入以下的规则:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT 表示其他端口必须是 ESTABLISHED、RELATED 这两种状态的数据包才能通过。 |
Select Language