如何通过iptables允许传出连接?

Modified on: Tue, 10 Sep 2019 21:40:02 +0800

我有两台服务器。第一个程序需要与端口2194上的第二个进行通信。

我知道它不起作用,因为当我这样做时:

root@server1 [~]# telnet myserver2.com 2194
Trying 123.123.123.98...
telnet: connect to address 123.123.123.98: Connection timed out
telnet: Unable to connect to remote host: Connection timed out


server1# iptables -L -n

Chain INPUT (policy DROP)
...
...

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
...

Chain LOCALINPUT (1 references)
target     prot opt source               destination
...

Chain LOCALOUTPUT (1 references)
target     prot opt source               destination
...

Chain LOGDROPIN (1 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain LOGDROPOUT (1 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
作者:,siliconpi

最佳答案

要允许在TCP端口2194上从server1到server2的传出连接,请在server1上使用它:

iptables -A OUTPUT -p tcp -d <server2ip> --dport 2194 -j ACCEPT

要允许在TCP端口2194上从server1到server2的传入连接,请在server2上使用它:

iptables -A INPUT -p tcp -s <server1ip> --dport 2194 -j ACCEPT
作者:,Massimo

相关问答

添加新评论