鍍金池/ 問答/Java  Linux  網(wǎng)絡安全/ ssh 連接需要開放哪些端口

ssh 連接需要開放哪些端口

目前的iptables如附

-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m state --state INVALID -j DROP
-A OUTPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 53 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -j ACCEPT
-A OUTPUT -p udp -m udp --dport 68 -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 68 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 67 -j ACCEPT

僅僅只要看OUTPUT就行了。

因為我一旦把OUTPUT默認規(guī)則設成ACCEPT.立馬就能夠ssh其他主機了。

但是我看不懂還需要開什么端口?

67好像一定要開的,我看messages要發(fā)送DHCP package

這是fail log

Jul 30 06:14:37 localhost dhclient[99799]: DHCPREQUEST on ens33 to 192.168.27.254 port 67 (xid=0x2a4c9dda)
Jul 30 06:14:37 localhost dhclient[99799]: DHCPACK from 192.168.27.254 (xid=0x2a4c9dda)
Jul 30 06:14:37 localhost NetworkManager[897]: <info> [1532945677.2777] dhcp4 (ens33): address 192.168.27.148
Jul 30 06:14:37 localhost NetworkManager[897]: <info> [1532945677.2782] dhcp4 (ens33): plen 24 (255.255.255.0)
Jul 30 06:14:37 localhost NetworkManager[897]: <info> [1532945677.2783] dhcp4 (ens33): gateway 192.168.27.2
Jul 30 06:14:37 localhost NetworkManager[897]: <info> [1532945677.2783] dhcp4 (ens33): lease time 1800
Jul 30 06:14:37 localhost NetworkManager[897]: <info> [1532945677.2783] dhcp4 (ens33): nameserver '192.168.27.2'
Jul 30 06:14:37 localhost NetworkManager[897]: <info> [1532945677.2783] dhcp4 (ens33): domain name 'localdomain'
Jul 30 06:14:37 localhost NetworkManager[897]: <info> [1532945677.2783] dhcp4 (ens33): state changed bound -> bound
Jul 30 06:14:37 localhost dhclient[99799]: bound to 192.168.27.148 -- renewal in 710 seconds.
Jul 30 06:14:37 localhost dbus-daemon: dbus[762]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jul 30 06:14:37 localhost dbus[762]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jul 30 06:14:37 localhost systemd: Starting Network Manager Script Dispatcher Service...
Jul 30 06:14:37 localhost dbus[762]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jul 30 06:14:37 localhost dbus-daemon: dbus[762]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jul 30 06:14:37 localhost systemd: Started Network Manager Script Dispatcher Service.
Jul 30 06:14:37 localhost nm-dispatcher: req:1 'dhcp4-change' [ens33]: new request (4 scripts)
Jul 30 06:14:37 localhost nm-dispatcher: req:1 'dhcp4-change' [ens33]: start running ordered scripts...
Jul 30 06:20:01 localhost systemd: Created slice User Slice of root.
Jul 30 06:20:01 localhost systemd: Starting User Slice of root.
Jul 30 06:20:01 localhost systemd: Started Session 326 of user root.
Jul 30 06:20:01 localhost systemd: Starting Session 326 of user root.
Jul 30 06:20:01 localhost systemd: Removed slice User Slice of root.
Jul 30 06:20:01 localhost systemd: Stopping User Slice of root.

這是成功的log
Jul 30 07:04:44 localhost dhclient[99799]: DHCPREQUEST on ens33 to 192.168.27.254 port 67 (xid=0x2a4c9dda)
Jul 30 07:04:44 localhost dhclient[99799]: DHCPACK from 192.168.27.254 (xid=0x2a4c9dda)
Jul 30 07:04:44 localhost NetworkManager[897]: <info> [1532948684.6818] dhcp4 (ens33): address 192.168.27.148
Jul 30 07:04:44 localhost NetworkManager[897]: <info> [1532948684.6822] dhcp4 (ens33): plen 24 (255.255.255.0)
Jul 30 07:04:44 localhost NetworkManager[897]: <info> [1532948684.6822] dhcp4 (ens33): gateway 192.168.27.2
Jul 30 07:04:44 localhost NetworkManager[897]: <info> [1532948684.6822] dhcp4 (ens33): lease time 1800
Jul 30 07:04:44 localhost NetworkManager[897]: <info> [1532948684.6823] dhcp4 (ens33): nameserver '192.168.27.2'
Jul 30 07:04:44 localhost NetworkManager[897]: <info> [1532948684.6823] dhcp4 (ens33): domain name 'localdomain'
Jul 30 07:04:44 localhost NetworkManager[897]: <info> [1532948684.6823] dhcp4 (ens33): state changed bound -> bound
Jul 30 07:04:44 localhost dhclient[99799]: bound to 192.168.27.148 -- renewal in 855 seconds.
Jul 30 07:04:44 localhost dbus-daemon: dbus[762]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jul 30 07:04:44 localhost dbus[762]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service'
Jul 30 07:04:44 localhost systemd: Starting Network Manager Script Dispatcher Service...
Jul 30 07:04:44 localhost dbus[762]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jul 30 07:04:44 localhost dbus-daemon: dbus[762]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
Jul 30 07:04:44 localhost systemd: Started Network Manager Script Dispatcher Service.
Jul 30 07:04:44 localhost nm-dispatcher: req:1 'dhcp4-change' [ens33]: new request (4 scripts)
Jul 30 07:04:44 localhost nm-dispatcher: req:1 'dhcp4-change' [ens33]: start running ordered scripts...
Jul 30 07:10:02 localhost systemd: Created slice User Slice of root.
Jul 30 07:10:02 localhost systemd: Starting User Slice of root.
Jul 30 07:10:02 localhost systemd: Started Session 332 of user root.
Jul 30 07:10:02 localhost systemd: Starting Session 332 of user root.
Jul 30 07:10:02 localhost systemd: Removed slice User Slice of root.
Jul 30 07:10:02 localhost systemd: Stopping User Slice of root.
Jul 30 07:10:30 localhost chronyd[63481]: Selected source 120.25.115.19

看不出來啥啊,怎么讓日志詳細點

先謝謝各位了

回答
編輯回答
冷眸

你把 sport 22改為 dport 22

2018年2月12日 04:41