我有3个节点,从bash脚本加载了几乎相同的iptables规则,但是一个特定节点阻止端口53上的流量,尽管它列出了它接受它:
$iptables –list -v@H_502_3@
Chain INPUT (policy DROP 8886 packets,657K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
2 122 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
20738 5600K ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eth1 any anywhere node1.com multiport dports http,smtp
0 0 ACCEPT udp -- eth1 any anywhere ns.node1.com udp dpt:domain
0 0 ACCEPT tcp -- eth1 any anywhere ns.node1.com tcp dpt:domain
0 0 ACCEPT all -- eth0 any node2.backend anywhere
21 1260 ACCEPT all -- eth0 any node3.backend anywhere
0 0 ACCEPT all -- eth0 any node4.backend anywhere
Chain FORWARD (policy DROP 0 packets,0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 15804 packets,26M bytes)
pkts bytes target prot opt in out source destination
nmap -sV -p 53 ns.node1.com //来自远程服务器@H_502_3@
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-02-24 11:44 EST Interesting ports on ns.node1.com (1.2.3.4): PORT STATE SERVICE VERSION 53/tcp filtered domain Nmap finished: 1 IP address (1 host up) scanned in 0.336 seconds
有任何想法吗?@H_502_3@
谢谢@H_502_3@
