已建立与阻塞端口的连接，这是什么意思？

Question

已建立与阻塞端口的连接，这是什么意思？

我对系统管理很陌生，我一直在努力更熟悉像 netsat 这样的工具。如果我netstat -n在我的服务器上运行，我会看到这一行：

tcp        0      0 xxx.xxx.xxx.xxx:44573          xxx.xxx.xxx.xxx:443         ESTABLISHED

Run Code Online (Sandbox Code Playgroud)

但是，我使用 iptables 的默认策略为 DROP，而 44573 不是我允许流量通过的端口之一。我的规则在 iptables 中是这样的：

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pcsync-https state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:21022 state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ftp state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:65500:65534
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:webcache state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:https state ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http limit: avg 25/min burst 100

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:pcsync-https state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:21022 state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:https state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ftp state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:webcache state ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http state NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:https state NEW,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:smtp state ESTABLISHED

Run Code Online (Sandbox Code Playgroud)

有没有人能够对此有所了解？我只是解释错了吗？

Answer 1

Eva*_*son 5

最可能的解释是您看到了从您的机器到 HTTPS 端口的出站连接。端口 44573 是一个临时端口，您计算机上的程序在发出出站 HTTPS 请求时会提供该端口。

netstat 没有特别显示出站与入站，但由于您没有任何程序在侦听端口 44573，因此端口 44573 位于临时端口范围内，而远程机器的端口 (443) 不在临时端口范围内（并且是用于公共服务器协议的端口），可以合理地确保它是出站连接。

归档时间：	12 年，7 月前
查看次数：	1376 次
最近记录：	12 年，7 月前