端口 443“正在侦听”但“未打开”

Question

端口 443“正在侦听”但“未打开”

我在 Centos 6.6 上运行 Apache/2.2.15。

我有一个 Verizon 路由器并检查了端口转发并看到

    WorkstationName 192.168.1.6 HTTPS TCP Any -> 443    All Broadband Devices   Active

Run Code Online (Sandbox Code Playgroud)

我去命令行输入

sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 443 -j ACCEPT

Run Code Online (Sandbox Code Playgroud)

我也进入了

sudo netstat -anltp | grep LISTEN

Run Code Online (Sandbox Code Playgroud)

并得到

tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      1462/mysqld         
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2297/sshd           
tcp        0      0 :::443                      :::*                        LISTEN      2340/httpd          
tcp        0      0 :::80                       :::*                        LISTEN      2340/httpd          
tcp        0      0 :::22                       :::*                        LISTEN      2297/sshd

Run Code Online (Sandbox Code Playgroud)

但是，当我输入我的网站名称（适用于 http）时，如下所示

https://websitename.com

Run Code Online (Sandbox Code Playgroud)

它只是挂起。然后我去http://www.mynetworktest.com/ports.php并点击

测试 https - 端口 443

并得到

Port 443 is not open on my.ip.addre.ess

sudo iptables -L -n

Run Code Online (Sandbox Code Playgroud)

给

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 
ACCEPT     tcp  --  192.168.1.1          0.0.0.0/0           tcp flags:!0x17/0x02 
ACCEPT     udp  --  192.168.1.1          0.0.0.0/0           
ACCEPT     tcp  --  151.198.0.38         0.0.0.0/0           tcp     flags:!0x17/0x02 
ACCEPT     udp  --  151.198.0.38         0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5 
DROP       all  --  0.0.0.0/0            255.255.255.255     
DROP       all  --  0.0.0.0/0            192.168.1.255       
DROP       all  --  224.0.0.0/8          0.0.0.0/0           
DROP       all  --  0.0.0.0/0            224.0.0.0/8         
DROP       all  --  255.255.255.255      0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0             
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID 
LSI        all  -f  0.0.0.0/0            0.0.0.0/0           limit: avg 10/min burst 5 
INBOUND    all  --  0.0.0.0/0            0.0.0.0/0           
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0     level 6 prefix `Unknown Input' 
DROP       all  --  69.84.207.246        0.0.0.0/0           
DROP       all  --  69.84.207.246        0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443 

Chain FORWARD (policy DROP)
target     prot opt source               destination         
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           limit: avg 10/sec burst 5 
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 6 prefix `Unknown Forward' 

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     tcp  --  192.168.1.4          192.168.1.1         tcp dpt:53 
ACCEPT     udp  --  192.168.1.4          192.168.1.1         udp dpt:53 
ACCEPT     tcp  --  192.168.1.4          151.198.0.38        tcp dpt:53 
ACCEPT     udp  --  192.168.1.4          151.198.0.38        udp dpt:53 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  224.0.0.0/8          0.0.0.0/0           
DROP       all  --  0.0.0.0/0            224.0.0.0/8         
DROP       all  --  255.255.255.255      0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0             
DROP       all  --  0.0.0.0/0            0.0.0.0/0           state INVALID 
OUTBOUND   all  --  0.0.0.0/0            0.0.0.0/0           
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        all  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0     level 6 prefix `Unknown Output' 
DROP       all  --  0.0.0.0/0            69.84.207.246       
DROP       all  --  0.0.0.0/0            69.84.207.246       
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp spt:443 

Chain INBOUND (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
LSI        all  --  0.0.0.0/0            0.0.0.0/0           

Chain LOG_FILTER (5 references)
target     prot opt source               destination         

Chain LSI (2 references)
target     prot opt source               destination         
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 
LOG        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
DROP       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x04 
LOG        icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
DROP       icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8 
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg     5/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' 
DROP       all  --  0.0.0.0/0            0.0.0.0/0           

Chain LSO (0 references)
target     prot opt source               destination         
LOG_FILTER  all  --  0.0.0.0/0            0.0.0.0/0           
LOG        all  --  0.0.0.0/0            0.0.0.0/0           limit: avg     5/sec burst 5 LOG flags 0 level 6 prefix `Outbound ' 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable 

Chain OUTBOUND (1 references)
target     prot opt source               destination         
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Run Code Online (Sandbox Code Playgroud)

Answer 1

kri*_*sFR 7

事实是您在INPUT链的末尾添加了允许端口 443 的规则。

但是您之前有一条规则可以删除所有内容：

Chain INPUT (policy DROP)
[...]
DROP       all  --  0.0.0.0/0            0.0.0.0
[...]
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
[...]

Run Code Online (Sandbox Code Playgroud)

有iptables规则，秩序很重要！

使用iptables -I INPUT -p tcp --dport 443 -j ACCEPT把规则在你的开头INPUT链。

该-A标志（追加）在指定链，这是不是你想要的这里的末尾添加规则。

归档时间：	10 年，3 月前
查看次数：	4105 次
最近记录：	10 年，3 月前