PORT 53 关闭了,打不开
PORT 53 is closed, cant open it
我有一个 Centos 云服务器,我已经为服务器配置了命名服务但是我无法从外部访问它。你能帮助我吗?我做错了什么?
如果我从服务器执行它,它会完美运行:
# dig @74.208.73.61 paisgdl.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> @74.208.73.61 paisgdl.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49672
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;paisgdl.com. IN A
;; ANSWER SECTION:
paisgdl.com. 86400 IN A 74.208.73.61
;; AUTHORITY SECTION:
paisgdl.com. 86400 IN NS ns.paisgdl.com.
;; ADDITIONAL SECTION:
ns.paisgdl.com. 86400 IN A 74.208.73.61
;; Query time: 0 msec
;; SERVER: 74.208.73.61#53(74.208.73.61)
;; WHEN: Thu Mar 26 14:40:04 2015
;; MSG SIZE rcvd: 78
如果我从外面做同样的事情怎么行不通
# dig @74.208.73.61 paisgdl.com
; <<>> DiG 9.3.3rc2 <<>> @74.208.73.61 paisgdl.com
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
我尝试使用 IPTABLES 打开端口,但它不起作用
# 服务 iptables 状态
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8443
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8447
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Netstat 报告:
# netstat -tanpl|grep named
tcp 0 0 74.208.73.61:53 0.0.0.0:* LISTEN 4026/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4026/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4026/named
tcp 0 0 :::53 :::* LISTEN 4026/named
页面 http://www.yougetsignal.com/tools/open-ports/ 说:
Closed Port 53 is closed on 74.208.73.61
有什么想法吗??哪里被屏蔽了,如何解除屏蔽?
您的部分 iptables 配置:
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
您的 named 规则出现在 之后 拒绝所有规则,因此从未评估过。将它们重新排序为:
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
13 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
我有一个 Centos 云服务器,我已经为服务器配置了命名服务但是我无法从外部访问它。你能帮助我吗?我做错了什么?
如果我从服务器执行它,它会完美运行:
# dig @74.208.73.61 paisgdl.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> @74.208.73.61 paisgdl.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49672
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; QUESTION SECTION:
;paisgdl.com. IN A
;; ANSWER SECTION:
paisgdl.com. 86400 IN A 74.208.73.61
;; AUTHORITY SECTION:
paisgdl.com. 86400 IN NS ns.paisgdl.com.
;; ADDITIONAL SECTION:
ns.paisgdl.com. 86400 IN A 74.208.73.61
;; Query time: 0 msec
;; SERVER: 74.208.73.61#53(74.208.73.61)
;; WHEN: Thu Mar 26 14:40:04 2015
;; MSG SIZE rcvd: 78
如果我从外面做同样的事情怎么行不通
# dig @74.208.73.61 paisgdl.com
; <<>> DiG 9.3.3rc2 <<>> @74.208.73.61 paisgdl.com
; (1 server found)
;; global options: printcmd
;; connection timed out; no servers could be reached
我尝试使用 IPTABLES 打开端口,但它不起作用 # 服务 iptables 状态
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:21
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8443
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:8447
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Netstat 报告:
# netstat -tanpl|grep named
tcp 0 0 74.208.73.61:53 0.0.0.0:* LISTEN 4026/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 4026/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 4026/named
tcp 0 0 :::53 :::* LISTEN 4026/named
页面 http://www.yougetsignal.com/tools/open-ports/ 说:
Closed Port 53 is closed on 74.208.73.61
有什么想法吗??哪里被屏蔽了,如何解除屏蔽?
您的部分 iptables 配置:
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
11 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
13 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
您的 named 规则出现在 之后 拒绝所有规则,因此从未评估过。将它们重新排序为:
10 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
12 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
13 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited