bareosdir == 192.168.57.1
30 sshLandingBay == 192.168.57.1 95 bigPi == 192.168.57.1
96
在我的路由器上我跑了:
tcpdump -i eth0 -w - 'port 9102 or port 9103'
当我进行例如从 bareosdir 到 bigPi 的备份时,我得到:
12:07:57.624013 IP bigPi.jalfrezisimmersauce.com.9102 > bareosdir.jalfrezisimmersauce.com.39320: Flags [P.], seq 282:318, ack 1002, win 501, length 36
12:07:57.624166 IP bareosdir.jalfrezisimmersauce.com.39320 > bigPi.jalfrezisimmersauce.com.9102: Flags [P.], seq 1002:1053, ack 318, win 502, length 51
12:07:57.624313 IP bigPi.jalfrezisimmersauce.com.9102 > bareosdir.jalfrezisimmersauce.com.39320: Flags [.], ack 1053, win 501, length 0
12:07:57.624654 IP bigPi.jalfrezisimmersauce.com.55268 > bareosdir.jalfrezisimmersauce.com.9103: Flags [S], seq 3028865621, win 64240, options [mss 1460,sackOK,TS val 3811050966 ecr 0,nop,wscale 7], length 0
当我尝试做一个 on sshLandingBay 时,我得到:
2:01:01.689401 IP bareosdir.jalfrezisimmersauce.com.39410 > sshLandingBay.jalfrezisimmersauce.com.9102: Flags [S], seq 3364306509, win 64240, options [mss 1460,nop,nop,sackOK,nop,wscale 7], length 0
在 sshLandingBay 本身上,我收到以下消息,说明防火墙已阻止请求,因此它正在通过路由器,但不是 sshLandingBay 上的防火墙:
[1470801.998206] [UFW BLOCK] IN=eth0 OUT= MAC=b8:27:eb:58:25:25:00:24:a5:d7:34:9b:08:00:45:00:00:34:79:75:40:00 SRC=192.168.57.130 DST=192.168.57.195 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=3
1093 DF PROTO=TCP SPT=39410 DPT=9102 WINDOW=64240 RES=0x00 SYN URGP=0
pi@sshLandingBay:~ $ sudo ufw status
Status: active
然而我的ufw设置如下:
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
9102 ALLOW 192.168.57.130
为什么我的本地防火墙会阻止 BareOS 服务器的请求?
我
iptables -xvnL按照上面的建议运行,并意识到没有应用规则。所以我跑了:
然后它起作用了,我猜那
COMMIT是ufw.