我已经开始在 Red Hat 8 系统上测试防火墙。我唯一的问题是如何调试几乎没有任何意义的神秘数据。我如何追溯拒绝请求的原因并找到问题的根源?
我创建了以下内容将这些内容写入不同的日志位置以进行跟踪创建了一个名为 /etc/rsyslog.d/firewall-drop.conf 的新文件,并将以下内容添加到文件中
:msg,contains,"_DROP" /var/log/firewalld-drop.log
:msg,contains,"_REJECT" /var/log/firewalld-drop.log
& stop
重新启动服务以使之生效。我在此日志文件中收到如下信息:
Sep 13 10:03:07 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:11:11:b0:3a:6e:08:00 SRC=10.2.3.87 DST=10.2.255.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=60776 PROTO=UDP SPT=138 DPT=138 LEN=209
Sep 13 10:03:22 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:70:b5:e8:4b:04:dc:08:00 SRC=10.2.3.203 DST=10.2.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=63130 PROTO=UDP SPT=57621 DPT=57621 LEN=52
Sep 13 10:03:25 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:2b:e9:1c:d4:be:08:00 SRC=10.2.3.68 DST=10.2.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48193 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 13 10:03:26 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:2b:e9:1c:d4:be:08:00 SRC=10.2.3.68 DST=10.2.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48194 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 13 10:03:26 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:2b:e9:1c:d4:be:08:00 SRC=10.2.3.68 DST=10.2.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48195 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 13 10:03:38 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:2b:e9:1c:d4:be:08:00 SRC=10.2.3.68 DST=10.2.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48196 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 13 10:03:38 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:2b:e9:1c:d4:be:08:00 SRC=10.2.3.68 DST=10.2.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48197 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 13 10:03:39 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:e0:2b:e9:1c:d4:be:08:00 SRC=10.2.3.68 DST=10.2.255.255 LEN=78 TOS=0x00 PREC=0x00 TTL=128 ID=48198 PROTO=UDP SPT=137 DPT=137 LEN=58
Sep 13 10:03:48 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=01:00:5e:00:00:01:e0:55:3d:11:04:f0:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=55985 PROTO=2
Sep 13 10:03:52 localhost kernel: FINAL_REJECT: IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:70:b5:e8:4b:04:dc:08:00 SRC=10.2.3.203 DST=10.2.255.255 LEN=72 TOS=0x00 PREC=0x00 TTL=128 ID=63131 PROTO=UDP SPT=57621 DPT=57621 LEN=52
实际情况是,这些数据对我来说毫无意义,而且肯定不直观。我们该如何找出防火墙拒绝的根本原因?经过几次搜索,我没有找到任何可以正确解读这些胡言乱语的方法。这是我第一次玩防火墙,所以我可能只是错过了一些非常基本的东西???