19,619
社区成员
发帖
与我相关
我的任务
分享ssh连接时报错 ssh: connect to host 192.168.9.92 port 22: No route to host
ssh: connect to host 192.168.9.92 port 22: No route to host
但是关上iptables就OK了。防火墙端口已开,
iptables -L -n
ACCEPT tcp -- 192.168.9.92 0.0.0.0/0 state NEW tcp dpt:22
网络,路由查看都没什么问题。感觉还是防火墙哪块没有配,有知道的吗??
但是关上iptables就OK了。防火墙端口已开,
iptables -L -n
ACCEPT tcp -- 192.168.9.92 0.0.0.0/0 state NEW tcp dpt:22
网络,路由查看都没什么问题。感觉还是防火墙哪块没有配,有知道的吗??
...全文
请发表友善的回复…
发表回复
风中有朵很贱的云 2010-09-14
- 打赏
- 举报
问题解决。确实是防火墙规则的匹配顺序的问题。改好就可以了!!!
kkkwdb 2010-07-30
- 打赏
- 举报
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ricardo-lm
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ssh
这里的问题,iptables当找到匹配的规则时,就会执行相应的动作,而不会向下继续匹配。
因为ssh端口开放的规则在all规则之后,所以永远都不会匹配到,也就是ssh永远被禁止。
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ricardo-lm
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ssh
这里的问题,iptables当找到匹配的规则时,就会执行相应的动作,而不会向下继续匹配。
因为ssh端口开放的规则在all规则之后,所以永远都不会匹配到,也就是ssh永远被禁止。
iptables -I INPUT -p tcp --dport 22 -j ACCEPT
steptodream 2010-07-29
- 打赏
- 举报
ssh: connect to host 192.168.9.92 port 22: No route to host
---------------
看这错误 你ping 192.168.9.92一下
---------------
看这错误 你ping 192.168.9.92一下
steptodream 2010-07-29
- 打赏
- 举报
加一句-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
呢?
我的就好用啊
呢?
我的就好用啊
风中有朵很贱的云 2010-07-29
- 打赏
- 举报
还是不行!!
ssh: connect to host 192.168.9.92 port 22: No route to host
ACCEPT tcp -- 192.168.9.92 anywhere tcp dpt:ssh
ssh: connect to host 192.168.9.92 port 22: No route to host
ACCEPT tcp -- 192.168.9.92 anywhere tcp dpt:ssh
steptodream 2010-07-29
- 打赏
- 举报
那你那个state的设置 去掉
pengsixiang 2010-07-29
- 打赏
- 举报
重新写你的防火墙规则
iptables -I INPUT -p tcp -d 192.168.9.92 -dport 22 -j ACCEPT
iptables -I INPUT -p tcp -d 192.168.9.92 -dport 22 -j ACCEPT
风中有朵很贱的云 2010-07-29
- 打赏
- 举报
没通过。这是iptables的全部信息。部分ip做过修改。
该加的都加上了。就是连不上。
[root@rongzidbp ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- rongzidbp anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- .24.201 anywhere state NEW
ACCEPT tcp -- .24.214 anywhere state NEW
ACCEPT tcp -- .24.215 anywhere state NEW
ACCEPT tcp -- .24.198 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.199 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.205 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.206 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.208 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.210 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.212 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.216 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.218 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.220 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.221 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.202 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .134.188 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .42.227 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .42.16 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .42.251 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .221.99 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .35.131 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .140.159 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .42.228 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .140.159 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.203 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.223 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.216 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.203 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.253 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.254 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.213 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.213 anywhere state NEW tcp dpt:ricardo-lm
ACCEPT tcp -- .42.228 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.194 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.200 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.251 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .220.136 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.213 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.213 anywhere state NEW tcp dpt:ricardo-lm
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ricardo-lm
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ssh
该加的都加上了。就是连不上。
[root@rongzidbp ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- localhost.localdomain anywhere
ACCEPT all -- rongzidbp anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- .24.201 anywhere state NEW
ACCEPT tcp -- .24.214 anywhere state NEW
ACCEPT tcp -- .24.215 anywhere state NEW
ACCEPT tcp -- .24.198 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.199 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.205 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.206 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.208 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.210 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.212 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.216 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.218 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.220 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.221 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.202 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .134.188 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .42.227 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .42.16 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .42.251 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .221.99 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .35.131 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .140.159 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .42.228 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .140.159 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.203 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.223 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.216 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.203 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.253 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.254 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.213 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.213 anywhere state NEW tcp dpt:ricardo-lm
ACCEPT tcp -- .42.228 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.194 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .24.200 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.251 anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- .220.136 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.213 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- .24.213 anywhere state NEW tcp dpt:ricardo-lm
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ncube-lm
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ricardo-lm
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp -- 192.168.9.94 anywhere state NEW tcp dpt:ssh
steptodream 2010-07-29
- 打赏
- 举报
看了你的list 我推荐你最好添加
来自自己本机的ip全都允许 类似
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -s local-ip -j ACCEPT
来自自己本机的ip全都允许 类似
-A INPUT -s 127.0.0.1 -j ACCEPT
-A INPUT -s local-ip -j ACCEPT
风中有朵很贱的云 2010-07-29
- 打赏
- 举报
网络环境没任何问题。肯定是防火墙的配置哪块没注意。
[root@rongzidbp ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
[root@rongzidbp ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
