港口53关闭,无法打开

时间:2015-03-26 20:51:12

标签: centos bind iptables named

我有一个Centos云服务器,我已经为服务器配置了命名服务但我无法从外部访问它。你能帮助我吗?我做错了什么?

如果我从服务器执行它,那就完美了:

# dig @74.208.73.61 paisgdl.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.30.rc1.el6_6.2 <<>> @74.208.73.61 paisgdl.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49672
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;paisgdl.com.                   IN      A

;; ANSWER SECTION:
paisgdl.com.            86400   IN      A       74.208.73.61

;; AUTHORITY SECTION:
paisgdl.com.            86400   IN      NS      ns.paisgdl.com.

;; ADDITIONAL SECTION:
ns.paisgdl.com.         86400   IN      A       74.208.73.61

;; Query time: 0 msec
;; SERVER: 74.208.73.61#53(74.208.73.61)
;; WHEN: Thu Mar 26 14:40:04 2015
;; MSG SIZE  rcvd: 78

如果我从外面做同样的事情就行不通

# dig @74.208.73.61 paisgdl.com

; <<>> DiG 9.3.3rc2 <<>> @74.208.73.61 paisgdl.com
; (1 server found)
;; global options:  printcmd
;; connection timed out; no servers could be reached

我尝试使用IPTABLES打开端口,但它不起作用     #service iptables status 

Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:21
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
8    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8443
9    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8447
10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
11   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53
13   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Netstat报道:

# netstat -tanpl|grep named
tcp        0      0 74.208.73.61:53             0.0.0.0:*                   LISTEN      4026/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      4026/named
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      4026/named
tcp        0      0 :::53                       :::*                        LISTEN      4026/named

页面http://www.yougetsignal.com/tools/open-ports/说:

Closed Port 53 is closed on 74.208.73.61

任何想法?被阻止的地方以及如何取消阻止它?

1 个答案:

答案 0 :(得分:1)

你的iptables配置的一部分:

10   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
11   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53
13   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53

您的named规则在拒绝所有规则之后来到,因此从未进行过评估。将它们重新排序为:

10   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:53
12   ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           state NEW udp dpt:53
13   REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited
相关问题
最新问题