Question

我刚刚为PuPHPet config.yaml 添加了两个新端口，如下所示：

vflnp_fajlkhsdkfl:
    host: '9876'
    guest: '9876'
vflnp_akjfhsdasffa:
    host: '3011'
    guest: '3011'

打开机器时它们会出现

Bringing machine 'local' up with 'virtualbox' provider...
==> local: Checking if box 'puphpet/centos65-x64' is up to date...
==> local: Clearing any previously set network interfaces...
==> local: Preparing network interfaces based on configuration...
    local: Adapter 1: nat
    local: Adapter 2: hostonly
==> local: You are trying to forward to privileged ports (ports <= 1024). Most
==> local: operating systems restrict this to only privileged process (typically
==> local: processes running as an administrative user). This is a warning in ca                                                                                                                                                                                               se
==> local: the port forwarding doesn't work. If any problems occur, please try a
==> local: port higher than 1024.
==> local: Forwarding ports...
    local: 3306 (guest) => 3306 (host) (adapter 1)
    local: 80 (guest) => 80 (host) (adapter 1)
    local: 8000 (guest) => 8000 (host) (adapter 1)
    local: 9876 (guest) => 9876 (host) (adapter 1)
    local: 3011 (guest) => 3011 (host) (adapter 1)
    local: 22 (guest) => 2222 (host) (adapter 1)
==> local: Running 'pre-boot' VM customizations...
==> local: Booting VM...
==> local: Waiting for machine to boot. This may take a few minutes...
    local: SSH address: 127.0.0.1:2222
    local: SSH username: vagrant
    local: SSH auth method: private key

他们也被Virtual Box列出

但是当尝试在这些新端口中建立连接时，它们只会被iptables丢弃。我知道这一点，因为运行 iptables -F 会立即解决问题直到下次重启。

# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           /* 000 accept all icmp */
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           /* 001 accept all to lo interface */
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           /* 002 accept related established rules */ state RELATED,ESTABLISHED
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 22 /* 100 tcp/22 */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 3306 /* 100 tcp/3306 */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 443 /* 100 tcp/443 */
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           multiport ports 80 /* 100 tcp/80 */
DROP       all  --  0.0.0.0/0            0.0.0.0/0           /* 999 drop all */

为什么不在 iptables 上创建 8000 ， 9876 ， 3011 的规则？< / p>

索引：业力;卡玛 - JS;港口9876;远程访问;业力开始;

Answer 1

显然，这是一个bug that was fixed。

PuPHPet转发无法正常工作，被iptables阻止

1 个答案: