Google防火墙规则:
custom-allow-25 default 0.0.0.0/0 tcp:25 test
custom-allow-4447 default 0.0.0.0/0 tcp:4447 test
custom-allow-8080 default 0.0.0.0/0 tcp:8080 test
custom-allow-9443 default 0.0.0.0/0 tcp:9443 test
custom-allow-9999 default 0.0.0.0/0 tcp:9999 test
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
Iptables的:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4447 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9999 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
PREROUTING TEST:
DNAT tcp -- eth0 any anywhere anywhere tcp dpt:http to::8080
NETSTAT:
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1583/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 689/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 824/master
tcp 0 0 127.0.0.1:4447 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:9443 0.0.0.0:* LISTEN 1583/java
tcp6 0 0 :::22 :::* LISTEN 689/sshd
tcp6 0 0 ::1:25 :::* LISTEN 824/master
tcp6 0 0 :::3306 :::* LISTEN 710/mysqld
当我卷曲localhost时:8080一切正常,但当我做的时候
curl externalIP:8080
^C - hangs
curl externalIP:80
curl: (7) Failed to connect to XXXXXX port 80: No route to host
我可以毫无问题地SSH到外部IP,GCE中的防火墙规则设置为" ANY"。
知道我可能做错了吗?
编辑:
我也在jboss中启用了任何地址,所以它会监听0.0.0.0 - 无济于事。
答案 0 :(得分:0)
显然,当您在Google防火墙中创建新规则时,它们不会马上工作。今天我尝试过,没有改变任何东西,它就像魅力一样。