Networking 无法通过外部IP(Jboss)连接到谷歌云
谷歌防火墙规则:Networking 无法通过外部IP(Jboss)连接到谷歌云,networking,jboss,port,firewall,google-compute-engine,Networking,Jboss,Port,Firewall,Google Compute Engine,谷歌防火墙规则: custom-allow-25 default 0.0.0.0/0 tcp:25 test custom-allow-4447 default 0.0.0.0/0 tcp:4447 test custom-allow-8080 default 0.0.0.0/0 tcp:8080
custom-allow-25 default 0.0.0.0/0 tcp:25 test
custom-allow-4447 default 0.0.0.0/0 tcp:4447 test
custom-allow-8080 default 0.0.0.0/0 tcp:8080 test
custom-allow-9443 default 0.0.0.0/0 tcp:9443 test
custom-allow-9999 default 0.0.0.0/0 tcp:9999 test
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4447 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9999 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
DNAT tcp -- eth0 any anywhere anywhere tcp dpt:http to::8080
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1583/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 689/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 824/master
tcp 0 0 127.0.0.1:4447 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:9443 0.0.0.0:* LISTEN 1583/java
tcp6 0 0 :::22 :::* LISTEN 689/sshd
tcp6 0 0 ::1:25 :::* LISTEN 824/master
tcp6 0 0 :::3306 :::* LISTEN 710/mysqld
Iptables:
custom-allow-25 default 0.0.0.0/0 tcp:25 test
custom-allow-4447 default 0.0.0.0/0 tcp:4447 test
custom-allow-8080 default 0.0.0.0/0 tcp:8080 test
custom-allow-9443 default 0.0.0.0/0 tcp:9443 test
custom-allow-9999 default 0.0.0.0/0 tcp:9999 test
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4447 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9999 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
DNAT tcp -- eth0 any anywhere anywhere tcp dpt:http to::8080
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1583/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 689/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 824/master
tcp 0 0 127.0.0.1:4447 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:9443 0.0.0.0:* LISTEN 1583/java
tcp6 0 0 :::22 :::* LISTEN 689/sshd
tcp6 0 0 ::1:25 :::* LISTEN 824/master
tcp6 0 0 :::3306 :::* LISTEN 710/mysqld
预路由测试:
custom-allow-25 default 0.0.0.0/0 tcp:25 test
custom-allow-4447 default 0.0.0.0/0 tcp:4447 test
custom-allow-8080 default 0.0.0.0/0 tcp:8080 test
custom-allow-9443 default 0.0.0.0/0 tcp:9443 test
custom-allow-9999 default 0.0.0.0/0 tcp:9999 test
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4447 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9999 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
DNAT tcp -- eth0 any anywhere anywhere tcp dpt:http to::8080
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1583/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 689/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 824/master
tcp 0 0 127.0.0.1:4447 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:9443 0.0.0.0:* LISTEN 1583/java
tcp6 0 0 :::22 :::* LISTEN 689/sshd
tcp6 0 0 ::1:25 :::* LISTEN 824/master
tcp6 0 0 :::3306 :::* LISTEN 710/mysqld
NETSTAT:
custom-allow-25 default 0.0.0.0/0 tcp:25 test
custom-allow-4447 default 0.0.0.0/0 tcp:4447 test
custom-allow-8080 default 0.0.0.0/0 tcp:8080 test
custom-allow-9443 default 0.0.0.0/0 tcp:9443 test
custom-allow-9999 default 0.0.0.0/0 tcp:9999 test
default-allow-http default 0.0.0.0/0 tcp:80 http-server
default-allow-https default 0.0.0.0/0 tcp:443 https-server
default-allow-icmp default 0.0.0.0/0 icmp
default-allow-internal default 10.128.0.0/9 tcp:0-65535,udp:0-65535,icmp
default-allow-rdp default 0.0.0.0/0 tcp:3389
default-allow-ssh default 0.0.0.0/0 tcp:22
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4447 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9999 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
DNAT tcp -- eth0 any anywhere anywhere tcp dpt:http to::8080
tcp 0 0 127.0.0.1:9999 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN 1583/java
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 689/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 824/master
tcp 0 0 127.0.0.1:4447 0.0.0.0:* LISTEN 1583/java
tcp 0 0 127.0.0.1:9443 0.0.0.0:* LISTEN 1583/java
tcp6 0 0 :::22 :::* LISTEN 689/sshd
tcp6 0 0 ::1:25 :::* LISTEN 824/master
tcp6 0 0 :::3306 :::* LISTEN 710/mysqld
当我使用curl localhost:8080时,一切都正常,但当我使用curl localhost:8080时
curl externalIP:8080
^C - hangs
curl externalIP:80
curl: (7) Failed to connect to XXXXXX port 80: No route to host
我可以毫无问题地通过SSH连接到外部IP,GCE中的防火墙规则设置为“任意”
知道我做错了什么吗
编辑:
我还启用了jboss中的任何地址,因此它在0.0.0.0上侦听,但毫无用处。显然,当你在谷歌防火墙中创建新规则时,它们不会立即起作用。今天我尝试了它,没有改变任何东西,它工作起来很有魅力。也许它没有在正确的界面上收听?只是本地主机。。。我正在接收连接,以防在tcpdump中看到它们