EC2 VPC实例-端口已过滤 [英] EC2 VPC Instance - Ports are filtered

问题描述

我为服务器配置了默认的安全组，该组具有以下入站规则:

I've configured my server with a default security group, which has the following Inbound rules:

| Type | Protocol | Port Range | Source |
| All TCP | TCP | 0-65535 | 0.0.0.0/0 |
| All UDP | UDP | 0-65535 | 0.0.0.0/0|

使用这些规则，netstat将显示以下输出:

With these rules, netstat shows the following output:

netstat -atn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:5432            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:1113            0.0.0.0:*               LISTEN     
tcp        0      0 10.0.1.31:2113          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2113          0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:11300           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:11211           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:6379            0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN     
tcp6       0      0 :::22                   :::*                    LISTEN     
tcp6       0      0 :::5432                 :::*                    LISTEN     
tcp6       0      0 :::3306                 :::*                    LISTEN     
tcp6       0      0 :::6379                 :::*                    LISTEN  

因此，从理论上讲，我应该能够从任何IP地址使用TCP连接到端口1113.但这不起作用，IP地址显示为已过滤，如以下输出所示:

So, in theory, I should be able to connect to port 1113 with TCP from any IP Address. But this is not working, the IP address is showing as filtered, as you can see in the following output:

唯一看起来正常(打开且未过滤)的端口是22& 80.这是在使用nmap测试它们时得到的输出:

The only ports that seem to be OK (open and not filtered) are 22 & 80. Here's the output I get when testing them with nmap:

PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
1113/tcp filtered ltp-deepspace
2113/tcp filtered unknown
3306/tcp filtered mysql
6379/tcp filtered unknown

我什至尝试为IP和端口1113添加一个自定义入站规则，但结果是相同的.

I even tried adding a custom inbound rule just for my IP and Port 1113, but the result is the same.

我怀疑在我的实例中某些防火墙阻止了这些PORT上的通信，但是我不确定如何检查.

I suspect that some firewall is blocking traffic on those PORTS in my instance, but I'm not sure how to check that.

要注意的一件事是，该实例在Amazon VPC中.但是，此实例的网络ACL具有以下入站规则，该规则应允许来自所有端口的收入通信:

One thing to notice, is that this instance is in a Amazon VPC. However, the network ACL for this instance has the following inbound rule, that should allow income communications from all ports:

|Rule # | Type | Protocol | Port Range | Source | Allow / Deny |
| 100 | ALL Traffic | ALL | ALL | 0.0.0.0/0 |ALLOW |

关于这里可能有什么问题的任何想法?

Any ideas on what could be the issue here?

非常感谢您的帮助！

推荐答案

我知道这是旧帖子，但我认为这也可能对其他人有所帮助.我在运行RHEL 7.6时遇到了此问题.我必须重新启用防火墙，并在防火墙规则中添加端口.然后它像魅力一样工作.

I know this is old post but I think it might help someone else too . I was running RHEL 7.6 got this issue . I had to re enable the firewall and added the ports in the firewall rule . Then it worked like charm .

这篇关于EC2 VPC实例-端口已过滤的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！