Networking
ufw 不允許連接到埠 5432
我已經從 PGDG ppa 在 Ubuntu Trusty 上安裝了 Postgresql 9.4。我創建了一個數據庫並將其設置
listen-addresses為“*”。我在 pg_hba.conf 文件中做了一個條目。我可以毫無問題地在本地連接。這是我的 pg_hba.conf 中的條目:
host all tarka 192.168.0.0/24 md5問題是該埠似乎被 UFW 阻止了。我嘗試了幾種 ufw 命令的變體來允許 postgres,例如
sudo ufw allow postgresql/tcp
sudo ufw allow 5432/tcp而最近
sudo ufw allow from 192.168.0.0/24 to any port 5432我每次都重新啟動ufw。
這是目前的狀態:
sudo ufw status verbose Status: active Logging: on (low) Default: allow (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 5432 ALLOW IN 192.168.0.0/24 22 (v6) ALLOW IN Anywhere (v6)中的條目
iptables似乎有效:Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- 192.168.0.0/24 anywhere tcp dpt:postgresql ACCEPT udp -- 192.168.0.0/24 anywhere udp dpt:postgresql儘管如此,當我嘗試從遠端機器連接時,ufw 會記錄:
Sep 2 13:55:28 estuary kernel: [242754.395342] [UFW BLOCK] IN=eth0 OUT= MAC=94:de:80:27:4a:7e:b4:75:0e:97:21:29:08:00 SRC=192.168.0.13 DST=192.168.0.12 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=43525 DF PROTO=TCP SPT=36382 DPT=21 WINDOW=29200 RES=0x00 SYN URGP=0事實上,我什至無法通過禁用 ufw 來連接。在所有情況下
nmap報告埠 5432 已關閉:nmap estuary -p5432 Starting Nmap 6.40 ( http://nmap.org ) at 2015-09-02 16:43 PDT Nmap scan report for estuary (192.168.0.12) Host is up (0.0059s latency). PORT STATE SERVICE 5432/tcp closed postgresql此外,我
nginx作為 Web 伺服器執行,並且可以從另一台機器完全訪問它。我怎樣才能讓 ufw (或任何實際在做的事情)停止阻塞埠 5432?
按要求編輯:
Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 estuary:domain *:* LISTEN tcp 0 0 *:51413 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:ipp *:* LISTEN tcp 0 0 localhost:postgresql *:* LISTEN tcp 0 0 *:smtp *:* LISTEN tcp 0 0 localhost:6010 *:* LISTEN tcp 0 0 *:49152 *:* LISTEN tcp 0 0 *:9091 *:* LISTEN tcp 0 0 *:5900 *:* LISTEN tcp 0 0 *:http *:* LISTEN tcp 0 0 *:http-alt *:* LISTEN tcp 0 0 192.168.0.12:ssh cutter:46943 ESTABLISHED tcp 1 0 192.168.0.12:46461 104.28.7.98:http CLOSE_WAIT tcp 1 0 192.168.0.12:59407 89.234.156.205:http CLOSE_WAIT tcp 0 0 localhost:38145 localhost:6010 ESTABLISHED tcp 1 1 192.168.0.12:59404 89.234.156.205:http LAST_ACK tcp 0 0 localhost:6010 localhost:38144 ESTABLISHED tcp 0 0 localhost:6010 localhost:38145 ESTABLISHED tcp 1 0 192.168.0.12:45068 89.218.2.238.stati:http CLOSE_WAIT tcp 0 0 192.168.0.12:9091 cutter:46825 ESTABLISHED tcp 0 0 localhost:38144 localhost:6010 ESTABLISHED tcp6 0 0 [::]:51413 [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 ip6-localhost:ipp [::]:* LISTEN tcp6 0 0 [::]:smtp [::]:* LISTEN tcp6 0 0 ip6-localhost:6010 [::]:* LISTEN tcp6 0 0 [::]:5900 [::]:* LISTEN tcp6 0 0 [::]:http [::]:* LISTEN我的客戶端(切割機)通過無線連接。
剛剛在您的問題中註意到您的“listen-addresses”帶有連字元 - 文件有一個下劃線(“listen_addresses”)