更多相關連結: https://linktr.ee/wade3c
需要先將防火牆上的port給打開
有些port並不需要特別設定iptable中的route, ex: 3001, 9443
先去檢查有沒有被oracle image給block掉
增廣建文
sudo vim /etc/iptables/rules.v4
如果有被block會有這幾行
-A InstanceServices -d 169.254.0.2/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
-A InstanceServices -d 169.254.0.4/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT
要把它刪掉或是註解掉
如果註解掉後outbound還是有問題可以再註解掉
-A INPUT -j REJECT --reject-with icmp-host-prohibited
設定對應要route的port (inbound部分即可)
iptables -A INPUT -i ens3 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i ens3 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
把設定永久存下來的方式有兩種可以選
iptables-save > /etc/iptables/rules.v4
sudo netfilter-persistent save
這個指令會append全部生效的rules進檔案所以會造成大量重複,請小心使用
curl http://193.123.249.245
curl: (7) Failed to connect to 193.123.249.245 port 80: No route to host
如果用docker開的80 port照上面可以通過,但是改用本機裝的nginx就不行
但是在VM內用curl localhost/ private ip都會正常,直接把iptables關掉也還是會有一樣的問題
解法可以是用flush的方式把oracle cloud設的rules都給清掉
或是把剛剛input routing地方的source給修改一下 (可以當成一條新的rule)
-I INPUT -p tcp -s 0.0.0.0/0 --dport 80 -j ACCEPT
[OCI]Create Http Server Port On Oracle Cloud Instance
Opening port 80 on Oracle Cloud Infrastructure Compute node
When Oracle Cloud’s Ubuntu instance doesn’t accept connections to ports other than 22
Iptables to Oracle Cloud port 80 and 443 open
iThome鐵人賽
看影片追技術