Tag Archives: iptables

iptables屏蔽php-fpm的端口

有个VPS用户安装了lnmp后又安装了VPN安装包,结果造成php无法解析,当把iptables暂停的时候php解析正常,所以猜想是iptables屏蔽了php-fpm的端口的原因,查看/etc/sysconfig/iptables:

# Generated by iptables-save v1.3.5 on Mon May 21 23:54:04 2012
*nat
:PREROUTING ACCEPT [135:17888]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [19:1172]
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Mon May 21 23:54:04 2012
# Generated by iptables-save v1.3.5 on Mon May 21 23:54:04 2012
*filter
:INPUT ACCEPT [358:40386]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [179:40626]
COMMIT
# Completed on Mon May 21 23:54:04 2012

在filter中有限制端口,把整个filter内容全部删除后重启iptables正常。

不过很奇怪,在VPN安装包中,只有下面的几行iptables设置:

iptables -F
service iptables save
iptables --table nat --append POSTROUTING --jump MASQUERADE
service iptables save

目的只是加入了nat的转发,但是iptables竟然添加了默认的filter?