我在服务器上运行了一个 rails 应用程序,我在其中添加了一些 iptables 规则以提高安全性。现在 Omniauth 回调停止工作。每次我尝试使用任何提供商登录时,我都会在我的应用程序日志中收到此错误
Errno::ENETUNREACH (Network is unreachable - connect(2))
这个丢弃的包被记录到系统日志中
IN=eth0 OUT= MAC=40:40:ea:31:ac:8d:64:00:f1:cd:1f:7f:08:00 SRC=66.220.147.99 DST=my_ip LEN=56 TOS=0x00 PREC=0x00 TTL=88 ID=0 DF PROTO=TCP SPT=443 DPT=37035 WINDOW=14480 RES=0x00 ACK SYN URGP=0
有人可以告诉我系统日志中的那个条目是关于什么的,以及需要什么样的 iptables 规则来允许它。
如果需要,我还可以添加到目前为止我已应用的规则。
编辑:系统日志行不正确,所以我替换了它。
我从http://lists.debian.org/debian-user/2002/07/msg01187.html找到的原始问题的答案
IN = interface the packet came in
OUT = interface used for sending the packet
MAC = MAC address for source and destination
SRC = IP of the sender
DST = IP of the receiver
LEN = Length of the packet
TOS = ?
PREC = Precedence
TTL = Time to live (hop count of the package)
ID = Packet ID number
DF = Don't fragment bit
PROTO = The protocol
SPT = Sender port
DPT = Receiving port
WINDOW = ?
RES = Received bits
And then some TCP flags in the end of the row. Didn't yet dig the meaning of those.
ACK = ?
SYN = ?
URGP = ?