Postgresql
即使 UFW 允許,也無法在本地連接到埠 5432
我正在嘗試設置我的伺服器,以便只能從 localhost 訪問埠 5432(Postgres)。所以我拒絕了一切,並添加了埠 5432,但是我無法連接到它。
這是我的 UFW 配置:
$ sudo ufw status verbose Status: active Logging: on (low) Default: deny (incoming), deny (outgoing), deny (routed) New profiles: skip To Action From -- ------ ---- 22 ALLOW IN Anywhere 80 ALLOW IN Anywhere 443 ALLOW IN Anywhere 127.0.0.1 5432 ALLOW IN 127.0.0.1 22 (v6) ALLOW IN Anywhere (v6) 80 (v6) ALLOW IN Anywhere (v6) 443 (v6) ALLOW IN Anywhere (v6) 80 ALLOW OUT Anywhere 22 ALLOW OUT Anywhere 443 ALLOW OUT Anywhere 53 ALLOW OUT Anywhere 33434:33524/udp ALLOW OUT Anywhere 127.0.0.1 5432 ALLOW OUT 127.0.0.1 80 (v6) ALLOW OUT Anywhere (v6) 22 (v6) ALLOW OUT Anywhere (v6) 443 (v6) ALLOW OUT Anywhere (v6) 53 (v6) ALLOW OUT Anywhere (v6) 33434:33524/udp (v6) ALLOW OUT Anywhere (v6)
和 netstat:
$ netstat -an | grep "LISTEN " tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:6379 0.0.0.0:* LISTEN tcp6 0 0 :::55056 :::* LISTEN tcp6 0 0 :::80 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::5432 :::* LISTEN tcp6 0 0 :::443 :::* LISTEN
只是為了確認確實是 ufw 阻止了連接,因為如果我禁用它,它就可以正常工作。知道我缺少什麼嗎?
從您的 netstat 中,我們可以看到只提到了 5432 埠(即 tcp6 線路正在偵聽
:::5432
。這表明您的程序僅在偵聽IPv6
。您的防火牆只允許IPv4
。有兩種選擇,一種是您允許 IPv6 地址::1
(IPv6
相當於 localhost)連接到防火牆中的該服務,另一個是讓您的程序監聽IPv4
. 最好的可能是兩者都做。