ubuntu防火墙如何测试连接_运维文库_资讯中心

发布时间:2026-04-27 19:39:21

阅读量:0

Testing Connections with Ubuntu Firewall (UFW)
When managing Ubuntu firewalls (typically UFW—Uncomplicated Firewall), testing connections ensures your rules work as intended. Below are key methods to validate connectivity, organized by tool and use case.

1. Check Firewall Status First

Before testing, confirm UFW is active and view its rules to understand which ports/IPs are allowed/denied:

sudo ufw status

Active/Inactive: Status: active means UFW is enforcing rules; inactive means it’s not blocking traffic.
Rules List: Shows allowed/denied ports (e.g., 22/tcp ALLOW Anywhere). If a port isn’t listed, it’s denied by default.

2. Test TCP Port Connectivity

Using `telnet` (Simple TCP Check)

Telnet tests basic TCP connectivity. Install it if missing (sudo apt install telnet), then run:

telnet

Success: You’ll see Connected to (e.g., Connected to www.example.com).
Failure: You’ll get Unable to connect to remote host: Connection refused (firewall/port closed) or Connection timed out (network issues).

Using `nc` (Netcat, More Flexible)

Netcat (nc) checks both TCP/UDP connectivity. Install it (sudo apt install netcat-openbsd), then:

nc -zv

Flags: -z scans without sending data, -v enables verbose output.
Success: Connection to port [tcp/udp] succeeded.
Failure: Connection refused (firewall/port closed) or Timeout (network issues).

3. Test UDP Port Connectivity

UDP is connectionless, so tools like nc are ideal. Use:

nc -zuv

Flag: -u specifies UDP.
Note: Some services (e.g., DNS) use UDP; test these if your app relies on them.

4. Test HTTP/HTTPS Connectivity

For web services, use curl to check if the firewall allows HTTP/HTTPS traffic:

curl -I http://  # HTTP
curl -I https:// # HTTPS

Success: Returns HTTP headers (e.g., HTTP/1.1 200 OK).
Failure: Connection refused (firewall blocking) or Timeout (server issue).

5. Advanced Testing with `nmap`

nmap scans ports to detect open/closed/filtered states (filtered = blocked by firewall). Install it (sudo apt install nmap), then:

nmap -p

Example: nmap -p 22 localhost checks if port 22 is open locally.
Output:
- open: Port is accessible.
- closed: Port is not listening (service not running).
- filtered: Port is blocked by a firewall.

Key Troubleshooting Tips

Service Not Running: If a port is closed but UFW allows it, ensure the service (e.g., Apache for port 80) is active (sudo systemctl status apache2).
SSH Issues: If you’re locked out after enabling UFW, allow SSH again: sudo ufw allow ssh (or sudo ufw allow 22/tcp).
External Testing: Test from another machine (e.g., your laptop) to rule out local network issues.

By combining these tools, you can systematically verify if your Ubuntu firewall is correctly configured and not blocking legitimate traffic.

以上就是关于“ubuntu防火墙如何测试连接”的相关介绍，筋斗云是国内较早的云主机应用的服务商，拥有10余年行业经验，提供丰富的云服务器、租用服务器等相关产品服务。云服务器资源弹性伸缩，主机vCPU、内存性能强悍、超高I/O速度、故障秒级恢复；电子化备案，提交快速，专业团队7×24小时服务支持！

简单好用、高性价比云服务器租用链接：https://www.jindouyun.cn/product/cvm