なんでSoftEther経由だと,SSHは接続できてWEB_UIは接続できないのだろう?と結構悩みました.
まず,nginxのログに何もでてこない.この時点でルーティングかフィルタだよなと.でも,ルーティングならSSHやpingが接続できるはずがないので,たぶんフィルタ,という感じ.
下記は,defualt の iptables.
これをみても,880と4430がwlan0しか許可されていないのがわかる.
root@obsiot:/etc# iptables -L -v
Chain INPUT (policy DROP 182 packets, 13329 bytes)
pkts bytes target prot opt in out source destination
52 3793 ACCEPT all -- lo any anywhere anywhere
9 756 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
14 1360 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
7 1407 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp redirect
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
1412 189K ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
2256 488K ACCEPT udp -- any any anywhere anywhere state ESTABLISHED
3 192 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:880
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:4430
0 0 ACCEPT udp -- wlan0 any anywhere anywhere udp spt:domain
6 378 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:domain
0 0 ACCEPT udp -- wlan0 any anywhere anywhere udp spt:ntp dpt:ntp
1 328 ACCEPT udp -- wlan0 any anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
1 64 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
下記を追加.
ip a のコマンドで確認して,vpn_vpn と書きます.
/sbin/iptables -A INPUT -i vpn_vpn -p tcp --dport 880 -j ACCEPT
設定して,ちゃんと接続できるようになった.
root@obsiot:/etc# iptables -L -v
Chain INPUT (policy DROP 69 packets, 4759 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 ACCEPT icmp -- any any anywhere anywhere icmp echo-request
2 58 ACCEPT icmp -- any any anywhere anywhere icmp echo-reply
0 0 ACCEPT icmp -- any any anywhere anywhere icmp destination-unreachable
0 0 ACCEPT icmp -- any any anywhere anywhere icmp source-quench
0 0 ACCEPT icmp -- any any anywhere anywhere icmp redirect
0 0 ACCEPT icmp -- any any anywhere anywhere icmp time-exceeded
0 0 ACCEPT icmp -- any any anywhere anywhere icmp parameter-problem
825 96611 ACCEPT tcp -- any any anywhere anywhere state RELATED,ESTABLISHED
1533 350K ACCEPT udp -- any any anywhere anywhere state ESTABLISHED
5 320 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:880
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:4430
0 0 ACCEPT udp -- wlan0 any anywhere anywhere udp spt:domain
0 0 ACCEPT udp -- wlan0 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- wlan0 any anywhere anywhere tcp dpt:domain
0 0 ACCEPT udp -- wlan0 any anywhere anywhere udp spt:ntp dpt:ntp
0 0 ACCEPT udp -- wlan0 any anywhere anywhere udp spts:bootps:bootpc dpts:bootps:bootpc
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
17 944 ACCEPT tcp -- vpn_vpn any anywhere anywhere tcp dpt:880
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1873 packets, 1774K bytes)
pkts bytes target prot opt in out source destination
