問題14 Packet Filter 筆記

[yoidea]

Packet filtering問題 No.1

あなたはWebサービスを作っています。
このサーバーではnginxが0.0.0.0:80で通信待ち受けしています。このnginxを用いて
localhost:8080で動いているサービスにproxyするようにしたいのですが、何故か正常に動作しません。
原因を特定し、正常に動作するために必要な手順を説明してください。
なお、nginxは適切に設定がなされているものとします。 また、iptablesのポリシーを変更するのは禁止します。

root@ubuntu:/etc/nginx/sites-enabled# systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2018-07-29 11:48:05 JST; 18min ago
     Docs: man:nginx(8)
  Process: 1394 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 1393 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 1395 (nginx)
    Tasks: 3 (limit: 2327)
   CGroup: /system.slice/nginx.service
           ├─1395 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─1396 nginx: worker process
           └─1397 nginx: worker process

root@ubuntu:/etc/nginx/sites-enabled# ps ax | grep 8080
 2750 pts/0    S      0:00 python3 -m http.server 8080
 2762 pts/0    S+     0:00 grep --color=auto 8080

root@ubuntu:/etc/nginx/sites-enabled# iptables -t filter -L -v
Chain INPUT (policy DROP 46 packets, 4344 bytes)
 pkts bytes target     prot opt in     out     source               destination
 1220 89088 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:http

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 772 packets, 90484 bytes)
 pkts bytes target     prot opt in     out     source               destination

root@ubuntu:/etc/nginx/sites-enabled# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

root@ubuntu:/etc/nginx/sites-enabled# iptables -t mangle -L -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

root@ubuntu:/etc/nginx/sites-enabled# iptables -t raw -L -v
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination