OpenVPN 서버 설정을 완료했으며 클라이언트에서 VPN 서버에 연결할 수 있습니다. 또한 개인 네트워크(Docker, MySQL 및 Kafka)에 액세스하기 위해 Iptables 규칙을 수정했습니다.
VPN 클라이언트에서는 MySQL 및 Kafka 서버에 액세스할 수 있지만 Docker 서버에는 액세스할 수 없습니다. 아래에서 Docker 서버 Iptable 규칙을 언급했습니다.
Docker 서버에 연결하는지 확인하고 도와주세요.
MySQL 서버 규칙(VPN 클라이언트에서 작동)
root@app-db:/home/Mysqldb# sudo iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere icmp echo-request
3 ACCEPT tcp -- 192.168.30.0/24 anywhere
4 ACCEPT tcp -- anywhere anywhere tcp dpt:27017
5 ACCEPT tcp -- app-server anywhere tcp dpt:27017 state NEW,ESTABLISHED
6 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere app-server tcp spt:27017 state ESTABLISHED
2 ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
Docker 서버 규칙: (VPN 클라이언트에서 실행할 수 없음)
root@Docker-server:/home/contus# sudo iptables -L --line-numbers
Chain INPUT (policy DROP)
num target prot opt source destination
1 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
2 ACCEPT tcp -- ec2-xxx.xxx.xxx.xxx.compute-1.amazonaws.com anywhere tcp dpt:ssh
3 ACCEPT tcp -- pool-xx.xx.x.xx.washdc..net anywhere
4 ACCEPT tcp -- xxx.xxx.xxx.0/24 anywhere tcp dpt:ssh
5 ACCEPT tcp -- xxx.xxx.xxx.xxx anywhere
6 ACCEPT tcp -- ec2-xx.xx.xx.xx.compute-1.amazonaws.com anywhere
7 ACCEPT tcp -- 192.168.30.0/24 anywhere
8 ACCEPT tcp -- 10.8.0.0/24 anywhere tcp dpt:http ctstate NEW,ESTABLISHED
9 ACCEPT icmp -- anywhere anywhere icmp echo-request
10 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
11 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW,ESTABLISHED
12 ACCEPT tcp -- anywhere anywhere tcp dpt:http
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 DOCKER-USER all -- anywhere anywhere
2 DOCKER-INGRESS all -- anywhere anywhere
3 DOCKER-ISOLATION all -- anywhere anywhere
4 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
5 DOCKER all -- anywhere anywhere
6 ACCEPT all -- anywhere anywhere
7 ACCEPT all -- anywhere anywhere
8 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
9 DOCKER all -- anywhere anywhere
10 ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp spt:http ctstate ESTABLISHED
2 ACCEPT icmp -- anywhere anywhere icmp echo-reply
3 ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
4 ACCEPT tcp -- anywhere anywhere tcp spt:ssh state ESTABLISHED
Chain DOCKER (2 references)
num target prot opt source destination
Chain DOCKER-INGRESS (1 references)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:4000
2 ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:4000
3 ACCEPT tcp -- anywhere anywhere tcp dpt:3000
4 ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:3000
5 ACCEPT tcp -- anywhere anywhere tcp dpt:5000
6 ACCEPT tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp spt:5000
7 RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION (1 references)
num target prot opt source destination
1 DROP all -- anywhere anywhere
2 DROP all -- anywhere anywhere
3 RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
num target prot opt source destination
1 RETURN all -- anywhere anywhere