Maker's Blog
Debian 12中iptables排错方法
2026-04-24 10:35:43    2    0    0
maker


标记流量,然后显示指定流量是走什么网络出去:

root@vps:~# docker ps
CONTAINER ID   IMAGE                          COMMAND                  CREATED        STATUS                         PORTS                                                                                                 NAMES
1b87021fe9f4   haroldli/xiaoya-tvbox:latest   "/entrypoint.sh 81 -…"   5 hours ago    Up 28 seconds                  0.0.0.0:4567->4567/tcp, [::]:4567->4567/tcp, 5244-5245/tcp, 0.0.0.0:5344->80/tcp, [::]:5344->80/tcp   xiaoya-tvbox
a5d578f4f678   taksss/php-epg:latest          "/docker-entrypoint.…"   13 hours ago   Up 28 seconds                  443/tcp, 0.0.0.0:5678->80/tcp, [::]:5678->80/tcp                                                      php-epg
1d1ae6c5d96e   containrrr/watchtower          "/watchtower -c --sc…"   2 weeks ago    Restarting (1) 5 seconds ago                                                                                                         watchtower
root@vps:~#
# 在 INPUT 链最前面插入 LOG 规则
iptables -I INPUT 1 -s 192.168.192.0/24 -p tcp --dport 4567 -j LOG --log-prefix "INPUT-4567: " --log-level 4
# 在 FORWARD 链最前面插入 LOG 规则
iptables -I FORWARD 1 -s 192.168.192.0/24 -p tcp --dport 4567 -j LOG --log-prefix "FORWARD-4567: " --log-level 4
# 在 DOCKER-USER 链插入 LOG 规则
iptables -I DOCKER-USER 1 -s 192.168.192.0/24 -p tcp --dport 4567 -j LOG --log-prefix "DOCKER-USER-4567: " --log-level 4
# 显示实时日志
journalctl -kf | grep "4567"
Apr 24 08:31:08 vps kernel: FORWARD-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30392 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:08 vps kernel: DOCKER-USER-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30392 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:09 vps kernel: FORWARD-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30393 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:09 vps kernel: DOCKER-USER-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30393 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:12 vps kernel: FORWARD-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30394 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:12 vps kernel: DOCKER-USER-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30394 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:15 vps kernel: FORWARD-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30395 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:15 vps kernel: DOCKER-USER-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30395 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:23 vps kernel: FORWARD-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30396 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200 
Apr 24 08:31:23 vps kernel: DOCKER-USER-4567: IN=ztbto72xxn OUT=CloudflareWARP MAC=9e:6a:e9:6b:d3:b5:9e:17:51:48:d4:bd:08:00 SRC=192.168.192.7 DST=172.17.0.3 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=30396 DF PROTO=TCP SPT=36950 DPT=4567 WINDOW=63480 RES=0x00 SYN URGP=0 MARK=0x200


再举一反三:

# 在 INPUT 链最前面插入 LOG 规则
iptables -I INPUT 1 -s 192.168.192.0/24 -j LOG --log-prefix "INPUT-19201: " --log-level 4
# 在 FORWARD 链最前面插入 LOG 规则
iptables -I FORWARD 1 -s 192.168.192.0/24 -j LOG --log-prefix "FORWARD-19201: " --log-level 4
# 在 DOCKER-USER 链插入 LOG 规则
iptables -I DOCKER-USER 1 -s 192.168.192.0/24 -j LOG --log-prefix "DOCKER-USER-19201: " --log-level 4
# 显示实时日志
journalctl -kf | grep "19201"










Pre: No Post

Next: Windows将程序安装为系统服务 shawl.exe

2
powered by Maker
Table of content