设为首页收藏本站
开启辅助访问
centos6+如何对外开放80,3306端口号或者其他端口号 您所在的位置:网站首页 centos7如何开放端口权限 centos6+如何对外开放80,3306端口号或者其他端口号

centos6+如何对外开放80,3306端口号或者其他端口号

2023-10-12 20:38| 来源: 网络整理| 查看: 265

1.查看防火墙对外开放了哪些端口

[root@hadoop110 ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination

2.centos6.0防火墙操作:

配置文件:/etc/sysconfig/iptables

开启某个端口号有两种方式:一种是命令方式,一种是修改配置文件方式

查看防火墙状态:chkconfig iptables --list

[root@hadoop110 ~]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭

开启防火墙(重启后永久生效):chkconfig iptables on关闭防火墙(重启后永久生效):chkconfig iptables off

[root@hadoop110 ~]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 [root@hadoop110 ~]# chkconfig iptables off [root@hadoop110 ~]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 [root@hadoop110 ~]# chkconfig iptables on [root@hadoop110 ~]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 [root@hadoop110 ~]#

开启防火墙(即时生效,重启后失效):service iptables start关闭防火墙(即时生效,重启后失效):service iptables stop重启防火墙:service iptables restart

查看开启的端口号service iptables status

[root@hadoop110 ~]# service iptables status \表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination

 

3.开启某个端口号(如80端口号,命令方式)iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

[root@hadoop110 ~]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

保存开启的端口号service iptables save

[root@hadoop110 ~]# service iptables save iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定] [root@hadoop110 ~]# iptables status Bad argument `status' Try `iptables -h' or 'iptables --help' for more information.

重新启动防火墙service iptables restart

[root@hadoop110 ~]# service iptables restart iptables:将链设置为政策 ACCEPT:filter [确定] iptables:清除防火墙规则: [确定] iptables:正在卸载模块: [确定] iptables:应用防火墙规则: [确定]

查看开启的端口号service iptables status

[root@hadoop110 ~]# service iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination

 

开启某个范围的端口号(如18881~65534,命令方式)iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 18881:65534 -j ACCEPT

[root@hadoop110 ~]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 10000:11000 -j ACCEPT

保存开启的端口号service iptables save

[root@hadoop110 ~]# service iptables save iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定]

重新启动防火墙service iptables restart

查看开启的端口号service iptables status

[root@hadoop110 ~]# service iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:10000:11000 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination

 

4.通过修改配置文件开启端口号(如80端口号) vi /etc/sysconfig/iptables-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT启动防火墙service iptables restart

 

参数说明:–A 参数就看成是添加一条规则–p 指定是什么协议,我们常用的tcp 协议,当然也有udp,例如53端口的DNS–dport 就是目标端口,当数据从外部进入服务器为目标端口

–j 就是指定是 ACCEPT -接收 或者 DROP 不接收

 

原文:https://blog.csdn.net/u014079773/article/details/79745819



【本文地址】

公司简介

联系我们

今日新闻

    推荐新闻

    专题文章
      CopyRight 2018-2019 实验室设备网 版权所有