centos6+如何对外开放80,3306端口号或者其他端口号

Posted zhukaixin

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos6+如何对外开放80,3306端口号或者其他端口号相关的知识,希望对你有一定的参考价值。

1.查看防火墙对外开放了哪些端口

[[email protected] ~]# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

2.centos6.0防火墙操作:

配置文件:/etc/sysconfig/iptables

开启某个端口号有两种方式:一种是命令方式,一种是修改配置文件方式

查看防火墙状态:chkconfig iptables --list

[[email protected] ~]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭

开启防火墙(重启后永久生效):chkconfig iptables on
关闭防火墙(重启后永久生效):chkconfig iptables off

[[email protected] ~]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭
[[email protected] ~]# chkconfig iptables off
[[email protected] ~]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:关闭    3:关闭    4:关闭    5:关闭    6:关闭
[[email protected] ~]# chkconfig iptables on
[[email protected] ~]# chkconfig iptables --list
iptables           0:关闭    1:关闭    2:启用    3:启用    4:启用    5:启用    6:关闭
[[email protected] ~]# 

开启防火墙(即时生效,重启后失效):service iptables start
关闭防火墙(即时生效,重启后失效):service iptables stop
重启防火墙:service iptables restart

查看开启的端口号
service iptables status

[[email protected] ~]# service iptables status
表格:filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

 

3.开启某个端口号(如80端口号,命令方式)
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT

[[email protected] ~]# iptables -A INPUT -p tcp -m state --state  NEW  -m tcp --dport 80 -j ACCEPT

保存开启的端口号
service iptables save

[[email protected] ~]# service iptables save
iptables:将防火墙规则保存到 /etc/sysconfig/iptables:     [确定]
[[email protected] ~]# iptables status
Bad argument `statusTry `iptables -h or iptables --help for more information.

重新启动防火墙
service iptables restart

[[email protected] ~]# service iptables restart
iptables:将链设置为政策 ACCEPT:filter                    [确定]
iptables:清除防火墙规则:                                 [确定]
iptables:正在卸载模块:                                   [确定]
iptables:应用防火墙规则:                                 [确定]

查看开启的端口号
service iptables status

[[email protected] ~]# service iptables status
表格:filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

 

开启某个范围的端口号(如18881~65534,命令方式)
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 18881:65534 -j ACCEPT

[[email protected] ~]# iptables -A INPUT -p tcp -m state --state  NEW  -m tcp --dport 10000:11000 -j ACCEPT

保存开启的端口号
service iptables save

[[email protected] ~]# service iptables save
iptables:将防火墙规则保存到 /etc/sysconfig/iptables:     [确定]

重新启动防火墙
service iptables restart


查看开启的端口号
service iptables status

[[email protected] ~]# service iptables status
表格:filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination         
1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:3306 
2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           
4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 
6    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
8    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpts:10000:11000 

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination         
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination         

 

4.通过修改配置文件开启端口号(如80端口号)
 vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
启动防火墙
service iptables restart

 

参数说明:
–A 参数就看成是添加一条规则
–p 指定是什么协议,我们常用的tcp 协议,当然也有udp,例如53端口的DNS
–dport 就是目标端口,当数据从外部进入服务器为目标端口

–j 就是指定是 ACCEPT -接收 或者 DROP 不接收

 


原文:https://blog.csdn.net/u014079773/article/details/79745819


























以上是关于centos6+如何对外开放80,3306端口号或者其他端口号的主要内容,如果未能解决你的问题,请参考以下文章

centos 7怎么查看开启的端口号

Centos6.5 搭建LAMP环境

腾讯云服务器通过设置安全组放行对外端口号

装了mysql一定要开放3306端口吗?

Linux下tomcat端口号的访问开放

如何查看linux服务器开放了哪些端口