centos6+如何对外开放80,3306端口号或者其他端口号
Posted zhukaixin
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了centos6+如何对外开放80,3306端口号或者其他端口号相关的知识,希望对你有一定的参考价值。
1.查看防火墙对外开放了哪些端口
[[email protected] ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
2.centos6.0防火墙操作:
配置文件:/etc/sysconfig/iptables
开启某个端口号有两种方式:一种是命令方式,一种是修改配置文件方式
查看防火墙状态:chkconfig iptables --list
[[email protected] ~]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭
开启防火墙(重启后永久生效):chkconfig iptables on
关闭防火墙(重启后永久生效):chkconfig iptables off
[[email protected] ~]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 [[email protected] ~]# chkconfig iptables off [[email protected] ~]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:关闭 3:关闭 4:关闭 5:关闭 6:关闭 [[email protected] ~]# chkconfig iptables on [[email protected] ~]# chkconfig iptables --list iptables 0:关闭 1:关闭 2:启用 3:启用 4:启用 5:启用 6:关闭 [[email protected] ~]#
开启防火墙(即时生效,重启后失效):service iptables start
关闭防火墙(即时生效,重启后失效):service iptables stop
重启防火墙:service iptables restart
查看开启的端口号
service iptables status
[[email protected] ~]# service iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
3.开启某个端口号(如80端口号,命令方式)
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
[[email protected] ~]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
保存开启的端口号
service iptables save
[[email protected] ~]# service iptables save iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定] [[email protected] ~]# iptables status Bad argument `status‘ Try `iptables -h‘ or ‘iptables --help‘ for more information.
重新启动防火墙
service iptables restart
[[email protected] ~]# service iptables restart iptables:将链设置为政策 ACCEPT:filter [确定] iptables:清除防火墙规则: [确定] iptables:正在卸载模块: [确定] iptables:应用防火墙规则: [确定]
查看开启的端口号
service iptables status
[[email protected] ~]# service iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
开启某个范围的端口号(如18881~65534,命令方式)
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 18881:65534 -j ACCEPT
[[email protected] ~]# iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 10000:11000 -j ACCEPT
保存开启的端口号
service iptables save
[[email protected] ~]# service iptables save iptables:将防火墙规则保存到 /etc/sysconfig/iptables: [确定]
重新启动防火墙
service iptables restart
查看开启的端口号
service iptables status
[[email protected] ~]# service iptables status 表格:filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 6 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpts:10000:11000 Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination
4.通过修改配置文件开启端口号(如80端口号)
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
启动防火墙
service iptables restart
参数说明:
–A 参数就看成是添加一条规则
–p 指定是什么协议,我们常用的tcp 协议,当然也有udp,例如53端口的DNS
–dport 就是目标端口,当数据从外部进入服务器为目标端口
–j 就是指定是 ACCEPT -接收 或者 DROP 不接收
原文:https://blog.csdn.net/u014079773/article/details/79745819
以上是关于centos6+如何对外开放80,3306端口号或者其他端口号的主要内容,如果未能解决你的问题,请参考以下文章