阿里雲 伺服器 centos 開啟80埠、3306埠
1:配置防火牆,開啟80埠、3306埠
vi /etc/sysconfig/iptables
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允許80埠通過防火牆)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允許3306埠通過防火牆)
特別提示:很多網友把這兩條規則新增到防火牆配置的最後一行,導致防火牆啟動失敗,正確的應該是新增到預設的22埠這條規則的下面
新增好之後防火牆規則如下所示:
######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################
/etc/init.d/iptables restart #最後重啟防火牆使配置生效
2:iptables 使用詳解
Centos 6 iptables 配置
Ben
2011/12/24
[ [email protected] ben.liu]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
-----------
插入1條記錄
[ [email protected] ben.liu]# iptables -I INPUT -j ACCEPT -s 172.16.0.0/16 -p tcp --dport 443 -m state --state NEW
[[email protected] ben.liu]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
-
[ [email protected] ben.liu]# iptables-save
# Generated by iptables-save v1.4.7 on Sat Dec 24 16:50:09 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [201:20052]
-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Dec 24 16:50:09 2011
--
修改1條記錄:比如第7條 state NEW tcp dpt:22
[[email protected] ben.liu]# iptables -R INPUT 7 -s 172.16.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
[[email protected] ben.liu]# iptables status
Bad argument `status'
Try `iptables -h' or 'iptables --help' for more information.
[[email protected] ben.liu]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 state NEW tcp dpt:22
8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
--
刪除1條記錄,比如:第7條
[[email protected] ben.liu]# iptables -D INPUT 7
[[email protected] ben.liu]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 172.16.0.0/16 anywhere tcp dpt:https state NEW
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:pcc-mfp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[[email protected] ben.liu]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[[email protected] ben.liu]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
---
清空所有INPUT 記錄
[[email protected] ben.liu]# iptables-save > /etc/sysconfig/iptables.bak
[[email protected] ben.liu]# iptables -F INPUT
[[email protected] ben.liu]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[[email protected] ben.liu]# iptables-save > /etc/sysconfig/iptables.bak
[[email protected] ben.liu]# iptables -F INPUT
[[email protected] ben.liu]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
恢復以前儲存的記錄:
[[email protected] ben.liu]# iptables-restore /etc/sysconfig/iptables.bak
[[email protected] ben.liu]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- 172.16.0.0/16 0.0.0.0/0 tcp dpt:443 state NEW
2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:2256
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
6 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
7 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[[email protected] ben.liu]# iptables-save
# Generated by iptables-save v1.4.7 on Sat Dec 24 17:24:57 2011
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [44:5152]
-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Sat Dec 24 17:24:57 2011
----------
檢視iptables 啟動的規則檔案:
[[email protected] ben.liu]# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
---
關閉/ 禁止、允許隨系統啟動/啟動/重啟/ iptables服務
[[email protected] ben.liu]# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[[email protected] ben.liu]# chkconfig --level 35 iptables off
[[email protected] ben.liu]# chkconfig --level 35 iptables on
[[email protected]lhost ben.liu]# service iptables start
iptables: Applying firewall rules: [ OK ]
[[email protected] ben.liu]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
使用 netstat -tulp 檢視埠情況: 如下:httpd是被監聽狀態
[[email protected] ~]# netstat -tulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN 10972/httpd
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 1123/sshd
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN 12343/mysqld
udp 0 0 izbp1hy3mj62nnvhajm:ntp 0.0.0.0:* 748/ntpd
udp 0 0 localhost:ntp 0.0.0.0:* 748/ntpd
udp 0 0 0.0.0.0:ntp 0.0.0.0:* 748/ntpd
udp6 0 0 [::]:ntp [::]:* 748/ntpd
相關推薦
阿里雲 伺服器 centos 開啟80埠、3306埠
1:配置防火牆,開啟80埠、3306埠 vi /etc/sysconfig/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允許80埠通過防火牆) -A INPUT -
阿里雲伺服器如何開啟埠、MySQL Error2003解決辦法
此處以安裝配置MySQL之後仍舊無法連線為例,出現”ERROR 2003(HY000): Can’t connect to MySQL server on ‘localhost’ (10061)”,開啟
阿里雲伺服器如何開啟埠對映?
阿里雲伺服器,為了安全考慮。特意設定了埠的保護,比如mysql的3306埠對映,阿里雲進行了攔截,這樣通過遠端3306埠就不能進行訪問了。 所以需要登入控制檯配置規則,配置的規則步驟如下: 進入控制檯,點選配置規則。 點選快速建立規則。 選擇對應的埠。注意授權物件,表
阿里雲centos7.x 開啟80埠
一 :阿里雲centos7.x用iptables開啟80埠 1、安裝iptables:yum install iptables-services(阿里雲centos7 預設 是使用的firewall,所以要使用iptables需先安裝) 2、相看filrwall是否關閉:
阿里雲伺服器CentOS搭建
一. 阿里雲伺服器CentOS搭建 阿里雲的CentOS雲系統是一個集成了Python環境基於yum安裝的映象,包含Nginx、MySQL、Pyenv、IPython等。 CentOS(Community Enterprise Operating System,中文意思是:社
阿里雲伺服器CentOS之mariadb資料庫安裝
參考文章:https://blog.csdn.net/Ghost_leader/article/details/53366942 由於CentOS 7 將mysql全部都改成了mariadb。所以在CentOS 下yum安裝mysql是沒有用的。雖然還是有一大堆軟體包叫做mysql。 不過不
阿里雲伺服器mysql密碼重置、遠端連線設定
密碼重置 第一步在linux上輸入:mysqladmin -u root -p password 結果:Enter password: 輸入原密碼 New password: 輸入新密碼 Confirm new password:輸入新密碼 遠端連線 第一步輸入:mysql -uroot -
阿里雲伺服器(CentOS-6.8)
Linux安裝Solr,一定要注意版本問題! 建議:Tomcat7,安裝5.4及以下的Solr,Tomcat8安裝5.5及以上的Solr。 本文是Tomcat7安裝Solr5.4 一、下載地址 二、安裝Solr 1、把官網下載的solr-5.4.0.tgz上
《個人紀錄》 阿里雲伺服器Centos環境做後臺Android開發
僅方便自己回顧!!! 下載Xshell和Xftp,方便檔案管理。 使用Xshell連線伺服器,並實現檔案的傳輸。 1、出現問題:ImportError: No module named tensorflow 沒有tensorflow的元件,解決方法:pip instal
阿里雲伺服器centos安裝MySQL
1、首先需要安裝repo源 CentOS 7的yum源中預設是沒有mysql的,所以,為了解決這個問題我們首先下載安裝mysql的repo源。 依次執行以下命令: # rpm -ivh mysql57-community-release-el7-7.noarch.r
阿里雲伺服器Centos 6.8 64位漏洞 CVE-2017-5336 處理
RHSA-2017:0574 漏洞包括四個,分別是 CVE-2017-5336(GnuTLS 存在棧緩衝區溢位的漏洞)、CVE-2017-5337(GnuTLS 存在堆緩衝區溢位漏洞)、CVE-2017-5335(GnuTLS 存在基於緩衝區溢位的漏洞)和 CVE-2016-8610(Op
flask部署到阿里雲伺服器centos+python3+gunicorn+nginx詳細教程(從本地windows可執行部署伺服器環境上可執行)
前言: 做了flask網站,是因為軟體工程課程的任務,每個小組期末需要交一份的可執行的專案,我們小組做的是flask留言牆,用的flask做後臺邏輯功能,前端h5,javascript,jquery,實現網頁佈局,樣式,前端驗證...做完,想把這個網站掛到外網上,就需要伺服器...這裡用了阿
阿里雲伺服器Ubuntu16.04配置java、tomcat、MySql
準備工作: 1.購買阿里雲伺服器Ubuntu16.04版 2.下載jdk-linux版 3.下載tomcat7-linux版 4.下載FileZilla(從本地上傳檔案到伺服器) 5.下載Xshell 5(連線伺服器的終端) 一.為伺服器新增安全
阿里雲伺服器centos mysql 遠端訪問
解決阿里雲MySQL遠端連線不上的問題: 首先登陸到資料庫 mysql -u 使用者名稱 -h localhost -p 密碼 開啟資料庫 mysql; use mysql;
阿里雲伺服器centos部署web環境的步驟詳解
主要任務 使用ssh工具,在阿里雲伺服器配置jdk,tomcat,mysql,並部署專案。 所需工具 SSH Secure Shell 、jdk1.7(linux版)、tomcat7(linux版)、mysql5.5(linux版) 文中有連結
[CentOS Python系列] 四.阿里雲伺服器CentOS連線遠端MySQL資料庫及pymsql
從2014年開始,作者主要寫了三個Python系列文章,分別是基礎知識、網路爬蟲和資料分析。 隨著人工智慧和深度學習的風暴來臨,Python變得越來越火熱,作者也準備從零學習這些知識,寫相關文章。本篇
配置防火牆,開啟80埠、3306埠 & iptables 使用詳解
1:配置防火牆,開啟80埠、3306埠 vi /etc/sysconfig/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允許80埠通過防火牆) -A INPUT -m state –state NEW -m
阿里雲伺服器CentOS下安裝mysql
安裝MySQL主要有兩種方法:一種是通過原始碼自行編譯安裝,這種適合高階使用者定製MySQL的特性,這裡不做說明;另一種是通過編譯過的二進位制檔案進行安裝。二進位制檔案安裝的方法又分為兩種:一種是不
阿里雲伺服器CentOS(64位)安裝配置LAMP伺服器(Linux+Apache+PHP5+MySQL)
一 、使用 yum install httpd 命令安裝apache //博主使用的是阿里雲centos伺服器,所以採用yum命令安裝,ubuntu下的使用sudo apt-get install
Linux配置防火牆,開啟80埠、3306埠 可能會遇到的小問題
vi /etc/sysconfig/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允許80埠通過防火牆) -A INPUT -m state –state NEW