2. 程式人生 > >阿里雲 伺服器 centos 開啟80埠、3306埠

阿里雲 伺服器 centos 開啟80埠、3306埠

阿新 發佈:2019-01-14 
1:配置防火牆,開啟80埠、3306埠



vi /etc/sysconfig/iptables

-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允許80埠通過防火牆)
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允許3306埠通過防火牆)
特別提示:很多網友把這兩條規則新增到防火牆配置的最後一行,導致防火牆啟動失敗,正確的應該是新增到預設的22埠這條規則的下面
新增好之後防火牆規則如下所示:
######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
#####################################
/etc/init.d/iptables restart      #最後重啟防火牆使配置生效





2:iptables 使用詳解

Centos 6 iptables 配置

Ben

2011/12/24

[
 
[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination         

1    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2256 

2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 

3    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

4    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 

6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 

7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination     

-----------

插入1條記錄

[
 
[email protected] ben.liu]# iptables -I INPUT -j ACCEPT -s 172.16.0.0/16 -p tcp --dport 443 -m state --state NEW 

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination         

1    ACCEPT     tcp  --  172.16.0.0/16        0.0.0.0/0           tcp dpt:443 state NEW 

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2256 

3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 

4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 

7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22 

8    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination   

-    

[
 
[email protected] ben.liu]# iptables-save

# Generated by iptables-save v1.4.7 on Sat Dec 24 16:50:09 2011

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [201:20052]

-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT 

-A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT 

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 

-A INPUT -p icmp -j ACCEPT 

-A INPUT -i lo -j ACCEPT 

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 

-A INPUT -j REJECT --reject-with icmp-host-prohibited 

-A FORWARD -j REJECT --reject-with icmp-host-prohibited 

COMMIT

# Completed on Sat Dec 24 16:50:09 2011

--

修改1條記錄:比如第7條   state NEW tcp dpt:22 

[[email protected] ben.liu]# iptables -R INPUT 7 -s 172.16.0.0/16 -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

[[email protected] ben.liu]# iptables status

Bad argument `status'

Try `iptables -h' or 'iptables --help' for more information.

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination         

1    ACCEPT     tcp  --  172.16.0.0/16        0.0.0.0/0           tcp dpt:443 state NEW 

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2256 

3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 

4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 

7    ACCEPT     tcp  --  172.16.0.0/16        0.0.0.0/0           state NEW tcp dpt:22 

8    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination     

--

刪除1條記錄,比如:第7條

[[email protected] ben.liu]# iptables -D INPUT 7

[[email protected] ben.liu]# iptables -L 

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     tcp  --  172.16.0.0/16        anywhere            tcp dpt:https state NEW 

ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:pcc-mfp 

ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 

ACCEPT     icmp --  anywhere             anywhere            

ACCEPT     all  --  anywhere             anywhere            

ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http 

REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

[[email protected] ben.liu]# iptables -L -n

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     tcp  --  172.16.0.0/16        0.0.0.0/0           tcp dpt:443 state NEW 

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2256 

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 

ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 

REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination         

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination         

1    ACCEPT     tcp  --  172.16.0.0/16        0.0.0.0/0           tcp dpt:443 state NEW 

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2256 

3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 

4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 

7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination      

---

清空所有INPUT 記錄      

[[email protected] ben.liu]# iptables-save > /etc/sysconfig/iptables.bak

[[email protected] ben.liu]# iptables -F INPUT

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination     

[[email protected] ben.liu]# iptables-save > /etc/sysconfig/iptables.bak

[[email protected] ben.liu]# iptables -F INPUT

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination         

恢復以前儲存的記錄:

[[email protected] ben.liu]# iptables-restore /etc/sysconfig/iptables.bak 

[[email protected] ben.liu]# service iptables status

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination         

1    ACCEPT     tcp  --  172.16.0.0/16        0.0.0.0/0           tcp dpt:443 state NEW 

2    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2256 

3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 

4    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

5    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 

7    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT)

num  target     prot opt source               destination         

1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination         

[[email protected] ben.liu]# iptables-save

# Generated by iptables-save v1.4.7 on Sat Dec 24 17:24:57 2011

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [44:5152]

-A INPUT -s 172.16.0.0/16 -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT 

-A INPUT -p tcp -m state --state NEW -m tcp --dport 2256 -j ACCEPT 

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 

-A INPUT -p icmp -j ACCEPT 

-A INPUT -i lo -j ACCEPT 

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 

-A INPUT -j REJECT --reject-with icmp-host-prohibited 

-A FORWARD -j REJECT --reject-with icmp-host-prohibited 

COMMIT

# Completed on Sat Dec 24 17:24:57 2011

----------

檢視iptables 啟動的規則檔案:

[[email protected] ben.liu]# cat /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

---

關閉/ 禁止、允許隨系統啟動/啟動/重啟/   iptables服務  

[[email protected] ben.liu]# service iptables stop

iptables: Flushing firewall rules:                         [  OK  ]

iptables: Setting chains to policy ACCEPT: filter          [  OK  ]

iptables: Unloading modules:                               [  OK  ]

[[email protected] ben.liu]# chkconfig --level 35 iptables off

[[email protected] ben.liu]# chkconfig --level 35 iptables on

[[email protected]lhost ben.liu]# service iptables start

iptables: Applying firewall rules:                         [  OK  ]

[[email protected] ben.liu]# service iptables restart

iptables: Flushing firewall rules:                         [  OK  ]

iptables: Setting chains to policy ACCEPT: filter          [  OK  ]

iptables: Unloading modules:                               [  OK  ]

iptables: Applying firewall rules:                         [  OK  ]

 使用 netstat -tulp 檢視埠情況:  如下:httpd是被監聽狀態

[[email protected] ~]# netstat -tulp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:http            0.0.0.0:*               LISTEN      10972/httpd         
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN      1123/sshd           
tcp        0      0 0.0.0.0:mysql           0.0.0.0:*               LISTEN      12343/mysqld        
udp        0      0 izbp1hy3mj62nnvhajm:ntp 0.0.0.0:*                           748/ntpd            
udp        0      0 localhost:ntp           0.0.0.0:*                           748/ntpd            
udp        0      0 0.0.0.0:ntp             0.0.0.0:*                           748/ntpd            
udp6       0      0 [::]:ntp                [::]:*                              748/ntpd

相關推薦

阿里 伺服器 centos 開啟803306

1:配置防火牆,開啟80埠、3306埠 vi /etc/sysconfig/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允許80埠通過防火牆) -A INPUT -

阿里伺服器如何開啟MySQL Error2003解決辦法

此處以安裝配置MySQL之後仍舊無法連線為例,出現”ERROR 2003(HY000): Can’t connect to MySQL server on ‘localhost’ (10061)”,開啟

阿里伺服器如何開啟對映?

阿里雲伺服器,為了安全考慮。特意設定了埠的保護,比如mysql的3306埠對映,阿里雲進行了攔截,這樣通過遠端3306埠就不能進行訪問了。 所以需要登入控制檯配置規則,配置的規則步驟如下: 進入控制檯,點選配置規則。 點選快速建立規則。 選擇對應的埠。注意授權物件,表

阿里centos7.x 開啟80

一 :阿里雲centos7.x用iptables開啟80埠 1、安裝iptables:yum install iptables-services(阿里雲centos7 預設 是使用的firewall,所以要使用iptables需先安裝) 2、相看filrwall是否關閉:

阿里伺服器CentOS搭建

一. 阿里雲伺服器CentOS搭建 阿里雲的CentOS雲系統是一個集成了Python環境基於yum安裝的映象,包含Nginx、MySQL、Pyenv、IPython等。 CentOS(Community Enterprise Operating System,中文意思是:社

阿里伺服器CentOS之mariadb資料庫安裝

參考文章:https://blog.csdn.net/Ghost_leader/article/details/53366942 由於CentOS 7 將mysql全部都改成了mariadb。所以在CentOS 下yum安裝mysql是沒有用的。雖然還是有一大堆軟體包叫做mysql。 不過不

阿里伺服器mysql密碼重置遠端連線設定

密碼重置 第一步在linux上輸入:mysqladmin -u root -p password 結果:Enter password: 輸入原密碼 New password: 輸入新密碼 Confirm new password:輸入新密碼 遠端連線 第一步輸入:mysql -uroot -

阿里伺服器(CentOS-6.8)

Linux安裝Solr,一定要注意版本問題! 建議:Tomcat7,安裝5.4及以下的Solr,Tomcat8安裝5.5及以上的Solr。 本文是Tomcat7安裝Solr5.4 一、下載地址 二、安裝Solr 1、把官網下載的solr-5.4.0.tgz上

《個人紀錄》 阿里伺服器Centos環境做後臺Android開發

僅方便自己回顧!!! 下載Xshell和Xftp,方便檔案管理。 使用Xshell連線伺服器,並實現檔案的傳輸。 1、出現問題:ImportError: No module named tensorflow 沒有tensorflow的元件,解決方法:pip instal

阿里伺服器centos安裝MySQL

1、首先需要安裝repo源 CentOS 7的yum源中預設是沒有mysql的,所以,為了解決這個問題我們首先下載安裝mysql的repo源。 依次執行以下命令: # rpm -ivh mysql57-community-release-el7-7.noarch.r

阿里伺服器Centos 6.8 64位漏洞 CVE-2017-5336 處理

RHSA-2017:0574 漏洞包括四個,分別是 CVE-2017-5336(GnuTLS 存在棧緩衝區溢位的漏洞)、CVE-2017-5337(GnuTLS 存在堆緩衝區溢位漏洞)、CVE-2017-5335(GnuTLS 存在基於緩衝區溢位的漏洞)和 CVE-2016-8610(Op

flask部署到阿里伺服器centos+python3+gunicorn+nginx詳細教程(從本地windows可執行部署伺服器環境上可執行)

前言: 做了flask網站,是因為軟體工程課程的任務,每個小組期末需要交一份的可執行的專案,我們小組做的是flask留言牆,用的flask做後臺邏輯功能,前端h5,javascript,jquery,實現網頁佈局,樣式,前端驗證...做完,想把這個網站掛到外網上,就需要伺服器...這裡用了阿

阿里伺服器Ubuntu16.04配置javatomcatMySql

準備工作: 1.購買阿里雲伺服器Ubuntu16.04版 2.下載jdk-linux版 3.下載tomcat7-linux版 4.下載FileZilla(從本地上傳檔案到伺服器) 5.下載Xshell 5(連線伺服器的終端) 一.為伺服器新增安全

阿里伺服器centos mysql 遠端訪問

解決阿里雲MySQL遠端連線不上的問題:       首先登陸到資料庫 mysql -u 使用者名稱 -h localhost -p 密碼 開啟資料庫 mysql; use mysql;

阿里伺服器centos部署web環境的步驟詳解

主要任務 使用ssh工具,在阿里雲伺服器配置jdk,tomcat,mysql,並部署專案。 所需工具 SSH Secure Shell 、jdk1.7(linux版)、tomcat7(linux版)、mysql5.5(linux版) 文中有連結

[CentOS Python系列] 四.阿里伺服器CentOS連線遠端MySQL資料庫及pymsql

從2014年開始,作者主要寫了三個Python系列文章,分別是基礎知識、網路爬蟲和資料分析。  隨著人工智慧和深度學習的風暴來臨,Python變得越來越火熱,作者也準備從零學習這些知識,寫相關文章。本篇

配置防火牆,開啟803306 & iptables 使用詳解

1:配置防火牆,開啟80埠、3306埠 vi /etc/sysconfig/iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允許80埠通過防火牆) -A INPUT -m state –state NEW -m

阿里伺服器CentOS下安裝mysql

安裝MySQL主要有兩種方法:一種是通過原始碼自行編譯安裝,這種適合高階使用者定製MySQL的特性,這裡不做說明;另一種是通過編譯過的二進位制檔案進行安裝。二進位制檔案安裝的方法又分為兩種:一種是不

阿里伺服器CentOS(64位)安裝配置LAMP伺服器(Linux+Apache+PHP5+MySQL)

一 、使用 yum install httpd 命令安裝apache //博主使用的是阿里雲centos伺服器,所以採用yum命令安裝,ubuntu下的使用sudo apt-get install

Linux配置防火牆,開啟803306 可能會遇到的小問題

  vi /etc/sysconfig/iptables  -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允許80埠通過防火牆)  -A INPUT -m state –state NEW