Linux中在防火墙中开启80端口方法示例
<p>linux如果刚安装好防火墙时我们常用的端口是没有增加的,也就是说不能访问,那么要怎么把常用端口增加到防火墙通过状态呢,下面我们以80端口为例子吧。</p>
<p>
最近自己在学习Linux。搭建一个LNMP环境。在测试时一切都好。然后重启Linux后。再次访问网站无法打开。最终原因是在防火墙中没有加入 80 端口的规则。具体方法如下:</p>
<p>
在CentOS下配置iptables防火墙,是非常必要的。来我们学习如何配置!,其它版本一下:</p>
<p>
<strong>1.打开iptables的配置文件:</strong></p>
<p>
代码如下</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_506121">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">vi /etc/sysconfig/iptables</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
通过/etc/init.d/iptables status<br>
命令查询是否有打开80端口,如果没有可通过两种方式处理:<br>
1.修改vi /etc/sysconfig/iptables命令添加使防火墙开放80端口</p>
<p>
代码如下</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_869705">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<strong>2.关闭/开启/重启防火墙</strong></p>
<p>
代码如下</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_779554">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">/etc/init.d/iptables stop </code>
</div>
<div class="line number2 index1 alt1">
<code class="plain plain">#start 开启 </code>
</div>
<div class="line number3 index2 alt2">
<code class="plain plain">#restart 重启</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
添加好之后防火墙规则如下所示:</p>
<p>
代码如下</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterbash" id="highlighter_618948">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
<div class="line number9 index8 alt2">
9</div>
<div class="line number10 index9 alt1">
10</div>
<div class="line number11 index10 alt2">
11</div>
<div class="line number12 index11 alt1">
12</div>
<div class="line number13 index12 alt2">
13</div>
<div class="line number14 index13 alt1">
14</div>
<div class="line number15 index14 alt2">
15</div>
<div class="line number16 index15 alt1">
16</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="bash comments"># Firewall configuration written by system-config-firewall </code>
</div>
<div class="line number2 index1 alt1">
<code class="bash comments"># Manual customization of this file is not recommended. </code>
</div>
<div class="line number3 index2 alt2">
<code class="bash plain">*filter </code>
</div>
<div class="line number4 index3 alt1">
<code class="bash plain">:INPUT ACCEPT </code>
</div>
<div class="line number5 index4 alt2">
<code class="bash plain">:FORWARD ACCEPT </code>
</div>
<div class="line number6 index5 alt1">
<code class="bash plain">:OUTPUT ACCEPT </code>
</div>
<div class="line number7 index6 alt2">
<code class="bash plain">-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT </code>
</div>
<div class="line number8 index7 alt1">
<code class="bash plain">-A INPUT -p icmp -j ACCEPT </code>
</div>
<div class="line number9 index8 alt2">
<code class="bash plain">-A INPUT -i lo -j ACCEPT </code>
</div>
<div class="line number10 index9 alt1">
<code class="bash plain">-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT </code>
</div>
<div class="line number11 index10 alt2">
<code class="bash plain">-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT </code>
</div>
<div class="line number12 index11 alt1">
<code class="bash plain">-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT </code>
</div>
<div class="line number13 index12 alt2">
<code class="bash plain">-A INPUT -j REJECT –reject-with icmp-host-prohibited </code>
</div>
<div class="line number14 index13 alt1">
<code class="bash plain">-A FORWARD -j REJECT –reject-with icmp-host-prohibited </code>
</div>
<div class="line number15 index14 alt2">
<code class="bash plain">COMMIT</code>
</div>
<div class="line number16 index15 alt1">
<code class="bash plain">/etc/init</code><code class="bash plain">.d</code><code class="bash plain">/iptables</code> <code class="bash plain">restart</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
补充,有些朋友喜欢这样做</p>
<p>
代码如下</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_252255">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain">vi /etc/sysconfig/iptables</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain plain">-A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT(允许80端口通过防火墙) </code>
</div>
<div class="line number3 index2 alt2">
<code class="plain plain">-A INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT(允许3306端口通过防火墙)</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
按照这种方法测试,发现重启防火墙的时候,回报这两行错误。</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_635934">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
<div class="line number4 index3 alt1">
4</div>
<div class="line number5 index4 alt2">
5</div>
<div class="line number6 index5 alt1">
6</div>
<div class="line number7 index6 alt2">
7</div>
<div class="line number8 index7 alt1">
8</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain"># /etc/init.d/iptables restart </code>
</div>
<div class="line number2 index1 alt1">
<code class="plain plain">iptables:清除防火墙规则: [确定]</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain plain">iptables:将链设置为政策 ACCEPT:filter [确定]</code>
</div>
<div class="line number4 index3 alt1">
<code class="plain plain">iptables:正在卸载模块: [确定]</code>
</div>
<div class="line number5 index4 alt2">
<code class="plain plain">iptables:应用防火墙规则:Bad argument `–-state'</code>
</div>
<div class="line number6 index5 alt1">
<code class="plain plain">Error occurred at line: 11</code>
</div>
<div class="line number7 index6 alt2">
<code class="plain plain">Try `iptables-restore -h' or 'iptables-restore --help' for more information.</code>
</div>
<div class="line number8 index7 alt1">
<code class="plain spaces"> </code><code class="plain plain">[失败]</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
发现这种方法并不好使,于是尝试另外一种,通过命令去添加端口的方法。</p>
<p>
代码如下</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_532998">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
<div class="line number2 index1 alt1">
2</div>
<div class="line number3 index2 alt2">
3</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain"># /sbin/iptables -I INPUT -p tcp --dport 80 -j ACCEPT</code>
</div>
<div class="line number2 index1 alt1">
<code class="plain plain"># /etc/rc.d/init.d/iptables save</code>
</div>
<div class="line number3 index2 alt2">
<code class="plain plain"># /etc/init.d/iptables restart</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
这样就搞定了,查看效果</p>
<p>
代码如下</p>
<div class="jb51code">
<div>
<div class="syntaxhighlighterplain" id="highlighter_845214">
<div class="toolbar">
<span>?</span>
</div>
<table border="0" cellpadding="0" cellspacing="0"><tbody><tr>
<td class="gutter">
<div class="line number1 index0 alt2">
1</div>
</td>
<td class="code">
<div class="container">
<div class="line number1 index0 alt2">
<code class="plain plain"># /etc/init.d/iptables status</code>
</div>
</div>
</td>
</tr></tbody></table>
</div>
</div>
<div class="codetool" id="codetool">
<div class="code_n">
<textarea></textarea>
</div>
</div>
</div>
<p>
<span><strong>总结</strong></span></p>
<p>
以上就是本文关于Linux中在防火墙中开启80端口方法示例的全部内容,希望对大家有所帮助。感兴趣的朋友可以继续参阅本站:Linux企业运维人员常用的150个命令分享、浅谈Linux的库文件等,有什么问题可以随时留言,小编会及时回复大家的。</p>
<p>
原文链接:http://blog.csdn.net/panpan639944806/article/details/24969707</p>
頁:
[1]