对于任何服务,都可以修改它的端口,除了部分服务的端口不能小与一定的数字。修改之后,就要在iptables里面修改相应的规则,比如将ssh的22改为1234,那么就是:vim /etc/ssh/sshd_config
Port改为1234,service iptables restart(/etc/init.d/iptables restart).
------------------------------------------------------------------------------------------
任何通信都是通过主机ip和端口进行的。——2012-01-03 凯哥在家木事儿
------------------------------------------------------------------------------------------
Last login: Tue Jan 3 12:48:27 2012 from 218.82.29.125
-bash-3.2$ sudo su - root
[sudo] password for yangkai:
Sorry, try again.
[sudo] password for yangkai:
[root@testcms ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Sat Apr 2 23:37:12 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [40:7132]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2022 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 433 -j ACCEPT
#esinConfigServer localhost 6805i NEW -m tcp --dport 433 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8099 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8009 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8011 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5001 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 59296 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8082 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8093 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 59504 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8094 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8088 -j ACCEPT
COMMIT
# Completed on Sat Apr 2 23:37:12 2011
[root@testcms ~]#
-------------------------------------------------------------------------------------------
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 1234 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT
vm centos 6.0 设置上面那行,就不管用,下面才行。
------------------------------------------------------------
小田的机器,kloxo的端口设置:
- [root@vps147 ~]# service iptables restart
- Flushing firewall rules: [ OK ]
- Setting chains to policy ACCEPT: filter [ OK ]
- Unloading iptables modules: [ OK ]
- Applying iptables firewall rules: [ OK ]
- Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ]
- [root@vps147 ~]# uname -a
- Linux vps147.linkallin.com 2.6.18-274.17.1.el5 #1 SMP Tue Jan 10 17:26:03 EST 2012 i686 i686 i386 GNU/Linux
- [root@vps147 ~]# cat /etc/redhat-release
- CentOS release 5.7 (Final)
- [root@vps147 ~]#
- [root@vps147 ~]# vim /etc/sysconfig/iptables
-
-
# Firewall configuration written by system-config-securitylevel
-
# Manual customization of this file is not recommended.
-
*filter
-
:INPUT ACCEPT [0:0]
-
:FORWARD ACCEPT [0:0]
-
:OUTPUT ACCEPT [0:0]
-
:RH-Firewall-1-INPUT - [0:0]
-
-A INPUT -j RH-Firewall-1-INPUT
-
-A FORWARD -j RH-Firewall-1-INPUT
-
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7776 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7777 -j ACCEPT
-
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7778 -j ACCEPT
-
#-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-
#yk
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 7776 -j ACCEPT
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 7777 -j ACCEPT
-
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT
-
#-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-
#yk
-
COMMIT
-
-
"/etc/sysconfig/iptables" 42L, 2274C written
-
[root@vps147 ~]# service iptables restart
-
Flushing firewall rules: [ OK ]
-
Setting chains to policy ACCEPT: filter [ OK ]
-
Unloading iptables modules: [ OK ]
-
Applying iptables firewall rules: [ OK ]
-
Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ]
#注释的规则不对,不知道为什么,可能是不同的系统的防火墙规则不同罢,在设置端口的位置,不能有多余的空格!
手动改/etc/sysconfig/network-scripts/ifcfg-eth0文件
vi打开ifcfg-eth0文件
原内容:
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:03:47:2C:D5:40
ONBOOT=yes
TYPE=Ethernet
改为:
DEVICE=eth0
BOOTPROTO=static
IPADDR=192.168.1.223
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
HWADDR=00:03:47:2C:D5:40
ONBOOT=yes
TYPE=Ethernet
分别执行命令
/sbin/ifdown eth0
/sbin/ifup eth0
/etc/init.d/network restart //使设置的网关马上生效
#里面是区分大小写的,最后用awk处理:
1. awk -F ['='] '{print $1|"tr '[a-z]' '[A-Z]'"}' ifcft-eth0 >file1
2. awk -F ['='] '{print "="$2}' ifcft-eth0 >file2
3. paste file1 file2 |sed 's/\t//g' >ifcft-eth0
4.ok!
阅读(1399) | 评论(0) | 转发(0) |