Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1614038
  • 博文数量: 409
  • 博客积分: 6240
  • 博客等级: 准将
  • 技术积分: 4908
  • 用 户 组: 普通用户
  • 注册时间: 2011-06-01 00:04
文章分类

全部博文(409)

文章存档

2021年(1)

2019年(1)

2017年(1)

2016年(13)

2015年(22)

2013年(4)

2012年(240)

2011年(127)

分类: LINUX

2012-01-03 12:53:15

    对于任何服务,都可以修改它的端口,除了部分服务的端口不能小与一定的数字。修改之后,就要在iptables里面修改相应的规则,比如将ssh的22改为1234,那么就是:vim /etc/ssh/sshd_config
Port改为1234,service iptables restart(/etc/init.d/iptables restart).
------------------------------------------------------------------------------------------
任何通信都是通过主机ip和端口进行的。——2012-01-03 凯哥在家木事儿
------------------------------------------------------------------------------------------
Last login: Tue Jan  3 12:48:27 2012 from 218.82.29.125
 -bash-3.2$  sudo su - root
[sudo] password for yangkai: 
Sorry, try again.
[sudo] password for yangkai: 
[root@testcms ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Sat Apr  2 23:37:12 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [40:7132]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT 
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT 
-A INPUT -p udp -m udp --dport 53 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2022 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 433 -j ACCEPT
#esinConfigServer localhost 6805i NEW -m tcp --dport 433 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1521 -j ACCEPT 

-A INPUT -p tcp -m state --state NEW -m tcp --dport 8099 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8009 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8011 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 5001 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 59296 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8081 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8082 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8093 -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 59504 -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8094 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8088 -j ACCEPT


COMMIT
# Completed on Sat Apr  2 23:37:12 2011
[root@testcms ~]# 
-------------------------------------------------------------------------------------------
#-A INPUT -m state --state NEW -m tcp -p tcp --dport 1234 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1234 -j ACCEPT
vm centos 6.0 设置上面那行,就不管用,下面才行。

------------------------------------------------------------
小田的机器,kloxo的端口设置:

  1. [root@vps147 ~]# service iptables restart
  2. Flushing firewall rules: [  OK  ]
  3. Setting chains to policy ACCEPT: filter [  OK  ]
  4. Unloading iptables modules: [  OK  ]
  5. Applying iptables firewall rules: [  OK  ]
  6. Loading additional iptables modules: ip_conntrack_netbios_ns [  OK  ]
  7. [root@vps147 ~]# uname -a
  8. Linux vps147.linkallin.com 2.6.18-274.17.1.el5 #1 SMP Tue Jan 10 17:26:03 EST 2012 i686 i686 i386 GNU/Linux
  9. [root@vps147 ~]# cat /etc/redhat-release 
  10. CentOS release 5.7 (Final)
  11. [root@vps147 ~]# 
  12. [root@vps147 ~]# vim /etc/sysconfig/iptables
  13. # Firewall configuration written by system-config-securitylevel
  14. # Manual customization of this file is not recommended.
  15. *filter
  16. :INPUT ACCEPT [0:0]
  17. :FORWARD ACCEPT [0:0]
  18. :OUTPUT ACCEPT [0:0]
  19. :RH-Firewall-1-INPUT - [0:0]
  20. -A INPUT -j RH-Firewall-1-INPUT
  21. -A FORWARD -j RH-Firewall-1-INPUT
  22. -A RH-Firewall-1-INPUT -i lo -j ACCEPT
  23. -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
  24. -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
  25. -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
  26. -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
  27. -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
  28. -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
  29. -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  30. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
  31. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
  32. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
  33. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 111 -j ACCEPT
  34. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
  35. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
  36. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
  37. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7776 -j ACCEPT
  38. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7777 -j ACCEPT
  39. -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7778 -j ACCEPT
  40. #-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
  41. #yk
  42. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
  43. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 111 -j ACCEPT
  44. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
  45. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
  46. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
  47. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
  48. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 7776 -j ACCEPT
  49. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 7777 -j ACCEPT
  50. #-A INPUT -p tcp -m state --state NEW -m tcp --dport 7778 -j ACCEPT
  51. #-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
  52. #yk
  53. COMMIT
  54. "/etc/sysconfig/iptables" 42L, 2274C written
  55. [root@vps147 ~]# service iptables restart
  56. Flushing firewall rules: [ OK ]
  57. Setting chains to policy ACCEPT: filter [ OK ]
  58. Unloading iptables modules: [ OK ]
  59. Applying iptables firewall rules: [ OK ]
  60. Loading additional iptables modules: ip_conntrack_netbios_ns [ OK ]
#注释的规则不对,不知道为什么,可能是不同的系统的防火墙规则不同罢,在设置端口的位置,不能有多余的空格!

  1. 手动改/etc/sysconfig/network-scripts/ifcfg-eth0文件
    vi打开ifcfg-eth0文件
    原内容:
    DEVICE=eth0
    BOOTPROTO=dhcp
    HWADDR=00:03:47:2C:D5:40
    ONBOOT=yes
    TYPE=Ethernet
    改为:
    DEVICE=eth0
    BOOTPROTO=static
    IPADDR=192.168.1.223
    NETMASK=255.255.255.0
    GATEWAY=192.168.1.1
    HWADDR=00:03:47:2C:D5:40
    ONBOOT=yes    
    TYPE=Ethernet
    分别执行命令
    /sbin/ifdown eth0
    /sbin/ifup eth0
    /etc/init.d/network restart  //使设置的网关马上生效
    #里面是区分大小写的,最后用awk处理:
    1. awk -F ['='] '{print $1|"tr '[a-z]' '[A-Z]'"}' ifcft-eth0 >file1
    2. awk -F ['='] '{print "="$2}' ifcft-eth0 >file2
    3. paste file1 file2 |sed 's/\t//g' >ifcft-eth0
    4.ok!


阅读(1354) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~