Iptables
防火牆完全禁用但仍然無法訪問埠 - Centos7
我在以下位置禁用了 selinux
/etc/sysconfig/selinux:SELINUX=disabled重新啟動並禁用了
firewalld和iptables服務。# sestatus SELinux status: disabled # systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1) # systemctl status iptables ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled) Active: inactive (dead) # ufw status Status: inactive我仍然無法使用特定埠訪問伺服器:
# nc -v 10.0.12.3 8887 nc: connect to 10.0.12.3 port 8887 (tcp) failed: Connection refused我可以 ping 伺服器並 ssh 到它。
我嘗試使用
iptablesand來打開埠firewalld,但沒有成功。剩下的最後一個選項是完全禁用防火牆,即使這樣也不起作用。正在監聽的埠是:
# netstat -plnt Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1031/rpcbind tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1843/dnsmasq tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1392/sshd tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1391/cupsd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1756/master tcp 0 0 0.0.0.0:6010 0.0.0.0:* LISTEN 1892/sshd: jmalapra tcp 0 0 0.0.0.0:6011 0.0.0.0:* LISTEN 2461/sshd: jmalapra tcp6 0 0 :::111 :::* LISTEN 1031/rpcbind tcp6 0 0 :::22 :::* LISTEN 1392/sshd tcp6 0 0 ::1:631 :::* LISTEN 1391/cupsd tcp6 0 0 :::6010 :::* LISTEN 1892/sshd: jmalapra tcp6 0 0 :::6011 :::* LISTEN 2461/sshd: jmalapra
使用
netstat或ss來驗證服務是否正在偵聽相關 IP/埠。現在編輯您已驗證相關服務正在執行,請重置您的盒子的安全措施:
# Restore SELinux sed -i -e 's/SELINUX=disabled/SELINUX=enforcing/g' /etc/sysconfig/selinux touch /.autorelabel reboot # Firewall exception firewall-cmd --zone=public --add-port=8887/tcp --permanent firewall-cmd --reload # Remove superfluous packages yum remove -y iptables-services ufw