在Linux上部署項目,經常會遇到本機可以正常訪問,但是其他機器無法訪問的情況,這種情況極大可能是由於防火牆對端口進行了攔截導致的,下面我們就來說下如何開放訪問端口
CentOS 6是以下步驟
1. 查詢防火牆的狀態
[root@localhost ~]# service iptables status iptables: Firewall is not running.
2. 開啟/關閉防火牆
[root@localhost ~]# service iptables start --開啟
[root@localhost ~]# service iptables stop --關閉
3. 開機啟動/關閉
[root@localhost ~]# chkconfig iptables off/on
4. 啟動防火牆
[root@localhost ~]# service iptables start
iptables:應用防火牆規則: [確定]
5. 開放指定端口
- 以8080為例:
[root@localhost ~]# vim /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited
# 插入以下內容
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7001 -j ACCEPT
COMMIT
[root@localhost ~]# service iptables save
iptables:將防火牆規則保存到 /etc/sysconfig/iptables: [確定]
[root@localhost ~]# service iptables restart
iptables:將鏈設置為政策 ACCEPT:filter [確定]
iptables:清除防火牆規則: [確定]
iptables:正在卸載模塊: [確定]
iptables:應用防火牆規則: [確定]
CentOS 7
1. 查看防火牆的狀態
[root@dzpj2 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-10-26 15:25:39 CST; 1s ago Docs: man:firewalld(1) Main PID: 19901 (firewalld) Tasks: 2 CGroup: /system.slice/firewalld.service └─19901 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...name. Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...name. Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...in?). Oct 26 15:25:40 dzpj2 firewalld[19901]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --d...in?). Hint: Some lines were ellipsized, use -l to show in full.
2.打開/關閉/重啟防火牆
[root@dzpj2 ~]# systemctl start firewalld [root@dzpj2 ~]# systemctl stop firewalld [root@dzpj2 ~]# systemctl restart firewalld
3.查看是否開機啟動
[root@localhost ~]# systemctl is-enabled firewalld #開機啟動
enabled
[root@localhost ~]# systemctl is-enabled firewalld #非開機啟動
disable
[root@localhost ~]# systemctl enable/disable firewalld #關閉/打開開機啟動
4.查詢已開放端口
[root@dzpj ~]# firewall-cmd --list-ports 7002/tcp 7006/tcp 7005/tcp 7007/tcp 25/tcp 7001/tcp
5.開放指定端口,重新加載配置
[root@dzpj2 bin]# firewall-cmd --permanent --add-port=7001/tcp success [root@dzpj2 bin]# [root@dzpj2 bin]# firewall-cmd --reload success
- firewall-cmd:屬於防火牆的命令之一,在CentOS7版本以上使用
- --permanent:如果不加該參數,開放指定端口的命令會立即生效,但是重啟防火牆后,會失效;加上該參數,該配置會永久保留,但是需要reload重啟防火牆
- --add-port=7001/tcp:添加端口和網絡協議(tcp/http/https......)
6.刪除已開放的端口
[root@dzpj2 bin]# firewall-cmd --permanent --remove-port=7001/tcp success [root@dzpj2 bin]# [root@dzpj2 bin]# firewall-cmd --reload success