mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
Merge pull request #1949 from KayGuoWhu/master
[Translated]20141029 Linux FAQs with Answers--How to open a port in the firewall on CentOS or RHEL
This commit is contained in:
Xingyu.Wang
commit
dd9348af6a
@ -1,69 +0,0 @@
|
||||
[translating by KayGuoWhu]
|
||||
Linux FAQs with Answers--How to open a port in the firewall on CentOS or RHEL
|
||||
================================================================================
|
||||
> **Question**: I am running a web/file server on my CentOS box, and to access the server remotely, I need to modify a firewall to allow access to a TCP port on the box. What is a proper way to open a TCP/UDP port in the firewall of CentOS/RHEL?
|
||||
|
||||
Out of the box, enterprise Linux distributions such as CentOS or RHEL come with a powerful firewall built-in, and their default firewall rules are pretty restrictive. Thus if you install any custom services (e.g., web server, NFS, Samba), chances are their traffic will be blocked by the firewall rules. You need to open up necessary ports on the firewall to allow their traffic.
|
||||
|
||||
On CentOS/RHEL 6 or earlier, the iptables service allows users to interact with netfilter kernel modules to configure firewall rules in the user space. Starting with CentOS/RHEL 7, however, a new userland interface called firewalld has been introduced to replace iptables service.
|
||||
|
||||
To check the current firewall rules, use this command:
|
||||
|
||||
$ sudo iptables -L
|
||||
|
||||
|
||||
|
||||
Now let's see how we can update the firewall to open a port on CentOS/RHEL.
|
||||
|
||||
### Open a Port on CentOS/RHEL 7 ###
|
||||
|
||||
Starting with CentOS and RHEL 7, firewall rule settings are managed by firewalld service daemon. A command-line client called firewall-cmd can talk to this deamon to update firewall rules permanently.
|
||||
|
||||
To open up a new port (e.g., TCP/80) permanently, use these commands.
|
||||
|
||||
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
$ sudo firewall-cmd --reload
|
||||
|
||||
Without "--permanent" flag, the firewall rule would not persist across reboots.
|
||||
|
||||
### Open a Port on CentOS/RHEL 6 ###
|
||||
|
||||
On CentOS/RHEL 6 or earlier, a iptables service is responsible for maintaining firewall rules.
|
||||
|
||||
Use iptables command to open up a new TCP/UDP port in the firewall. To save the updated rule permanently, you need the second command.
|
||||
|
||||
$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
||||
$ sudo service iptables save
|
||||
|
||||
Another way to open up a port on CentOS/RHEL 6 is to use a terminal-user interface (TUI) firewall client, named system-config-firewall-tui.
|
||||
|
||||
$ sudo system-config-firewall-tui
|
||||
|
||||
Choose "Customize" button in the middle and press ENTER.
|
||||
|
||||
|
||||
|
||||
If you are trying to update the firewall for any well-known service (e.g., web server), you can easily enable the firewall for the service here, and close the tool. If you are trying to open up any arbitrary TCP/UDP port, choose "Forward" button and go to a next window.
|
||||
|
||||
|
||||
|
||||
Add a new rule by choosing "Add" button.
|
||||
|
||||
|
||||
|
||||
Specify a port (e.g., 80) or port range (e.g., 3000-3030), and protocol (e.g., tcp or udp).
|
||||
|
||||
|
||||
|
||||
Finally, save the updated configuration, and close the tool. At this point, the firewall will be saved permanently.
|
||||
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
|
||||
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
@ -0,0 +1,68 @@
|
||||
Linux有问必答——在CentOS或RHEL防火墙上开启端口
|
||||
================================================================================
|
||||
> **问题**:我在CentOS系统上运行一台网页或文件服务器,打算远程访问服务器。因此,我需要更改防火墙规则以允许访问系统上的某个TCP端口。那么,有什么好方法在CentOS或RHEL系统的防火墙上开启TCP/UDP端口?
|
||||
|
||||
Out of the box,诸如CentOS或RHEL的企业级Linux发行版包含内置的强大防火墙,它们默认的防火墙规则十分严格。因此,如果你安装了任何定制服务(比如web服务器、NFS和Samba),那么它们的流量很有可能被防火墙规则阻塞。所以需要在防火墙上开启必要的端口以允许流量通过。
|
||||
|
||||
在CentOS/RHEL 6或更早的版本上,iptables服务允许用户与netfilter内核模块交互来在用户空间中配置防火墙规则。然而,从CentOS/RHEL 7开始,一个叫做firewalld新用户空间接口被引入以取代iptables服务。
|
||||
|
||||
使用这个命令察看当前的防火墙规则:
|
||||
|
||||
$ sudo iptables -L
|
||||
|
||||
|
||||
|
||||
现在,让我们看看如何在CentOS/RHEL上修改防火墙来开启一个端口。
|
||||
|
||||
### 在CentOS/RHEL 7上开启端口 ###
|
||||
|
||||
启动CentOS或RHEL 7后,防火墙规则设置由firewalld服务进程默认管理。一个叫做firewall-cm的命令行客户端支持和这个守护进程通信以永久修改防火墙规则。
|
||||
|
||||
使用这些命令来长久打开一个新端口(如TCP/80)。
|
||||
|
||||
$ sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
|
||||
$ sudo firewall-cmd --reload
|
||||
|
||||
如果不使用“--permanent”标记,把么防火墙规则在重启后会失效。
|
||||
|
||||
### 在CentOS/RHEL 6上开启端口 ###
|
||||
|
||||
在CentOS/RHEL 6甚至更早版本系统上,iptables服务负责维护防火墙规则。
|
||||
|
||||
使用iptables的第一条命令可以通过防火墙开启一个新TCP/UDP端口。为了永久保存修改过的规则,还需要第二条命令。
|
||||
|
||||
$ sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
|
||||
$ sudo service iptables save
|
||||
|
||||
另一种方法是通过一个名为system-config-firewall-tui的命令行用户接口(TUI)的防火墙客户端。
|
||||
|
||||
$ sudo system-config-firewall-tui
|
||||
|
||||
选择位于中间的“Customize”按钮,按下ENTER键即可。
|
||||
|
||||
|
||||
|
||||
如果想要为任何已知的服务(如web服务器)修改防火墙,只需使防火墙对该服务可用,然后关闭工具。如果想要开启任意一个TCP/UDP端口,选择“Forward”按钮,然后进入下一个界面。
|
||||
|
||||
|
||||
|
||||
选择“Add”按钮添加一条新规则。
|
||||
|
||||
|
||||
|
||||
指定一个端口(如80)或者端口范围(如3000-3030)和协议(如tcp或udp)。
|
||||
|
||||
|
||||
|
||||
最后,保存修改过的配置,关闭工具。这样,防火墙就永久保存了。
|
||||
|
||||
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: http://ask.xmodulo.com/open-port-firewall-centos-rhel.html
|
||||
|
||||
译者:[KayGuoWhu](https://github.com/KayGuoWhu)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||
Loading…
Reference in New Issue
Block a user