6868< link href ="/css/main.css?v=5.0.2 " rel ="stylesheet " type ="text/css " />
6969
7070
71- < meta name ="keywords " content ="Hexo, NexT " />
71+ < meta name ="keywords " content ="firewalld 端口转发, " />
7272
7373
7474
8484
8585
8686
87- < meta name ="description " content ="stay foolish, stay hungry ">
87+ < meta name ="description " content ="firewalld入门由于需要使用端口转发功能,选来选去还是使用centos 7的firewalld来作为端口映射工具。 下面对firewalld的使用详细说明一下。 本文参考链接http://www.jb51.net/article/112698.htm ">
88+ < meta name ="keywords " content ="firewalld 端口转发 ">
8889< meta property ="og:type " content ="article ">
8990< meta property ="og:title " content ="firewalld入门 ">
9091< meta property ="og:url " content ="http://yoursite.com/2017/08/02/firewalld入门/index.html ">
9192< meta property ="og:site_name " content ="ross&linda's blog ">
92- < meta property ="og:description " content ="stay foolish, stay hungry ">
93+ < meta property ="og:description " content ="firewalld入门由于需要使用端口转发功能,选来选去还是使用centos 7的firewalld来作为端口映射工具。 下面对firewalld的使用详细说明一下。 本文参考链接http://www.jb51.net/article/112698.htm ">
9394< meta property ="og:locale " content ="zh-Hans ">
94- < meta property ="og:updated_time " content ="2017-08-03T02:26:52.360Z ">
95+ < meta property ="og:updated_time " content ="2017-08-02T12:13:58.000Z ">
9596< meta name ="twitter:card " content ="summary ">
9697< meta name ="twitter:title " content ="firewalld入门 ">
97- < meta name ="twitter:description " content ="stay foolish, stay hungry ">
98+ < meta name ="twitter:description " content ="firewalld入门由于需要使用端口转发功能,选来选去还是使用centos 7的firewalld来作为端口映射工具。 下面对firewalld的使用详细说明一下。 本文参考链接http://www.jb51.net/article/112698.htm ">
9899
99100
100101
@@ -280,7 +281,25 @@ <h1 class="post-title" itemprop="name headline">
280281
281282
282283
283-
284+ < h2 id ="firewalld入门 "> < a href ="#firewalld入门 " class ="headerlink " title ="firewalld入门 "> </ a > firewalld入门</ h2 > < p > 由于需要使用端口转发功能,选来选去还是使用centos 7的firewalld来作为端口映射工具。</ p >
285+ < p > 下面对firewalld的使用详细说明一下。</ p >
286+ < p > 本文参考链接< a href ="http://www.jb51.net/article/112698.htm " target ="_blank " rel ="external "> http://www.jb51.net/article/112698.htm</ a > </ p >
287+ < a id ="more "> </ a >
288+ < p > firewall-cmd需要firewalld进程处于运行状态。当我们修改一些配置之后,可以采用下面两种方式激活配置。< br > < figure class ="highlight shell "> < table > < tr > < td class ="gutter "> < pre > < div class ="line "> 1</ div > < div class ="line "> 2</ div > </ pre > </ td > < td class ="code "> < pre > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> systemctl restart firewalld</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --reload</ span > </ div > </ pre > </ td > </ tr > </ table > </ figure > </ p >
289+ < p > 第一种方式会中断现有的tcp会话,第二种方式不会中断正在连接的tcp会话。但是需要注意的是man firewall的页面中后面带有[P]应该是需要加上–permanent,以保证使用上述两个命令之后仍然有效。我就败在了下面命令下,导致端口转发一直不生效。< br > < figure class ="highlight shell "> < table > < tr > < td class ="gutter "> < pre > < div class ="line "> 1</ div > </ pre > </ td > < td class ="code "> < pre > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --add-masquerad --permanent</ span > </ div > </ pre > </ td > </ tr > </ table > </ figure > </ p >
290+ < h2 id ="启动-停止 "> < a href ="#启动-停止 " class ="headerlink " title ="启动/停止 "> </ a > 启动/停止</ h2 > < figure class ="highlight shell "> < table > < tr > < td class ="gutter "> < pre > < div class ="line "> 1</ div > < div class ="line "> 2</ div > < div class ="line "> 3</ div > < div class ="line "> 4</ div > </ pre > </ td > < td class ="code "> < pre > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> systemctl list-unit-files | grep firewalld</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> systemctl start firewalld</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> systemctl < span class ="built_in "> enable</ span > firewalld</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> systemctl < span class ="built_in "> enable</ span > firewalld</ span > </ div > </ pre > </ td > </ tr > </ table > </ figure >
291+ < h2 id ="防火墙功能 "> < a href ="#防火墙功能 " class ="headerlink " title ="防火墙功能 "> </ a > 防火墙功能</ h2 > < p > firewalld的一个功能是防火墙功能,它可以屏蔽一些端口的使用,一般如果连接到互联网上,则只开启80端口提供访问,对内可以开启mysql、redis的端口。</ p >
292+ < figure class ="highlight shell "> < table > < tr > < td class ="gutter "> < pre > < div class ="line "> 1</ div > < div class ="line "> 2</ div > < div class ="line "> 3</ div > < div class ="line "> 4</ div > < div class ="line "> 5</ div > < div class ="line "> 6</ div > </ pre > </ td > < td class ="code "> < pre > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --add-service=mysql --permanent // 开放mysql端口</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --remove-service=http --permanent // 阻止http服务端口</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --list-services --permanent // 查看开发的服务</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --add-port=3306/tcp --permanent // 开放通过tcp访问3306</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --remove-port=3306/tcp --permanent // 阻止通过tcp访问3306</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --list-ports --permanent // 查看开发的端口</ span > </ div > </ pre > </ td > </ tr > </ table > </ figure >
293+ < p > 上述命令只是记录,没有做验证。</ p >
294+ < h2 id ="伪装ip "> < a href ="#伪装ip " class ="headerlink " title ="伪装ip "> </ a > 伪装ip</ h2 > < p > 防火墙可以启动伪装ip的作用,端口转发功能会用到这个功能。个人理解是只有开启了伪装ip的功能,才可以起到端口转发的功能。</ p >
295+ < figure class ="highlight shell "> < table > < tr > < td class ="gutter "> < pre > < div class ="line "> 1</ div > < div class ="line "> 2</ div > < div class ="line "> 3</ div > </ pre > </ td > < td class ="code "> < pre > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --query-masquerade --permanent</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --add-masquerade --permanent</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --remove-masquerade --permanent</ span > </ div > </ pre > </ td > </ tr > </ table > </ figure >
296+ < p > 相同的是,上述命令也需要通过 firewall-cmd –reload 命令来生效。</ p >
297+ < h2 id ="端口映射 "> < a href ="#端口映射 " class ="headerlink " title ="端口映射 "> </ a > 端口映射</ h2 > < p > 端口转发配置如下</ p >
298+ < figure class ="highlight shell "> < table > < tr > < td class ="gutter "> < pre > < div class ="line "> 1</ div > < div class ="line "> 2</ div > < div class ="line "> 3</ div > < div class ="line "> 4</ div > </ pre > </ td > < td class ="code "> < pre > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080 --permanent</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=192.168.1.2 --permanent</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=192.168.1.2:toport=8080 --permanent</ span > </ div > < div class ="line "> < span class ="meta "> #</ span > < span class ="bash "> firewall-cmd --list-forward-ports</ span > </ div > </ pre > </ td > </ tr > </ table > </ figure >
299+ < p > 上述命令需要通过 firewall-cmd –reload 命令来生效。</ p >
300+ < h2 id ="配置文件 "> < a href ="#配置文件 " class ="headerlink " title ="配置文件 "> </ a > 配置文件</ h2 > < p > 上述配置完成之后,firewall对应的配置文件目录为< br > < figure class ="highlight shell "> < table > < tr > < td class ="gutter "> < pre > < div class ="line "> 1</ div > < div class ="line "> 2</ div > < div class ="line "> 3</ div > < div class ="line "> 4</ div > < div class ="line "> 5</ div > < div class ="line "> 6</ div > < div class ="line "> 7</ div > < div class ="line "> 8</ div > < div class ="line "> 9</ div > < div class ="line "> 10</ div > < div class ="line "> 11</ div > < div class ="line "> 12</ div > < div class ="line "> 13</ div > < div class ="line "> 14</ div > </ pre > </ td > < td class ="code "> < pre > < div class ="line "> [root@inspur zones]# pwd</ div > < div class ="line "> /etc/firewalld/zones</ div > < div class ="line "> [root@inspur zones]# cat public.xml</ div > < div class ="line "> <?xml version="1.0" encoding="utf-8"?></ div > < div class ="line "> <zone></ div > < div class ="line "> <short>Public</short></ div > < div class ="line "> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description></ div > < div class ="line "> <service name="dhcpv6-client"/></ div > < div class ="line "> <service name="ssh"/></ div > < div class ="line "> <port protocol="udp" port="22"/></ div > < div class ="line "> <port protocol="tcp" port="22"/></ div > < div class ="line "> <masquerade/></ div > < div class ="line "> <forward-port to-addr="100.7.44.66" to-port="22" protocol="tcp" port="16012"/></ div > < div class ="line "> </zone></ div > </ pre > </ td > </ tr > </ table > </ figure > </ p >
301+ < p > End</ p >
302+
284303
285304 </ div >
286305
@@ -300,6 +319,12 @@ <h1 class="post-title" itemprop="name headline">
300319
301320 < footer class ="post-footer ">
302321
322+ < div class ="post-tags ">
323+
324+ < a href ="/tags/firewalld-端口转发/ " rel ="tag "> #firewalld 端口转发</ a >
325+
326+ </ div >
327+
303328
304329
305330 < div class ="post-nav ">
@@ -396,7 +421,7 @@ <h1 class="post-title" itemprop="name headline">
396421
397422 < div class ="site-state-item site-state-tags ">
398423 < a href ="/tags ">
399- < span class ="site-state-item-count "> 10 </ span >
424+ < span class ="site-state-item-count "> 11 </ span >
400425 < span class ="site-state-item-name "> 标签</ span >
401426 </ a >
402427 </ div >
@@ -425,7 +450,7 @@ <h1 class="post-title" itemprop="name headline">
425450
426451
427452
428- < p class ="post-toc-empty " > 此文章未包含目录 </ p >
453+ < div class ="post-toc-content " > < ol class =" nav " > < li class =" nav-item nav-level-2 " > < a class =" nav-link " href =" #firewalld入门 " > < span class =" nav-number " > 1. </ span > < span class =" nav-text " > firewalld入门 </ span > </ a > </ li > < li class =" nav-item nav-level-2 " > < a class =" nav-link " href =" #启动-停止 " > < span class =" nav-number " > 2. </ span > < span class =" nav-text " > 启动/停止 </ span > </ a > </ li > < li class =" nav-item nav-level-2 " > < a class =" nav-link " href =" #防火墙功能 " > < span class =" nav-number " > 3. </ span > < span class =" nav-text " > 防火墙功能 </ span > </ a > </ li > < li class =" nav-item nav-level-2 " > < a class =" nav-link " href =" #伪装ip " > < span class =" nav-number " > 4. </ span > < span class =" nav-text " > 伪装ip </ span > </ a > </ li > < li class =" nav-item nav-level-2 " > < a class =" nav-link " href =" #端口映射 " > < span class =" nav-number " > 5. </ span > < span class =" nav-text " > 端口映射 </ span > </ a > </ li > < li class =" nav-item nav-level-2 " > < a class =" nav-link " href =" #配置文件 " > < span class =" nav-number " > 6. </ span > < span class =" nav-text " > 配置文件 </ span > </ a > </ li > </ ol > </ div >
429454
430455 </ div >
431456 </ section >
0 commit comments