标签:ati ram poe output nbsp 配置 remove 程序 where
centos6下配置文件为/etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Mon Dec 25 11:46:40 2017
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:208]
-A INPUT -p udp -m state --state NEW -m udp --dport 8989 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8989 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Dec 25 11:46:40 2017iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080cat m-net-forward.sh
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -D POSTROUTING 1
iptables -t nat -D POSTROUTING 1
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j SNAT --to $1
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADEiptables -L -t nat --line-number
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain INPUT (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT all -- 192.168.1.0/24 anywhere to:100.102.180.11
2 MASQUERADE all -- anywhere anywhereiptables -D INPUT 2
iptables -t nat -D POSTROUTING 1iptables -R INPUT 3 -j ACCEPTsudo service iptables status
sudo service iptables start
sudo service iptables stopiptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443首先程序绑定1024以上的端口,然后root权限下做转发注意有些系统需要手动开启IP FORWARD功能。但是转发功能是否需要开启呢,有遇到过不需要这一步的情况。
vi /etc/sysctl.conf修改
net.ipv4.ip_forward = 1重新加载
sysctl -p /etc/sysctl.conf| 启动 | systemctl start firewalld |
| 查看状态 | systemctl status firewalld |
| 停止 | systemctl disable firewalld |
| 禁用 | systemctl stop firewalld |
systemctl是CentOS7的服务管理工具中主要的工具,它融合之前service和chkconfig的功能于一体。
| 启动一个服务 | systemctl start firewalld.service | |
| 关闭一个服务 | systemctl stop firewalld.service | |
| 重启一个服务 | systemctl restart firewalld.service | |
| 显示一个服务的状态 | systemctl status firewalld.service | |
| 在开机时启用一个服务 | systemctl enable firewalld.service | |
| 在开机时禁用一个服务 | systemctl disable firewalld.service | |
| 查看服务是否开机启动 | systemctl is-enabled firewalld.service | |
| 查看已启动的服务列表 | systemctl list-unit-files | grep enabled |
| 查看启动失败的服务列表 | systemctl –failed |
| 查看版本 | firewall-cmd –version |
| 查看帮助 | firewall-cmd –help |
| 显示状态 | firewall-cmd –state |
| 查看所有打开的端口 | firewall-cmd –zone=public –list-ports |
| 更新防火墙规则 | firewall-cmd –reload |
| 查看区域信息 | firewall-cmd –get-active-zones |
| 查看指定接口所属区域 | firewall-cmd –get-zone-of-interface=eth0 |
| 拒绝所有包 | firewall-cmd –panic-on |
| 取消拒绝状态 | firewall-cmd –panic-off |
| 查看是否拒绝 | firewall-cmd –query-panic |
firewall-cmd –zone=public –add-port=80/tcp –permanent (–permanent永久生效,没有此参数重启后失效)
firewall-cmd –zone=public –add-port=5060-5061/udp –permanent
firewall-cmd –reload
firewall-cmd –complete-reload
firewall-cmd –zone= public –query-port=80/tcp
firewall-cmd –zone=public –list-all
firewall-cmd –zone= public –remove-port=80/tcp –permanent
cat my-net-forward.sh
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -D POSTROUTING 1
iptables -t nat -D POSTROUTING 1
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o ppp0 -j SNAT --to $1
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE查看结果
iptables -L -t nat --line-number
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8443标签:ati ram poe output nbsp 配置 remove 程序 where
原文地址:https://www.cnblogs.com/BlackSwanYucatan/p/10146527.html
