共计 2123 个字符,预计需要花费 6 分钟才能阅读完成。
可以通过”netstat -anp” 来查看哪些端口被打开。
(注:加参数’-n’会将应用程序转为端口显示,即数字格式的地址,如:nfs->2049, ftp->21,因此可以开启两个终端,一一对应一下程序所对应的端口号)
然后可以通过”lsof -i:port
“
查看应用该端口的程序(
PORT”查看应用该端口的程序(PORT指对应的端口号)。或者你也可以查看文件/etc/services,从里面可以找出端口所对应的服务。
(注:有些端口通过netstat查不出来,更可靠的方法是”sudo nmap -sT -O localhost”)
若要关闭某个端口,则可以:
1)通过iptables工具将该端口禁掉,如:
“sudo iptables -A INPUT -p tcp –dport $PORT -j DROP”
“sudo iptables -A OUTPUT -p tcp –dport $PORT -j DROP”
2)或者关掉对应的应用程序,则端口就自然关闭了,如:
“kill -9 PID” (PID:进程号)
如: 通过”netstat -anp | grep ssh”
有显示: tcp 0 127.0.0.1:2121 0.0.0.0:* LISTEN 7546/ssh
则: “kill -9 7546”
(可通过”chkconfig”查看系统服务的开启状态)
[Linux] Linux查看端口使用状态、关闭端口方法
https://blog.51cto.com/u_15057820/3585538
永久化
iptables 持久化
安装持久化工具
apt-get install iptables-persistent
Ubuntu 16.04 调用语法
netfilter-persistent save
netfilter-persistent reload
一键清除iptables规则
cat clear_iptables_rule.sh
#!/bin/bash
iptables -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEP
iptables 转发请求到80端口
1.使用DNAT实现
iptables -t nat -A PREROUTING -p tcp -i ens33 -d 192.168.122.128 –dport 8089 -j DNAT –to 192.168.122.128:80
2.使用redirect实现
iptables -t nat -A PREROUTING -p tcp –dport 8088 -j REDIRECT –to-port 80
====================
iptables本地端口转发
所有的81请求转发到了8080上.
iptables -t nat -A PREROUTING -p tcp –dport 81 -j REDIRECT –to-ports 8080
1
iptables -t nat -A PREROUTING -p tcp –dport 81 -j REDIRECT –to-ports 8080
如果需要本机也可以访问,则需要配置OUTPUT链:
iptables -t nat -A OUTPUT -p tcp –dport 81 -j REDIRECT –to-ports 8080
1
iptables -t nat -A OUTPUT -p tcp –dport 81 -j REDIRECT –to-ports 8080
原因:外网访问需要经过PREROUTING链,但是localhost不经过该链,因此需要用OUTPUT,或者POSTROUTING。POSTROUTING不行,需要看看。
iptables 转发到其它服务器
ubuntu 防火墙转发规则:
1首先把/etc/sysctl.conf配置文件中的net.ipv4.ip_forward=0改为net.ipv4.ip_forward=1
然后执行sysctl -p /etc/sysctl.conf使命令生效。
2配置防火墙的 IP 伪装
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
3如果你想让内部网络内的某个服务器能够被外部访问,你可以使用 NAT 内 PREROUTING 链的 -j DNAT 目标来指定向目标 IP 地址以及端口转发请求连接到内部服务器。例如,如果你想把进入的 HTTP 请求转发到 172.11.0.21 上的专用 Apache HTTP 服务器服务器系统,运行以下命令
iptables -t nat -A PREROUTING -i eth0 -p tcp –dport 80 -j DNAT
–to 172.11.0.21:80
4该规则允许把进入的80端口请求从防火墙转发到172.11.0.21的服务器。
iptables -A FORWARD -i eth0 -p tcp –dport 80 -d 172.11.0.21 -j ACCEPT
https://www.cnblogs.com/liuxm2017/p/11152738.html
还有个根治彻底的方法:
直接卸载sendmail
apt autoremove sendmail
apt autoremove sendmail-cf
apt autoremove mailutils
Lexitoto
Thanks for a marvelous posting! I genuinely enjoyed reading it, you are a great author.I will always bookmark your blog and will often come back down the road. I want to encourage continue your great job, have a nice weekend!
Lexitoto
Very well presented. Every quote was awesome and thanks for sharing the content. Keep sharing and keep motivating others.
Lexitoto
You’re so awesome! I don’t believe I have read a single thing like that before. So great to find someone with some original thoughts on this topic. Really.. thank you for starting this up. This website is something that is needed on the internet, someone with a little originality!
Lexitoto
Hi there to all, for the reason that I am genuinely keen of reading this website’s post to be updated on a regular basis. It carries pleasant stuff.
WFsaTG
coli bacteria 4 remember when I told you that E levitra with dapoxetine reviews
Lexitoto
Awesome! Its genuinely remarkable post, I have got much clear idea regarding from this post
Lexitoto
There is definately a lot to find out about this subject. I like all the points you made
Bambu 4D
You’re so awesome! I don’t believe I have read a single thing like that before. So great to find someone with some original thoughts on this topic. Really.. thank you for starting this up. This website is something that is needed on the internet, someone with a little originality!
Lexitoto
I just like the helpful information you provide in your articles
Lexitoto
This was beautiful Admin. Thank you for your reflections.