我很难理解为什么我无法通过添加 IPTABLES 规则来打开端口 61616。以下是通过 IPTABLES -L 命令获取的所有规则的列表。
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:61616
ACCEPT udp -- anywhere anywhere udp dpt:cslistener
ACCEPT tcp -- anywhere anywhere tcp dpt:cslistener
ACCEPT tcp -- anywhere anywhere tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:61616
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
尽管我对 IPTABLES 一无所知,但令我困惑的是,http 端口从外部是可见的,但端口 61616 仍然不可见。对我来说,规则看起来是一样的。无论如何,感谢所有帮助。
最佳
最佳答案
也许您尝试为 CentOS 主机后面的网络中的主机打开端口(CentOS 主机是网络的防火墙)? 如果是这样,您必须为表过滤器的链 FORWARD 添加规则,并且您应该 将 DNAT 规则添加到网络 x.x.x.x 中的某些 IP
iptables -A FORWARD -p tcp --dport 61616 -j ACCEPT
iptables -A PREROUTING -t nat -p tcp --dport 61616 -j DNAT --to-destinanion x.x.x.x
关于linux - 无法在 IPTABLES 防火墙上打开端口,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9062118/