Firewall, both inbound and outbound rules, hostname, hosts map
Text Keywords: firewall, both inbound and outbound rules, hostname, hosts map
A firewall
1. The role of the firewall
When it comes to firewalls, how can we know that this is a defensive function, can play a protective role on the network. Usually we can open directly in the system or turn off the firewall, which will allow our system directly exposed to a variety of ***, so in general we are all off the firewall in a virtual machine in the learning phase to simulate the most remote software test.
In addition to the personal computer can be set up outside the firewall, network administrators and network operators can also be carried out at all levels of the hardware device directly firewalls (network access rules), such as: routers.
2. Windows Firewall switch
- Open the Control Panel: View point can be selected - category, and then click Network and Internet
- Select: Network and Sharing Center
- Select: Windows Firewall
- Select: enable or disable Windows Firewall
- Click OK after modification
3. Linux firewall switch
- In use the root user setup command, selected by up and down keys, a button to switch to the tab by flash
- Enter the firewall configuration interface, open through the space key and turn off the firewall
- After editing save and exit, you can directly modify the firewall permanent state in such a way (reboot does not fail)
Second, inbound and outbound rules
When we visit a Web site or a computer from one computer sends a request, go through a specific port, such as http protocol (primarily browser-based software-initiated access) The default port number is: 80, can be omitted. Then the process consists of two parts: a request outward from the computer, it receives a request from the destination computer. We will call the outbound request, inbound call request is received, the process will participate in each machine firewall.
In general, we will release all of the stations, without any restrictions, unless we have special needs, such as: we need to use certain software offline. For inbound rules will be set according to different ports of the different software used. Inbound and outbound rules only take effect when the firewall is turned on, the equivalent of no restrictions on all incoming and outgoing requests when the firewall is turned off.
1. Physical Configuration
If we are using your own laptop or PC to work, usually set their own directly or through inbound and outbound rules related software.
- Windows系统(Windows Server类似):
在Windows防火墙的配置界面选择:高级设置
选择需要修改的规则
在规则类型界面可以指定程序或者端口
端口的范围是:0-65535,可以特定某一个端口或者指定一个区间
在操作选项中可以选择允许或禁止
指定生效的网络位置
添加名称和描述后规则生效
- Linux系统:
配置文件所在路径:/etc/sysconfig/iptables,原始内容如下,默认开放22号端口。当防火墙关闭时,该文件会消失,对应生成iptables.old文件。
如果需要开放某一端口,可以仿照第10行,修改端口号22的部分,对于更具体的修改以及命令操作将在其他文章中详细描述。2. 云主机配置
如果我们使用的是云服务器(即:阿里云,百度云等服务器运营商提供的在云端可以使用访问的服务器),那么我们通常不需要在系统内做相关的修改,而是在产品的控制台设置访问规则。当我们在服务器上安装了数据库软件,或者部署了一个网站,想要远程直接访问时,必须保证相应的端口是开放的,以下以阿里云轻量级服务器为例。
- 进入到产品控制台:
- 点击已租用的服务器:
可以看到这个服务器有两个IP地址,其中公网IP是我们远程访问使用的,只开放有必要的端口。另一个是内网ip,用来做阿里云内部机器之间的访问,这样我们就不需要每安装一个软件就都去设置一下相应的端口,需要进行云服务器内部机器之间的访问时使用内网ip即可。
- 点击左侧安全设置下的防火墙
可以看到,此时默认开放了三个端口:80(HTTP),443(HTTPS),22(SSH)
- 点击添加规则即可开放某一端口,同样支持设定某一范围
三、主机名
主机名其实就是对于计算机的一个标识,便于我们区分机器,在多台机器的情况下,通常我们会给机器自定义名称和编号,这有助于我们提高工作效率。
1. Windows主机名修改
- 右键:我的电脑,点击:属性,选择:更改设置
- 点击:更改
- 修改完成后重启生效
2. Linux主机名修改
- 配置文件:/etc/sysconfig/network
- 需要使用root用户对文件进行修改,重启后生效
- 可以使用hostname命令使新的主机名立即生效,需要注意的是,如果没有在配置文件中修改新的主机名,重启后将失效
# 查看当前系统主机名
hostname
# 临时修改主机名为:zhuyc,立即生效
hostname zhuyc
四、hosts映射
1. hosts文件作用
说起hosts文件,这可是一个古老的文件了,可以追溯到互联网刚刚诞生的时代。由于互联网刚刚兴起时,网站很少,而访问的时候又不想记忆IP地址,于是乎就有了这个记录ip地址和网址对应关系的小本本,通常由公司统一维护,当输入某一个网址名称时,自动找到对应的IP地址。但是随着网站越来越多,添加的频率越来越高,用一个文件去记录所有的网站已经不现实,甚至于可以说是一项无法完成的工作,所以就出现来后来的DNS。
那么回到今天,hosts文件还有什么作用呢?首先,他的功能尤在,依然可以用来记录IP地址和某一个网址间的对应关系(虽然我们已经不需要这么做,当使用浏览器去访问一个网址时会优先读取本地hosts文件,然后再去DNS服务器寻址)。其次,我们可以记录某些常用的工作服务器的IP地址,给这些地址自定义一些名称,在hosts文件中声明后就可以直接使用自定义名称,不需要再记忆IP了。
文件的内容配置也非常简单,第一列为IP地址,第二列以后是别称,别称可以有多列,即:可以对一个IP地址定义多个名字。配置完成后可以使用ping IP地址别称来测试是否生效。
2. Windows系统配置
- hosts文件位置
C:\Windows\System32\drivers\etc\hosts
- 解除hosts文件的只读权限
When you find the file, right-: Properties -> Security tab -> Select: Users -> Click: Edit
Check the complete control of
the next super notepad software can be edited, the other must pay attention to the temporary closure of 360 system and other protective equipment. In addition, hosts file itself is no file extension, be sure to check security settings failed to save, save as suffix out of hosts.txt is not in force.
3. Linux system configuration
- hosts file location
/etc/hosts
- Use the root user can modify the editor
4. Other Uses
Website hosts file, there are many magical effect, such as some software in the background will always request their official website address, confirmation of registration information, get prompted to update, then we can put his request (generally official web address) is added to hosts file, and then fill in part of the IP address: 127.0.0.1. Thus when accessing software, each will be directed to the local, thereby shielding the automatic update function. At the same time, the browser will access the web site due to search DNS, access will not be affected, network requests the software itself is not affected, we can try it yourself (not for all software easy to use).