Xshell (remote) connection is not on linux server (firewall presentation)

Others 2020-02-26 13:12:41 views: null

First, the reasons

The reason most remote (ssh) connection is not on linux servers because the local server firewall policy caused, so we wanted to be able to connect on the ssh remote server, there are two ways:

  1. Modifying a Firewall Policy
  2. Turn off the firewall

 

Second, the firewall service introduction

1.CentOS7 common firewall: iptables and firewalld

 

2. But note that: iptables and firewall firewalld not real, they are only used to define firewall firewall policy management tool, is a service.

 

3.Centos 7 firewalld is used by default, but in fact iptables client tools and firewalld just a simple configuration rules, and really play the role of the firewall (filtering / forwarding and other functions) is a kernel netfilter module. If you need to use iptables, then you need to install the iptables service:

iptables- install yum Services 
systemctl Start iptables   # Turn on the firewall 
systemctl enable iptables   # Set boot firewall 
systemctl STOP iptables   # turn off the firewall 
systemctl disable iptables   # settings prohibit boot Firewall

 

And the iptables different 4.firewalld

  1. firewalld use of regional and services rather than the chain rule.
  2. firewalld single rule can be modified dynamically without the need iptables like that, have to refresh all before they can take effect after modifying the rule.

Various XML configuration file storage service iptables in / etc / sysconfig / iptables, rather FirewallD configuration stored in / usr / lib / firewalld / and / etc / firewalld / in, the use of iptables when every single change means remove all the old rules and read all the new rules from / etc / sysconfig / iptables, the use of firewalld but will not create any new rules; just run different rules. Therefore FirewallD can change the settings without losing the current configuration at run time.

FirewallD configuration There are three main methods:

  1. firewall-config
  2. firewall-cmd
  3. Directly edit xml file

Where firewall-config is a graphical tool, firewall-cmd is a command-line tool, and linux is for everyone to be more accustomed to using the command-line mode of operation, so firewall-config (suitable for desktop version)

 

5 illustrates

 

 

Third, the specific example of the operation

Release my linux server is CentOS7 version.

 

1, modify the firewall policy

Modify firewall policy, aims to open 22 ports, because ssh remote port is 22

Here refers to directly modify the client to log into the server to operate, rather than directly xshell connection, because the port did not open until 22, xshell is not connected to the

1.ifconfig   # View ip card information, remember eth0, eth1 corresponds to which ip address 
root @ aliyunzbj / tmp O ifconfig 
eth0: flags = 2256 <UP, BROADCAST, the RUNNING, MULTICAST> MTU 1500 
        inet 192.168.10.53 Netmask 255.255.255.0 Broadcast 192.168.10.255 
        ... 

eth1: the flags = 2257 <the UP, BROADCAST, the RUNNING, the MULTICAST> 1500 MTU 
        inet 192.168.26.66 Netmask 255.255.255.0 Broadcast 192.168.26.255 
        ... 

LO: the flags = 82 <the UP, the LOOPBACK, the RUNNING> MTU 65536 
        inet 127.0.0.1 255.255.255.0 Netmask 
        ...

 2 . View the current iptables firewall configuration 
root @ aliyunzbj / tmp O iptables-the Save
 
...
-A the INPUT -i LO -J ACCEPT
-A the INPUT -i eth0 -j the MANAGE-the INPUT  #the MANAGE-firewall policy on behalf of the INPUT eth0 card
-A the INPUT -i eth1 -j USER-INPUT  #behalf USER-INPUT firewall policy eth1 card
...
#here you can see MANAGE-INPUT eth0 network card that is opened 22 ports, but the following strategy does not see USER-INPUT (eth1) to open 22 ports
-A MANAGE-INPUT -p tcp - NEW -m tcp State --state m --dport 22 -J ACCEPT
...


3to add eth1 22 LAN port.
#can be copied directly to the above policy, the MANAGE-INPUT USER-INPUT can be changed (if also eth0 is not turned on, then only need to change the USER-INPUT MANAGE-INPUT command to reconfigure the system)
the root @ aliyunzbj / tmp O iptables -A USER-INPUT -p TCP TCP -m -m State --state NEW - 22 -j ACCEPT dport

 4 . again View policy
@ aliyunzbj root/ tmp O iptables- the Save
 
...
 -A the INPUT -i LO - J ACCEPT
 -A the INPUT -i eth0 -j the MANAGE-the INPUT   # the MANAGE-eth0 card on behalf of the INPUT firewall policy 
-A INPUT -i eth1 -j USER-INPUT   # the USER-eth1 card on behalf of the INPUT firewall policy 
...
 -A the MANAGE the INPUT -p tcp -m-State --state NEW -m tcp --dport 22 - J ACCEPT
 -A the USER the INPUT -p tcp -m-State - nEW -m tcp 22 --dport the -state - J ACCEPT 
... 

5. above can also put new policies added directly to the / etc / sysconfig / iptables, iptables restart service

 

2, turn off the firewall

The most direct way is directly off the firewall policy

1 . Check firewall status 
systemctl Status iptables.service

 2 . If the firewall is turned on, then just close 
systemctl stop iptables.service

 

Guess you like

Origin www.cnblogs.com/Zzbj/p/12366310.html
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com