我已经在CentOS 6的IPtables中输入了一些规则。但是当我运行'service iptables status'时,我得到的结果与'iptables -L'时的结果不同。
我需要在这台机器上打开端口1270.
这是我在'service iptables status'
时所看到的[root@server01 sysconfig]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 REJECT icmp -- 0.0.0.0/0 0.0.0.0/0 /* 000 reject all icmp requests */ reject-with icmp-port-unreachable
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* 001 accept all to lo interface */
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 /* 002 accept related established rules */ state RELATED,ESTABLISHED
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 22 /* 100 allow ssh access */
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport ports 443,8443 /* 110 allow https access */
6 ACCEPT tcp -- 10.1.190.65 0.0.0.0/0 tcp dpt:1556
7 ACCEPT tcp -- 10.1.190.65 0.0.0.0/0 tcp dpt:13782
8 ACCEPT tcp -- 10.1.190.65 0.0.0.0/0 tcp dpt:13724
9 ACCEPT tcp -- 10.48.131.220 0.0.0.0/0 tcp dpt:1556
10 ACCEPT tcp -- 10.48.131.220 0.0.0.0/0 tcp dpt:13782
11 ACCEPT tcp -- 10.48.131.220 0.0.0.0/0 tcp dpt:13724
12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:443
14 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5222
15 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:5269
16 ACCEPT tcp -- 10.36.16.25 0.0.0.0/0 tcp dpt:1270
17 ACCEPT tcp -- 10.36.16.26 0.0.0.0/0 tcp dpt:1270
18 ACCEPT tcp -- 10.36.16.37 0.0.0.0/0 tcp dpt:1270
19 ACCEPT tcp -- 10.36.16.31 0.0.0.0/0 tcp dpt:1270
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
这就是我去iptables -L
时所看到的[root@server01 sysconfig]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT icmp -- anywhere anywhere /* 000 reject all icmp requests */ reject-with icmp-port-unreachable
ACCEPT all -- anywhere anywhere /* 001 accept all to lo interface */
ACCEPT all -- anywhere anywhere /* 002 accept related established rules */ state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport ports ssh /* 100 allow ssh access */
ACCEPT tcp -- anywhere anywhere multiport ports https,pcsync-https /* 110 allow https access */
ACCEPT tcp -- 10.1.190.65 anywhere tcp dpt:veritas_pbx
ACCEPT tcp -- 10.1.190.65 anywhere tcp dpt:bpcd
ACCEPT tcp -- 10.1.190.65 anywhere tcp dpt:vnetd
ACCEPT tcp -- uawscdap0000.us.companyworld.company.com anywhere tcp dpt:veritas_pbx
ACCEPT tcp -- uawscdap0000.us.companyworld.company.com anywhere tcp dpt:bpcd
ACCEPT tcp -- uawscdap0000.us.companyworld.company.com anywhere tcp dpt:vnetd
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:xmpp-client
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:xmpp-server
ACCEPT tcp -- abckpap6181.us.companyworld.company.com anywhere tcp dpt:opsmgr
ACCEPT tcp -- abckpap6182.us.companyworld.company.com anywhere tcp dpt:opsmgr
ACCEPT tcp -- abcepap6782.us.companyworld.company.com anywhere tcp dpt:opsmgr
ACCEPT tcp -- abcepap6783.us.companyworld.company.com anywhere tcp dpt:opsmgr
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
那么,这台机器上的端口120是否打开?为什么我看到两个命令之间有区别?
答案 0 :(得分:0)
端口1270已打开,如下所示:
16 ACCEPT tcp -- 10.36.16.25 0.0.0.0/0 tcp dpt:1270
17 ACCEPT tcp -- 10.36.16.26 0.0.0.0/0 tcp dpt:1270
18 ACCEPT tcp -- 10.36.16.37 0.0.0.0/0 tcp dpt:1270
19 ACCEPT tcp -- 10.36.16.31 0.0.0.0/0 tcp dpt:1270
但它仅限于这4个IP地址。
输出不同,因为service iptables status使用数字格式显示IP地址和端口的iptables输出,而使用 iptables -L 则不会这样做。如果您想获得类似的输出,请尝试iptables -nL
我还会发出netstat -tunlp | grep 1270只是为了确保有一些服务/程序/应用实际上正在侦听该端口