调整IPTables以接受80端口的请求#
通过配置服务器将标准HTTP端口80上接收的流量重定向到标准Repository HTTP端口8080,使客户端能够访问Repository。
注意:这些命令假设IPTables的默认状态为
on 并且允许在端口22上进行入站SSH访问。这是CentOS 6.7的出厂
默认状态。如果此默认状态已被更改,您可以
重置它:
sudo iptables -L
注意:IPTables规则的错误可能导致远程机器无法访问。
允许入站访问TCP端口80:
sudo iptables -I INPUT -i eth0 -p tcp --dport 80 -m comment --comment "# Anaconda Repo #" -j ACCEPT
允许入站访问TCP端口8080:
sudo iptables -I INPUT -i eth0 -p tcp --dport 8080 -m comment --comment "# Anaconda Repo #" -j ACCEPT
将入站请求从端口80重定向到端口8080:
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -m comment --comment "# Anaconda Repo #" -j REDIRECT --to-port 8080
显示当前的IPTables规则:
iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 /* # Anaconda Repo # */ ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* # Anaconda Repo # */ ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
注意:默认情况下,PREROUTING (nat) IPTables 链不会显示。要显示该链:
iptables -L -n -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination REDIRECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* # Anaconda Repo # */ redir ports 8080 Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
将正在运行的IPTables配置保存到
/etc/sysconfig/iptables:sudo service iptables save