-2

我需要将端口 8080 重定向到我的 linux 服务器上的端口 80。我的问题是一样的: https ://askubuntu.com/a/579540

唯一的区别是我没有 iptables - 有没有办法用 firewalld 做到这一点?

编辑:现在我知道 firewalld 使用 iptables 并且可以使用以下命令通过 firewalld 将命令传递给 iptables:

firewall-cmd [--permanent] --direct --add-rule { ipv4 | ipv6 | eb } <table> <chain> <priority> <args>

我有:

  • 运行在 8080 端口的 HTTP 服务器
  • 端口 80 重定向到 firewalld 中的 8080(区域公共)
  • 通过 80 端口访问的其他计算机的客户端可以访问 HTTP 服务器
  • 我可以从运行服务器的同一台计算机访问端口 8080 上的服务器

我也要:

  • 从运行服务器的同一台计算机访问端口 80 上的服务器

我试过了:

  • 将接口“lo”添加到区域“public”
  • 以与区域“public”相同的方式配置区域“trusted”

区域“公共”配置:

<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="snmp"/>
  <service name="http"/>
  <service name="ssh"/>
  <service name="https"/>
  <icmp-block name="redirect"/>
  <icmp-block name="router-solicitation"/>
  <icmp-block name="parameter-problem"/>
  <icmp-block name="router-advertisement"/>
  <forward-port to-port="8080" protocol="tcp" port="80"/>
</zone>

错误:

#wget "192.168.100.42:80"
--2016-12-01 16:02:29--  http://192.168.100.42/
Connecting to 192.168.100.42:80... failed: Connection refused.

#wget "192.168.100.42:8080"
--2016-12-01 16:06:37--  http://192.168.100.42:8080/
Connecting to 192.168.100.42:8080... connected.
HTTP request sent, awaiting response... 302 Found
...
HTTP request sent, awaiting response... 302 Found
...
HTTP request sent, awaiting response... 302 Found
...
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html’
...
2016-12-01 16:06:37 (69.8 MB/s) - ‘index.html’ saved [4785]

#wget "localhost:80"
--2016-12-01 16:02:12--  http://localhost/
Resolving localhost (localhost)... 127.0.0.1, ::1
Connecting to localhost (localhost)|127.0.0.1|:80... failed: Connection refused.
Connecting to localhost (localhost)|::1|:80... failed: Network is unreachable.

#wget "localhost:8080"
--2016-12-01 16:06:29--  http://localhost:8080/
Resolving localhost (localhost)... 127.0.0.1, ::1
Connecting to localhost (localhost)|127.0.0.1|:8080... failed: Connection refused.
Connecting to localhost (localhost)|::1|:8080... failed: Network is unreachable.

编辑:解决方案: 服务器根本没有监听环回接口。

4

2 回答 2

1

服务器未在环回接口上侦听。

于 2016-12-12T15:50:45.557 回答
0

采取了防火墙的帖子。修改你的ips本地网络和服务器:

在 /etc/init.d/ 中创建一个 iptables.sh , chmod +x 并运行

# NOMENCLATURE
internet=eth0     # interface of internet source
lan=eth1          # interface of local network
local=192.168.1.0 # your local network
netmask=24        # netmask of your local network
iptables=/sbin/iptables

# Zero all packets and counters
$iptables -F
$iptables -X
$iptables -t nat -F
$iptables -t nat -X
$iptables -t mangle -F
$iptables -t mangle -X
$iptables -t raw -F
$iptables -t raw -X
$iptables -t security -F
$iptables -t security -X
$iptables -Z
$iptables -t nat -Z
$iptables -t mangle -Z

# Global Policies (DROP or ACCEPT)
$iptables -P INPUT ACCEPT
$iptables -P OUTPUT ACCEPT
$iptables -P FORWARD ACCEPT
$iptables -t nat -P PREROUTING ACCEPT
$iptables -t nat -P POSTROUTING ACCEPT
$iptables -t nat -P OUTPUT ACCEPT
$iptables -t mangle -P PREROUTING ACCEPT
$iptables -t mangle -P INPUT ACCEPT
$iptables -t mangle -P FORWARD ACCEPT
$iptables -t mangle -P OUTPUT ACCEPT
$iptables -t mangle -P POSTROUTING ACCEPT

# LOOPBACK
$iptables -A INPUT -p all -i lo -j ACCEPT
$iptables -A INPUT -s 192.168.1.10 -j ACCEPT
$iptables -A OUTPUT -p all -o lo -j ACCEPT
$iptables -A OUTPUT -p all -s 127.0.0.1 -j ACCEPT
$iptables -t mangle -A PREROUTING -p all -i lo -j ACCEPT
$iptables -t mangle -A PREROUTING -p all -s 127.0.0.1 -j ACCEPT
$iptables -t nat -A PREROUTING -p all -i lo -j ACCEPT

# IP forward rules
echo 1 > /proc/sys/net/ipv4/ip_forward

# MASQUERADE
$iptables -t nat -A POSTROUTING -s $local/$netmask -o $internet -j MASQUERADE

$iptables -A OUTPUT -p udp --dport 53 -j DROP
$iptables -A INPUT -p udp --sport 53 -j DROP
$iptables -A FORWARD -p udp --dport 53 -j DROP

# LAN ---> PROXY <--- INTERNET
$iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

# TRANSPARENT RULES
$iptables -t nat -A PREROUTING -i $lan -p tcp --dport 80 -j REDIRECT --to-port 8080
$iptables -A INPUT -i $lan -p tcp --dport 8080 -j ACCEPT
$iptables -A FORWARD -i $lan -p tcp -m multiport --dports 80,8080,443 -o $internet -j ACCEPT
于 2016-12-04T19:25:02.110 回答