서버/Linux III 2016. 3. 14. 14:29
Linux III - 04. 방화벽 해지하는 방법
1. 방화벽 해지하는 방법
- main 방화벽에 의해서 텔넷 접속을 차단하고 있기 때문에, clone1, clone2에서 main으로 텔넷 접속이 불가능하다.
[root@clone1 /root]# telnet main
Trying 172.20.1.1...
telnet: connect to address 172.20.1.1: No route to host
[root@clone2 /root]# telnet main
Trying 172.20.1.1...
telnet: connect to address 172.20.1.1: No route to host
- main 방화벽 확인 및 해지
[root@main /root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTAB LISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:s sh
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-ho st-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@main /root]# iptables -F (재부팅되면 방화벽 다시 활성화됨)
[root@main /root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@main /root]#
- clone1에서 main으로 텔넷 접속 확인 및 접속 해지
[root@clone1 /root]# telnet main
Trying 172.20.1.1...
Connected to main.
Escape character is '^]'.
CentOS release 6.6 (Final)
Kernel 2.6.32-504.el6.x86_64 on an x86_64
login: user1
Password: centos
Last login: Mon Mar 14 14:26:28 from localhost
[user1@main /home/user1]$
[user1@main /home/user1]$ exit
logout
Connection closed by foreign host.
- main 재부팅 실시
[root@main /root]# reboot
- 재부팅이 완료되었다면, 재접속을 실시하여 방화벽을 확인하도록 한다.
login as: root
root@192.168.1.100's password:
Last login: Mon Mar 14 10:43:32 2016 from 192.168.1.1
[root@main /root]#
[root@main /root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
2. 방화벽 영구적인 해지 방법
[root@main /root]# chkconfig --list iptables
iptables 0:해제 1:해제 2:활성 3:활성 4:활성 5:활성 6:해제
[root@main /root]# chkconfig iptables off
[root@main /root]# service iptables stop
iptables: 체인을 ACCEPT 규칙으로 설정 중: filter [ OK ]
iptables: 방화벽 규칙을 지웁니다: [ OK ]
iptables: 모듈을 언로드하는 중: [ OK ]
[root@main /root]# chkconfig --list iptables
iptables 0:해제 1:해제 2:해제 3:해제 4:해제 5:해제 6:해제
[root@main /root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
- clone1에서 main으로 텔넷 접속 확인 및 접속 해지
[root@clone1 /root]# telnet main
Trying 172.20.1.1...
Connected to main.
Escape character is '^]'.
CentOS release 6.6 (Final)
Kernel 2.6.32-504.el6.x86_64 on an x86_64
login: user1
Password: centos
Last login: Mon Mar 14 14:47:28 from clone2
[user1@main /home/user1]$
[user1@main /home/user1]$ exit
logout
Connection closed by foreign host.
[root@clone1 /root]#
- main 재부팅 실시
[root@main /root]# reboot
- 재부팅이 완료되었다면, 재접속을 실시하여 방화벽을 확인하도록 한다.
login as: root
root@192.168.1.100's password:
Last login: Mon Mar 14 15:01:17 2016 from 192.168.1.1
[root@main /root]#
[root@main /root]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@main /root]#
- 실습을 하기 위해서 clone1, clone2에서도 방화벽을 영구적으로 해지하도록 한다.
3. 서비스 포트 번호 확인
- 차후에 추가할 서비스 포트가 있다면, '/etc/servives' 파일에 추가하면 된다.
[root@main /root]# cat /etc/services | more
[root@main /root]# cat /etc/services | grep -w telnet
telnet 23/tcp
telnet 23/udp
hp-3000-telnet 2564/tcp # HP 3000 NS/VT block mode telnet
tl1-telnet 3083/tcp # TL1-TELNET
tl1-telnet 3083/udp # TL1-TELNET
scpi-telnet 5024/tcp # SCPI-TELNET
scpi-telnet 5024/udp # SCPI-TELNET
[root@main /root]# cat /etc/services | grep -w ftp
ftp-data 20/tcp
ftp-data 20/udp
# 21 is registered to ftp, but also used by fsp
ftp 21/tcp
ftp 21/udp fsp fspd
ftp-data 20/sctp # FTP
ftp 21/sctp # FTP
ni-ftp 47/tcp # NI FTP
ni-ftp 47/udp # NI FTP
ftp-agent 574/tcp # FTP Software Agent System
ftp-agent 574/udp # FTP Software Agent System
ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
ftps-data 989/udp # ftp protocol, data, over TLS/SSL
ftps 990/tcp # ftp protocol, control, over TLS/SSL
ftps 990/udp # ftp protocol, control, over TLS/SSL
odette-ftp 3305/tcp # ODETTE-FTP
odette-ftp 3305/udp # ODETTE-FTP
'서버 > Linux III' 카테고리의 다른 글
Linux III - 06. FTP 클라이언트 (0) | 2016.03.15 |
---|---|
Linux III - 05. 리눅스 서비스 운영 방식(Standalone & xinetd) (0) | 2016.03.14 |
Linux III - 03. main 서버 클론 및 IP 주소 & Telnet 설정 (0) | 2016.03.10 |
Linux III - 02. 리눅스 네트워크 설정 (0) | 2016.03.09 |
Linux III - 01. 리눅스 메인 서버 설치 (0) | 2016.03.08 |