اقا یه دنیا ممنون مشکل حل شد
ولی ftp همچنان مشکل داره
یه مشکل دیگه ام که هست هی باید هر چند دقیقه یکبار service iptables stop رو بزنم در غیر این صورت تمام ارتباطات حذف میشه میدونید مشکل از کجاست
بازم ممنون
پاسخ : اتصال به ssh
اقا یه دنیا ممنون مشکل حل شد
ولی ftp همچنان مشکل داره
یه مشکل دیگه ام که هست هی باید هر چند دقیقه یکبار service iptables stop رو بزنم در غیر این صورت تمام ارتباطات حذف میشه میدونید مشکل از کجاست
بازم ممنون
پاسخ : اتصال به ssh
خدا رو شکرنوشته اصلی توسط arao
مشکل ftp چی هست ؟ با عکس توضیح دهید یا شرح دهید دقیقاولی ftp همچنان مشکل داره
شما ConfigServer Security & Firewall - csf رو نصب کنید کانفیگ کنید مشکلتون حل میشه.یه مشکل دیگه ام که هست هی باید هر چند دقیقه یکبار service iptables stop رو بزنم در غیر این صورت تمام ارتباطات حذف میشه میدونید مشکل از کجاست
بازم ممنون
------------
همچنین میتوانید این مراحل رو نیز دنبال کنید البته قبلش با csf تست کنید برطرف نشد امتحان کنید با این دستورات زیر
Default Rules in IPTables
Start the iptables firewall as shown below.
# service iptables status
Firewall is stopped.
# service iptables start
Applying iptables firewall rules: [ OK ]
Loading additional iptables modules: ip_conntrack_netbios_n[ OK ]
You can see the default rules under: iptables -> Filter Table -> RH-Firewall-1-INPUT Chain, as shown below. You can also use ‘iptables –list’ to view all the rules.
# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
IPTables Rules are stored in /etc/sysconfig/iptables
Please note that the iptables rules are stored in the /etc/sysconfig/iptables file. If you view this file, you’ll see all the default rules.
# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
Temporarily delete all the firewall rules
Use ‘iptables –flush’ option to delete all the rules temporarily.
# iptables --flush
# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
After the ‘iptables –flush’, if you restart the iptables, you’ll see all the default rules again. So, –flush is only temporary.
# service iptables stop
# service iptables start
# iptables --list
Permanently remove all the default firewall rules
Before deleting all the firewall rules, you’ll see the following in the /etc/sysconfig/iptables file.
# cat /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
First, flush all these rules temporarily, as we discussed above.
# iptables --flush
Next, save the current iptables (which is empty, as we just flushed it) to the /etc/sysconfig/iptables file for permanent use using ‘service iptables save’
# service iptables save
Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
Finally, view the /etc/sysconfig/iptables to make sure there are no rules.
# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Thu Oct 28 08:44:01 2010
*filter
:INPUT ACCEPT [102:7668]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [78:8560]
COMMIT
# Completed on Thu Oct 28 08:44:01 2010
Now, if you stop and start the iptables, you’ll not see the default rules anymore. So, remember to do ‘service iptables save’ to make the ‘iptables –flush’ permanent.
# service iptables stop
# service iptables start
# iptables --list
در حال حاضر 1 کاربر در حال مشاهده این موضوع است. (0 کاربران و 1 مهمان ها)
مجوز های ارسال و ویرایش
پاسخ با نقل قول