我已在以下位置禁用 selinux /etc/sysconfig/selinux:
SELINUX=disabled
重新启动并禁用firewalld和iptables服务。
# sestatus
SELinux status: disabled
# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
# systemctl status iptables
● iptables.service - IPv4 firewall with iptables
Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
Active: inactive (dead)
# ufw status
Status: inactive
我仍然无法使用特定端口访问服务器:
# nc -v 10.0.12.3 8887
nc: connect to 10.0.12.3 port 8887 (tcp) failed: Connection refused
我可以 ping 服务器并通过 ssh 连接到它。
我尝试使用iptables和打开端口firewalld,但无法成功。剩下的最后一个选项是完全禁用防火墙,但即使这样也不起作用。
正在监听的端口是:
# netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1031/rpcbind
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 1843/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1392/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1391/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1756/master
tcp 0 0 0.0.0.0:6010 0.0.0.0:* LISTEN 1892/sshd: jmalapra
tcp 0 0 0.0.0.0:6011 0.0.0.0:* LISTEN 2461/sshd: jmalapra
tcp6 0 0 :::111 :::* LISTEN 1031/rpcbind
tcp6 0 0 :::22 :::* LISTEN 1392/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1391/cupsd
tcp6 0 0 :::6010 :::* LISTEN 1892/sshd: jmalapra
tcp6 0 0 :::6011 :::* LISTEN 2461/sshd: jmalapra
答案1
使用netstat或ss验证服务是否正在监听相关的 IP/端口。
编辑现在您已验证相关服务正在运行,请重置您的盒子的安全措施:
# Restore SELinux
sed -i -e 's/SELINUX=disabled/SELINUX=enforcing/g' /etc/sysconfig/selinux
touch /.autorelabel
reboot
# Firewall exception
firewall-cmd --zone=public --add-port=8887/tcp --permanent
firewall-cmd --reload
# Remove superfluous packages
yum remove -y iptables-services ufw