RHEL6.1防火墙配置——以Webmin为例

2017-11-07 1435

版权

本文内容由阿里云实名注册用户自发贡献，版权归原作者所有，阿里云开发者社区不拥有其著作权，亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容，填写侵权投诉表单进行举报，一经查实，本社区将立刻删除涉嫌侵权内容。

简介：

Configuring Your RHEL Firewall For Webmin

本文以RHEL6.1为实例，详细讲述了Webmin在RHEL6.1中的安装和配置过程。
着重描述了防火墙规则的设置。

Many operating systems block access to port 10000 by default,

#主要包括RHEL、CentOS。

#不包括ubuntu

as they have a firewall activated as part of the installation process. This may prevent you from logging into http://yourserver:10000/

#RHEL6.1中默认情况下（无DNS，没有修改hosts文件）

#可能不能用主机名称代替localhost，

#使用https://localhost:10000/代替http://yourservername:10000/ 。

#原因如下：

#hosts文件没有解释主机名称

实例：

[root@dgdrhelsrv Downloads]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
[root@dgdrhelsrv Downloads]#

from another system on your network or over the Internet.

The simplest way to open up port 10000 is to use one of the Webmin firewall management modules, such as Linux Firewall, BSD Firewall or IPFilter Firewall. However, to access this you'll need to run a brower on the same system as Webmin, and access it via the URL http://localhost:10000/.

The alternative is to login as root via SSH, and manually edit the firewall configuration file. On Redhat and derived systems, this is /etc/sysconfig/iptables, while on Debian it is /var/lib/iptables. The line you need to add is :

#命令参考如下

su -

vim vim /etc/sysconfig/iptables

编辑如下：

#需要注意的是，要在COMMIT行前添加一个新行。

-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT

/etc/init.d/iptables restart

exit

#实例：

[dgd@dgdrhelsrv Downloads]$ su root
Password:
[root@dgdrhelsrv Downloads]# rpm -i webmin-1.570-1.noarch.rpm
warning: webmin-1.570-1.noarch.rpm: Header V3 DSA/SHA1 Signature, key ID 11f63c51: NOKEY
Operating system is Redhat Enterprise Linux
Webmin install complete. You can now login to https://dgdrhelsrv:10000/
as root with your root password.
[root@dgdrhelsrv Downloads]# vim /etc/sysconfig/iptables
[root@dgdrhelsrv Downloads]# /etc/init.d/iptables restart
iptables: Flushing firewall rules:                               [  OK ]
iptables: Setting chains to policy ACCEPT: filter    [  OK  ]
iptables: Unloading modules:                                     [  OK  ]
iptables: Applying firewall rules:                             [  OK  ]
[root@dgdrhelsrv Downloads]#

It should be added in the file just after similar lines which grant access to ports 80, 22 and so on.

#这就是为什么要在COMMIT行前添加的原因。

Once this line has been added, you will need to apply the firewall configuration. This is typically done with the command /etc/init.d/iptables restart .

本文转自 urey_pp 51CTO博客，原文链接：http://blog.51cto.com/dgd2010/733411，如需转载请自行联系原作者