あなたが助けることができることを願っています。 DevOpsの従業員は機関のオフィスの外にあり、パートナーはFTPにアクセスする必要があります。オフィス内にロックされていますが、パートナーの開発作業が完了している間は、オフィス外の人が数週間接続できるようにする必要があります。
残念ながら、サーバー側の知識は限られており、まだ学んでいます。
私たちはcentos 7とiptablesを実行しています。現在のルールは次のとおりです。
sudo iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
60692 98M ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
138 8258 ACCEPT all -- lo any anywhere anywhere
1943 90860 INPUT_direct all -- any any anywhere anywhere
1943 90860 INPUT_ZONES_SOURCE all -- any any anywhere any where
1943 90860 INPUT_ZONES all -- any any anywhere anywhere
465 18696 DROP all -- any any anywhere anywhere ctstate INVALID
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- any any anywhere anywhere ctstate RELATED,ESTABLISHED
0 0 ACCEPT all -- lo any anywhere anywhere
0 0 FORWARD_direct all -- any any anywhere anywher e
0 0 FORWARD_IN_ZONES_SOURCE all -- any any anywhere anywhere
0 0 FORWARD_IN_ZONES all -- any any anywhere anywh ere
0 0 FORWARD_OUT_ZONES_SOURCE all -- any any anywhere anywhere
0 0 FORWARD_OUT_ZONES all -- any any anywhere anyw here
0 0 DROP all -- any any anywhere anywhere ctstate INVALID
0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 60733 packets, 193M bytes)
pkts bytes target prot opt in out source destination
60757 193M OUTPUT_direct all -- any any anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public all -- eth0 any anywhere anywhere [goto]
0 0 FWDI_public all -- + any anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public all -- any eth0 anywhere anywhere [goto]
0 0 FWDO_public all -- any + anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDI_public_log all -- any any anywhere anywhe re
0 0 FWDI_public_deny all -- any any anywhere anywh ere
0 0 FWDI_public_allow all -- any any anywhere anyw here
0 0 ACCEPT icmp -- any any anywhere anywhere
Chain FWDI_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (2 references)
pkts bytes target prot opt in out source destination
0 0 FWDO_public_log all -- any any anywhere anywhe re
0 0 FWDO_public_deny all -- any any anywhere anywh ere
0 0 FWDO_public_allow all -- any any anywhere anyw here
Chain FWDO_public_allow (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (1 references)
pkts bytes target prot opt in out source destination
1943 90860 IN_public all -- eth0 any anywhere anywhere [goto]
0 0 IN_public all -- + any anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public (2 references)
pkts bytes target prot opt in out source destination
1943 90860 IN_public_log all -- any any anywhere anywhere
1943 90860 IN_public_deny all -- any any anywhere anywher e
1943 90860 IN_public_allow all -- any any anywhere anywhe re
0 0 ACCEPT icmp -- any any anywhere anywhere
Chain IN_public_allow (1 references)
pkts bytes target prot opt in out source destination
1 52 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh ctstate NEW
498 22176 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http ctstate NEW
979 49936 ACCEPT tcp -- any any anywhere anywhere tcp dpt:https ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ftp ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:webcache ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpts:ndmps:50000 ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ftp ctstate NEW
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ftp-data ctstate NEW
Chain IN_public_deny (1 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (1 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (1 references)
pkts bytes target prot opt in out source destination
24 1224 ACCEPT tcp -- any any anywhere anywhere tcp dpt:smtp
ベストアンサー1
CentOSシステムはFirewalldを使用しているため、ファイアウォール設定を更新するにはそれを使用する必要があります。このfirewall-cmd
コマンドを使用できますルールの変更。たとえば、パブリックゾーンでFTPサービスを許可するには、次のようにします。
# firewall-cmd --add-service=ftp --zone=public
コマンド出力でファイアウォールを使用して、ルールが定義されていることを確認できますiptables
。したがって、名前に "_public"を含むすべてのテーブルが表示されます。