1
重将Tomcat的端口(server.xml)由80改回8080。
2
通过Iptables端口实现80到8080的转发,命令为:iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080用root用户直接去执行就可以了!这样,用户访问80端口和8080端口其实都到了8080端口。
3
从配置菜单关闭防火墙是不起作用的,索性在安装的时候就不要装防火墙查看防火墙状态:/etc/init.d/iptables status暂时关闭防火墙:/etc/init.d/iptables stop禁止防火墙在系统启动时启动/sbin/chkconfig --level 2345 iptables off重启iptables:/etc/init.d/iptables restart
) 重启后生效 开启: chkconfig iptables on 关闭: chkconfig iptables off 2) 即时生效,重启后失效 开启: service iptables start 关闭: service iptables stop 查看iptables文件vim /etc/sysconfig/iptables redhat部分-----------1:端口开放/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT 2:保存修改/etc/rc.d/init.d/iptables save 3: 重启服务/etc/rc.d/init.d/iptables restart 4:查看端口状态/etc/init.d/iptables status 结果如下Chain INPUT (policy ACCEPT)num target prot opt source destination 1ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:2181 2ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:6379 3ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 tcp dpt:8080 4ACCEPT all -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED 5ACCEPT icmp -- 0.0.0.0/00.0.0.0/0 6ACCEPT all -- 0.0.0.0/00.0.0.0/0 7ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state NEW tcp dpt:22 8REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)num target prot opt source destination 1REJECT all -- 0.0.0.0/00.0.0.0/0 reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)num target prot opt source destination5:删除端口(2表示上面的num列)/sbin/iptables -D INPUT 2 centos7部分-----------开启端口firewall-cmd --zone=public --add-port=80/tcp --permanent --zone #作用域--add-port=80/tcp #添加端口,格式为:端口/通讯协议--permanent #永久生效,没有此参数重启后失效重新加载防火墙firewall-cmd --reload 检查修改是否生效firewall-cmd --zone= public --query-port=80/tcp 删除某端口firewall-cmd --zone= public --remove-port=80/tcp firewall-cmd --zone=public --remove-service=http准备环境启动一个web服务器,提供端口.
?
1
2
[wyq@localhost ~]$ python -m SimpleHTTPServer 8080
Serving HTTP on 0.0.0.0 port 8080 ...
用其它web服务器提供端口也一样,由于python比较方便,这里就用它
1、使用telnet判断
telnet是windows标准服务,可以直接用;如果是linux机器,需要安装telnet.
用法: telnet ip port
1)先用telnet连接不存在的端口
?
1
2
3
[root@localhost ~]# telnet 10.0.250.3 80
Trying 10.0.250.3...
telnet: connect to address 10.0.250.3: Connection refused #直接提示连接被拒绝
2)再连接存在的端口
?
1
2
3
4
5
6
7
8
[root@localhost ~]# telnet localhost 22
Trying ::1...
Connected to localhost. #看到Connected就连接成功了
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
a
Protocol mismatch.
Connection closed by foreign host.
2、使用ssh判断
ssh是linux的标准配置并且最常用,可以用来判断端口吗?
用法: ssh -v -p port username@ip
-v 调试模式(会打印日志).
-p 指定端口
username可以随意
1)连接不存在端口
?
1
2
3
4
5
6
7
8
9
[root@localhost ~]# ssh 10.0.250.3 -p 80
ssh: connect to host 10.0.250.3 port 80: Connection refused
[root@localhost ~]# ssh 10.0.250.3 -p 80 -v
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Connecting to 10.0.250.3 [10.0.250.3] port 80.
debug1: connect to address 10.0.250.3 port 80: Connection refused
ssh: connect to host 10.0.250.3 port 80: Connection refused
2)连接存在的端口
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@localhost ~]# ssh ... -p
a
^]
^C
[root@localhost ~]# ssh ... -p -v
OpenSSH_.p, OpenSSL ..e-fips Feb
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: Connecting to ... [...] port .
debug: Connection established.
debug: permanently_set_uid: /
debug: identity file /root/.ssh/identity type -
debug: identity file /root/.ssh/identity-cert type -
debug: identity file /root/.ssh/id_rsa type -
debug: identity file /root/.ssh/id_rsa-cert type -
debug: identity file /root/.ssh/id_dsa type -
debug: identity file /root/.ssh/id_dsa-cert type -
a
^C
不用-v选项也可以咯
3、使用wget判断
wget是linux下的下载工具,需要先安装.
用法: wget ip:port
1)连接不存在的端口
?
1
2
3
[root@localhost ~]# wget ...:
---- ::-- http://.../
Connecting to ...:... failed: Connection refused.
2)连接存在的端口
?
1
2
3
4
[root@localhost ~]# wget ...:
---- ::-- http://...:/
Connecting to ...:... connected.
HTTP request sent, awaiting response...
4、使用端口扫描工具
?
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@localhost ~]# nmap ... -p
Starting Nmap . ( http://nmap.org ) at -- : CST
Nmap scan report for ...
Host is up (.s latency).
PORT STATE SERVICE
/tcp closed http
MAC Address: B:A::CF:FD:D (Unknown)
Nmap done: IP address ( host up) scanned in . seconds
[root@localhost ~]# nmap ... -p
Starting Nmap . ( http://nmap.org ) at -- : CST
Nmap scan report for ...
Host is up (.s latency).
PORT STATE SERVICE
/tcp open http-proxy
MAC Address: B:A::CF:FD:D (Unknown)
Nmap done: IP address ( host up) scanned in . seconds
[root@localhost ~]# nmap ...
Starting Nmap . ( http://nmap.org ) at -- : CST
Nmap scan report for ...
Host is up (.s latency).
Not shown: closed ports
PORT STATE SERVICE
/tcp open ssh
/tcp open rpcbind
/tcp open http-proxy
/tcp open unknown
MAC Address: B:A::CF:FD:D (Unknown)
Nmap done: IP address ( host up) scanned in . seconds
总结
提供端口服务,则使用了tcp协议,上面是以web服务器为例。如果服务器是更简单的tcp服务器,三个工具同样适用.
三个工具的共同点是:1.以tcp协议为基础;2.能访问指定端口. 遵循这两点可以找到很多工具.
一般在windows下使用telnet比较方便,linux下个人就比较喜欢用wget.
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)