在Debian的iptables中添加规则以打开新端口
[英]Adding a rule in iptables in debian to open a new port
问题描述
I am trying to open port 3306 in iptables in my Debian System to allow access to MySQL server. 
我试图在我的Debian系统中的iptables中打开端口3306,以允许访问MySQL服务器。 For which I entered this command: 为此,我输入了以下命令:
root@debian:/# sudo iptables -A INPUT -p tcp --dport 3306 ACCEPT
root@debian:/# iptables-save
I entered the new connection and it has been saved in iptables as I can see the new rule in iptables list genereted by iptables-save command. 我输入了新连接,它已经保存在iptables中,因为我可以在iptables-save命令生成的iptables列表中看到新规则。
However, this debian system is running on a VM over Windows7 and I'm not able to telnet from Windows to this port. 但是,该debian系统正在Windows7上的VM上运行,并且我无法从Windows telnet到该端口。 Not sure where I am supposed to check for the solution to this problem. 不知道我应该在哪里检查该问题的解决方案。
2 个解决方案
解决方案1
44 2014-03-10 19:18:51
About your command line: 关于您的命令行:
root@debian:/# sudo iptables -A INPUT -p tcp --dport 3306 --jump ACCEPT
root@debian:/# iptables-save
You are already authenticated as
rootsosudois redundant there.您已经通过root身份验证,因此sudo在此处是多余的。You are missing the
-jor--jumpjust before theACCEPTparameter (just tought that was a typo and you are inserting it correctly).您会在ACCEPT参数之前丢失-j或--jump(只是韧体,这是一个错字,您正在正确地插入它)。
About yout question: 关于您的问题:
If you are inserting the iptables rule correctly as you pointed it in the question, maybe the issue is related to the hypervisor (virtual machine provider) you are using. 如果按照问题中的指示正确插入iptables规则,则可能是该问题与您使用的虚拟机管理程序(虚拟机提供程序)有关。
If you provide the hypervisor name (VirtualBox, VMWare?) I can further guide you on this but here are some suggestions you can try first: 如果您提供虚拟机监控程序名称(VirtualBox,VMWare?),我可以进一步指导您,但是这里有一些建议您可以首先尝试:
check your vmachine network settings and: 检查您的vmachine网络设置,并:
if it is set to NAT, then you won't be able to connect from your base machine to the vmachine.
如果将其设置为NAT,则您将无法从基础计算机连接到虚拟机。 if it is set to Hosted, you have to configure first its network settings, it is usually to provide them an IP in the range 192.168.56.0/24, since is the default the hypervisors use for this.
如果将其设置为Hosted(托管),则必须首先配置其网络设置,通常是为它们提供192.168.56.0/24范围内的IP,这是系统管理程序默认使用的IP。 if it is set to Bridge, same as Hosted but you can configure it whenever IP range makes sense for you configuration.
如果将其设置为“桥接”,则与“托管”相同,但是只要IP范围对您有意义,就可以对其进行配置。
Hope this helps. 希望这可以帮助。
解决方案2
9 2014-03-08 00:29:53
(I presume that you've concluded that it's an iptables problem by dropping the firewall completely (iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -F) and confirmed that you can connect to the MySQL server from your Windows box?) (我想您已经通过完全删除防火墙来断定这是一个iptables问题(iptables -P INPUT ACCEPT; iptables -P OUTPUT ACCEPT; iptables -F),并确认您可以从Windows框中连接到MySQL服务器吗? )
Some previous rule in the INPUT table is probably rejecting or dropping the packet. INPUT表中的某些先前规则可能是拒绝或丢弃数据包。 You can get around that by inserting the new rule at the top, although you might want to review your existing rules to see whether that's sensible: 您可以通过在顶部插入新规则来解决此问题,尽管您可能想查看现有规则以查看是否明智:
iptables -I INPUT 1 -p tcp --dport 3306 -j ACCEPT
Note that iptables-save won't save the new rule persistently (ie across reboots) - you'll need to figure out something else for that. 请注意,iptables-save不会持久保存新规则(即,在重新启动后)-您需要为此找到其他办法。 My usual route is to store the iptables-save output in a file (/etc/network/iptables.rules or similar) and then load then with a pre-up statement in /etc/network/interfaces). 我通常的方法是将iptables-save输出存储在文件(/etc/network/iptables.rules或类似文件)中,然后在/ etc / network / interfaces中加载pre-up语句。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.