linux系统部署完应用无法访问主要原因是
linux开启了防火墙,有两种解决方案,一种是关闭防火墙,另外一种是开放所要访问的端口
vi /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
特别提示:很多网友把这两条规则添加到防火墙配置的最后一行,导致防火墙启动失败,正确的应该是添加到默认的22端口这条规则的下面
添加好之后防火墙规则如下所示:
######################################
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
#####################################
/etc/init.d/iptables restart 最后重启防火墙使配置生效
/etc/init.d/iptables save
/etc/init.d/iptables status 查看打开的端口
/etc/init.d/iptables stop 关闭防火墙
1) 重启后永久生效
开启: chkconfig iptables on
关闭: chkconfig iptables off
检查:chkconfig --list | grep iptables
service iptables status 查看防火墙状态
2) 即时生效,重启后失效
开启: service iptables start
关闭: service iptables stop
永久关闭防火墙#此方法源自网络,未实验,安全考虑拒绝使用此方法
chkconfig --level 35 iptables off
来源: http://www.myhack58.com/Article/sort099/sort0102/2013/40418.htm