Web开发常用端口记录+iptables设置

发布于 2016-06-15  5.81k 次阅读


Web服务:

  • 80,http协议默认端口,Apache、Nginx、Lighttpd默认
  • 443,https协议默认端口,Apache、Nginx、Lighttpd默认
  • 2082/2083,cpanel默认
  • 7080,Litespeed默认
  • 7778,kloxo面板默认
  • 8080,代理或后端服务,tomcat默认,wdcp面板默认
  • 8083,vestacp面板默认
  • 8888,AMH面板默认
  • 9000,后端服务,php-fpm默认
  • 11211,Memchached默认端口
  • 12000,magent端口,memcached代理

远程控制:

  • 22,ssh协议,sshd默认
  • 23,telnet协议,telnet默认
  • 3389,Windows远控默认

常见应用程序:

  • 3306,Mysql默认端口
  • 1723,PPTP的V%P*N默认端口
  • 25/110/143,SMTP/POP3/IMAP邮件端口
  • 2525,有时候SMTP
  • 465(587)/995/993,SMTPS/POP3S/IMAPS加密邮件端口
  • 67,DHCP服务默认
  • 53,DNS服务器默认
  • 123,时钟同步端口

iptables设置

以下内容为Centos中/etc/sysconfig/iptables的设置:

# Generated by iptables-save v1.4.7 on Fri Aug 12 00:48:14 2016
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1:152]
:vesta - [0:0]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 21,12000:12100 -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 25,465,587,2525 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 110,995 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 143,993 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306,5432 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8083 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 25 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 110 -j ACCEPT
-A INPUT -p udp -m udp --sport 123 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 143 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 3306 -j ACCEPT
-A INPUT -p tcp -m tcp --sport 12000:12100 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 50000:65534 -j ACCEPT
-A FORWARD -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
-A FORWARD -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
COMMIT
# Completed on Fri Aug 12 00:48:14 2016
# Generated by iptables-save v1.4.7 on Fri Aug 12 00:48:14 2016
*nat
:PREROUTING ACCEPT [1:44]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Aug 12 00:48:14 2016