Como posso abrir a porta no Linux que pode ser acessada remotamente?

0

Meu sistema operacional é Linux Linux 4.16.0-1-amd64 #1 SMP Debian 4.16.5-1 (2018-04-29) x86_64 GNU/Linux

O que eu fiz até agora:

  1. firewall-cmd --zone=public --add-port=80/tcp --permanent
  2. service apache2 start
$ ifconfig
eth0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether ec:f4:bb:2f:a2:d9  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 20  memory 0xf7e00000-f7e20000  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 42755  bytes 13664431 (13.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 42755  bytes 13664431 (13.0 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.114.78.190  netmask 255.255.254.0  destination 10.114.78.190
        inet6 fe80::210f:a96c:d5a5:3fa3  prefixlen 64  scopeid 0x20<link>
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 4769  bytes 4257812 (4.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4998  bytes 563665 (550.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.3  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::388c:953e:1407:3478  prefixlen 64  scopeid 0x20<link>
        ether 80:86:f2:6e:59:e2  txqueuelen 1000  (Ethernet)
        RX packets 275285  bytes 299762462 (285.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 197708  bytes 37515636 (35.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Aqui está o meu iptables:

$ iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_public
-N FWDI_public_allow
-N FWDI_public_deny
-N FWDI_public_log
-N FWDO_public
-N FWDO_public_allow
-N FWDO_public_deny
-N FWDO_public_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_public
-N IN_public_allow
-N IN_public_deny
-N IN_public_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i wlan0 -g FWDI_public
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o wlan0 -g FWDO_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i wlan0 -g IN_public
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 8000 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 4443 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 2082 -m conntrack --ctstate NEW -j ACCEPT
$ nmap 192.168.1.3
Starting Nmap 7.70 ( https://nmap.org ) at 2018-05-28 20:00 +0430
Nmap scan report for 192.168.1.3
Host is up (0.0000090s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds


$ ip -4 addr show scope global
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.1.3/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
       valid_lft 79607sec preferred_lft 79607sec
14: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    inet 10.114.78.190/23 brd 10.114.79.255 scope global tun0
       valid_lft forever preferred_lft forever
┬─[root@Linux:/home/linux/Desktop]─[08:02:12 PM]
╰─>$ ip route show | grep default
default via 192.168.1.1 dev wlan0 proto dhcp metric 600 
┬─[root@Linux:/home/linux/Desktop]─[08:02:13 PM]


$ netstat -ntlp | grep LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN      9655/apache2   

Eu posso acessar o apache com o URL http://192.168.13 , bem como http://127.0.0.1 ou pelo nome do host, mas não consigo obtê-lo remotamente. Eu estou usando o Windscribe VPN. Eu tentei whatismyip website e, em seguida, escrito IP + porta 80, mas não consigo acessar remotamente. Também verifiquei a porta em ping.eu and canyouseeme.org , mas mostrando fechada

== > Um isso é muito importante que quando eu verificar como:

$ netstat -tanp |grep 80
tcp        0      1 10.114.78.190:45684     89.38.99.102:80         LAST_ACK    -                   
tcp6       0      0 :::80                   :::*                    LISTEN      9655/apache2       

1) Em seguida, verifique os sites mostrando Success mensagem para este IP 89.38.99.102 . De onde veio esse IP no meu pc?

2) 89.38.99.102:80 correu mas deu Forbidden message

Por favor, informe como eu posso abrir a porta 80 no meu pc Linux e posso acessá-la remotamente de qualquer outro computador que tenha conexão com a internet

Obrigado antecipadamente

    
por Raakh 28.05.2018 / 17:46

0 respostas