Tentando configurar o Apache na máquina virtual remota. Não consigo acessar da minha máquina

Question

Tentando configurar o Apache na máquina virtual remota. Não consigo acessar da minha máquina

#1 resposta do (1 votos)

1

Então eu configurei o httpd e o iptables em uma máquina virtual centos 7 para a qual não tenho acesso físico. Se eu rodar curl http://localhost eu recebo um monte de html, mas se eu digitar o endereço IP da vm (que eu usei para ssh) no chrome, a requisição expira. Deixei o arquivo httpd.conf como está no exemplo, mas modifiquei meu arquivo /etc/sysconfig/iptables como:

# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Para tentar acomodar um servidor FTP e o httpd. Onde devo procurar meu servidor?

Além disso, eu removi firewalld para que não crie um problema.

Editar: iptables -nvL produzido:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 2019  143K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    3   172 INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    3   172 INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    3   172 INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 1368 packets, 1118K bytes)
 pkts bytes target     prot opt in     out     source               destination
 1368 1118K OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FWDI_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDI_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    0     0 FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain FWDO_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain FWDO_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   172 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto]

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain IN_public (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   172 IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    3   172 IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0
    3   172 IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0

Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination
    3   172 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW

Chain IN_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain IN_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination

iptables apache-2.4 centos centos7 httpd

por iHowell 28.09.2016 / 03:37

1 resposta

Tags iptables apache-2.4 centos centos7 httpd

Lidando com ataque de força bruta Como diminuir o tamanho de armazenamento suportado por arquivo Linux no targetcli

score 1 · Answer 1

Parece que você está realmente usando o firewalld. Nesse caso, /etc/sysconfig/iptables é ignorado e o firewalld é configurado usando firewall-cmd .

Apenas dizer ao firewalld para adicionar os serviços que você deseja deve ser suficiente.

firewall-cmd --add-service=http --add-service=https --add-service=ftp

Se você estiver satisfeito com os resultados, poderá salvá-los:

firewall-cmd --runtime-to-permanent

Você pode aprender mais sobre como usar o firewalld no Documentação da Red Hat .