Tuesday, December 18, 2012

Liệt kê các port đang được mở và mở port

Chúng ta sử dụng lệnh sau :

netstat -tunap | grep LISTEN

Ví dụ :


Hoặc :


Scan all port Openning in centos using :

nmap 127.0.0.1





If you want to open a single port:

open iptables file : vi /etc/sysconfig/iptables

Add below line to open port.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT

For multiple, you can use the following instead (or repeat the above line multiple times):

-A INPUT -m state --state NEW -m tcp -p tcp -m multiport --dports 22,80,143 -j ACCEPT

The reason your line doesn't work is likely because you don't have a chain named 'RH-Firewall-1-INPUT'.

CentOS 6 simply uses 'INPUT' as the chain name.

You'll note something like the following at the top of the default config, naming the chains that exist:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]

Just to explain a bit further, the line -A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT means:

-A: append a rule
INPUT: to the INPUT chain
-m state: use the 'state' module
--state NEW: only look for NEW connections (i.e. not those that are previously established/related)
-m tcp: use the tcp module
-p tcp: look for packets using the TCP protocol
--dport 143: look for packets with a destination port of 143


To save  :
#/sbin/service iptables save
#/etc/init.d/iptables restart