{"id":571110,"date":"2024-03-17T01:16:46","date_gmt":"2024-03-16T17:16:46","guid":{"rendered":"http:\/\/4563.org\/?p=571110"},"modified":"2024-03-17T01:16:46","modified_gmt":"2024-03-16T17:16:46","slug":"%e3%80%90%e6%95%99%e7%a8%8b%e3%80%91%e9%98%b2%e7%81%ab%e5%a2%99%e8%bd%ac%e5%8f%91-firewalld%e7%ae%80%e5%8d%95%e4%bb%8b%e7%bb%8d","status":"publish","type":"post","link":"http:\/\/4563.org\/?p=571110","title":{"rendered":"\u3010\u6559\u7a0b\u3011\u9632\u706b\u5899\u8f6c\u53d1\u2014firewalld\u7b80\u5355\u4ecb\u7ecd"},"content":{"rendered":"\n

\t\t\t\t\t\u597d\u5f97\u5927\u6069<\/strong> \t\t\t\t\u5927\u4f6c\u6709\u8bdd\u8bf4 : \t<\/p>\n

\u3010\u6559\u7a0b\u3011\u9632\u706b\u5899\u8f6c\u53d1\u2014firewalld\u7b80\u5355\u4ecb\u7ecd<\/h3>\n

\t\t \u672c\u5e16\u6700\u540e\u7531 \u597d\u5f97\u5927\u6069 \u4e8e 2024-3-17 01:32 \u7f16\u8f91 <\/p>\n

\u8f6c\u53d1\u524d\u51c6\u5907\u5de5\u4f5c<\/p>\n

1\u3001Linux\u542f\u7528IP\u8f6c\u53d1\u529f\u80fd<\/p>\n

echo "net.ipv4.ip_forward=1">>\/etc\/sysctl.conf
sysctl -p<\/p>\n

2\u3001firewalld \u5f00\u542f\u6e90\u5730\u5740\u8f6c\u6362<\/p>\n

firewall-cmd–add-masquerade –permanent
firewall-cmd –reload<\/p>\n

3\u3001firewalld\u5728\u8f6c\u53d1\u524d\u8bb0\u5f97\u653e\u884c\u5bf9\u5e94\u7aef\u53e3
firewall-cmd –permanent –add-port= <\u8f6c\u53d1\u7aef\u53e3>\/tcp<\/p>\n

–add-forward-port \u8f6c\u53d1\u6d41\u91cf<\/p>\n

1\u3001\u547d\u4ee4\u884c\u65b9\u5f0f<\/p>\n

\u6b64\u65b9\u5f0f\u4e0d\u652f\u6301\u8f6c\u53d1IPV6\u6d41\u91cf
\u8f6c\u53d1IPV6\u6d41\u91cf\u9700\u8981\u4f7f\u7528firewalld\u5bcc\u89c4\u5219<\/p>\n

firewall-cmd –zone=public –add-forward-port=port=<\u6e90\u7aef\u53e3\u53f7>:proto=<\u534f\u8bae>:toaddr=<\u76ee\u6807\u670d\u52a1\u5668IP>:toport=<\u76ee\u6807\u7aef\u53e3\u53f7> –permanent<\/p>\n

# \u5237\u65b0\u9632\u706b\u5899\u89c4\u5219
firewall-cmd –reload<\/p>\n

firewalld \u547d\u4ee4\u4f1a\u6301\u4e45\u5316\u5728 \/etc\/firewalld\/zones\/public.xml \u6587\u4ef6\u4e2d<\/p>\n

firewalld \u8f6c\u53d1\u547d\u4ee4\u5bb9\u6613\u5199\u9519\uff0c\u5efa\u8bae\u76f4\u63a5\u4fee\u6539\u914d\u7f6e\u6587\u4ef6<\/p>\n

2\u3001firewalld \u914d\u7f6e\u6587\u4ef6\u65b9\u5f0f<\/p>\n

\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539firewalld\u914d\u7f6e\u6587\u4ef6\uff0c\u8fdb\u884c\u8f6c\u53d1\u914d\u7f6e\uff0c\u7b49\u4ef7\u4e8e\u547d\u4ee4\u884c\uff08\u63a8\u8350\u4f7f\u7528\u6b64\u65b9\u5f0f\uff09<\/p>\n

\u914d\u7f6e\u6587\u4ef6 \/etc\/firewalld\/zones\/public.xml<\/p>\n

\u5355\u7aef\u53e3\u8f6c\u53d1 7007\u7aef\u53e3 \u8f6c\u53d1 xxx.xxx.xxx.xxx \u7684 3306\u7aef\u53e3<\/p>\n

\u6279\u91cf\u7aef\u53e3\u8f6c\u53d1 7007-7999\u7aef\u53e3 \u8f6c\u53d1 xxx.xxx.xxx.xxx \u7684 6379\u7aef\u53e3<\/p>\n

<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public<\/short>
<masquerade\/>
<forward-port port="7007" protocol="tcp" to-port="3306" to-addr="xxx.xxx.xxx.xxx"\/>
<forward-port port="7007-7999" protocol="tcp" to-port="6379" to-addr="xxx.xxx.xxx.xxx"\/>
<\/zone>
\u4fee\u6539\u4e4b\u540e\u8bb0\u5f97\u91cd\u542ffirewalld\u9632\u706b\u5899\u6216\u8005\u5237\u65b0\u9632\u706b\u5899\u89c4\u5219<\/p>\n

systemctl restart firewalld
firewall-cmd –reload<\/p>\n

firewalld\u5bcc\u89c4\u5219\u8f6c\u53d1\u6d41\u91cf<\/p>\n

\u53ef\u4ee5\u8f6c\u53d1IPV4\uff0c\u4e5f\u53ef\u4ee5\u8f6c\u53d1IPV6\uff0c\u8fd9\u91cc\u4ecb\u7ecd\u8f6c\u53d1IPV6\u6d41\u91cf
#\u5f00\u542fipv6\u6e90\u5730\u5740\u8f6c\u6362
firewall-cmd –permanent –add-rich-rule=’rule family=ipv6 masquerade’<\/p>\n

#firewalld\u5bcc\u89c4\u5219\u8f6c\u53d1ipv6
firewall-cmd –permanent –add-rich-rule="rule family="ipv6"forward-port port="\u6e90\u7aef\u53e3" protocol="tcp" to-port="\u76ee\u6807\u7aef\u53e3" to-addr="""<\/p>\n

\u53ef\u4ee5\u901a\u8fc7\u4fee\u6539firewalld\u914d\u7f6e\u6587\u4ef6\uff0c\u8fdb\u884c\u8f6c\u53d1\u914d\u7f6e\uff0c\u7b49\u4ef7\u4e8e\u547d\u4ee4\u884c<\/p>\n

<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public<\/short>
<rule family="ipv6">
    <forward-port port="\u6e90\u7aef\u53e3" protocol="tcp" to-port="\u76ee\u6807\u7aef\u53e3" to-addr=""\/>
<\/rule>
<rule family="ipv6">
    <masquerade\/>
<\/rule>
<\/zone><\/p>\n","protected":false},"excerpt":{"rendered":"

\u597d\u5f97\u5927\u6069 \u5927\u4f6c\u6709\u8bdd\u8bf4 : \u3010\u6559\u7a0b\u3011…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[],"tags":[],"_links":{"self":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/571110"}],"collection":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=571110"}],"version-history":[{"count":0,"href":"http:\/\/4563.org\/index.php?rest_route=\/wp\/v2\/posts\/571110\/revisions"}],"wp:attachment":[{"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=571110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=571110"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/4563.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=571110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}