Shulou(Shulou.com)06/01 Report--

Firewall, inbound and outbound rules, hostname, hosts mapping

Text keywords: firewall, inbound and outbound rules, hostname, hosts mapping

1. Firewall 1. The role of firewalls

When it comes to firewalls, we can more or less know that this is a defensive function that can play a protective role on the network. Usually we can turn on or off the firewall directly in the system, which will expose our system directly to all kinds of *, so we usually turn off the firewall in the virtual machine to simulate the remote testing of most software.

In addition, in addition to personal computers can set firewalls, network administrators and network operators can also directly set firewalls (network access rules) for hardware devices at all levels, such as routers.

2. Windows firewall switch opens the control panel: you can select-Category in the view method, and then click Network and Internet

Select: network and sharing Center

Select: Windows Firewall

Select: enable or disable Windows Firewall

Click OK after modification

3. The Linux firewall switch uses the setup command under the root user, selects through the up and down keys, and quickly switches to the button through the tab key.

Enter the firewall configuration interface and use the spacebar to turn on and off the firewall

Save and exit after modification is completed. In this way, the firewall state can be modified directly and permanently (restart does not fail)

II. Entry and exit rules

When we visit a web address from a computer or send a request from a computer, we all send requests through a specific port, such as the default port number of the http protocol (mainly based on browser software-initiated access) is 80, which can be omitted. Then this process consists of two parts: a computer sends out the request, and the target computer receives the request. We call sending a request outbound and receiving a request inbound, and the firewall of each machine will participate in the whole process.

Under normal circumstances, we will release all outbound without any restrictions, unless we have special needs, such as: we need to use a certain software offline. Inbound rules will be set according to the different ports used by different software. The inbound and outbound rules only take effect when the firewall is turned on, and when the firewall is turned off, there are no restrictions on all access requests.

1. Physical machine configuration

If we are using our own laptop or working PC, we usually set up the entry and exit rules directly or through the relevant software.

Windows system (similar to Windows Server):

Choose from the configuration interface of Windows Firewall: advanced Settings

Select rules that need to be modified

You can specify a program or port in the rule type interface

The range of ports is 0-65535. You can specify a specific port or specify an interval.

You can choose to allow or disable it in the operation options.

Specify the effective network location

The rule takes effect after adding a name and description

Linux system:

The path where the configuration file is located: / etc/sysconfig/iptables. The original content is as follows. Port 22 is open by default. When the firewall is turned off, the file disappears and the corresponding iptables.old file is generated.

If you need to open a port, you can follow line 10 and modify the port number 22. More specific modifications and command operations will be described in detail in other articles. two。 CVM configuration

If we use a CVM (that is, a server that can be accessed in the cloud provided by Aliyun, Baidu Cloud and other server operators), we usually do not need to make relevant changes in the system. Instead, set access rules in the console of the product. When we install database software on the server, or deploy a website, we must ensure that the corresponding port is open when we want to access it remotely and directly. Take Aliyun lightweight server as an example.

Go to the product console:

Click on the leased server:

You can see that this server has two IP addresses, of which the public network IP is used for remote access and only opens the necessary ports. The other is the private network ip, which is used to access the internal machines of Aliyun, so that we do not need to set the corresponding port every time we install software. We can use the private network ip when we need to access the internal machines of the CVM.

Click Firewall under Security Settings on the left

As you can see, three ports are open by default: 80 (HTTP), 443 (HTTPS), 22 (SSH).

Click add rule to open a port, and you can also set a certain range.

3. Hostname

In fact, the host name is an identification of the computer, which makes it easy for us to distinguish between machines. In the case of multiple machines, we usually give the machine a custom name and number, which helps us to improve our work efficiency.

1. Windows hostname modification right: my computer, click: properties, select: change settings

Click: change

Restart takes effect after modification is completed

2. Linux hostname modification configuration file: / etc/sysconfig/network

You need to use root users to modify the file. You can use the hostname command to make the new hostname take effect immediately after restart. It should be noted that if the new hostname is not modified in the configuration file, it will expire after restart. # check the current system hostname hostname# temporarily modify the hostname to: zhuyc, take effect immediately hostname zhuyc IV, hosts mapping 1. Hosts file function

Speaking of hosts files, this is an ancient document that can be traced back to the era when the Internet was just born. Because there were few websites at the beginning of the Internet, and when you visit, you don't want to remember the IP address, so you have this notebook that records the corresponding relationship between the ip address and the URL, which is usually maintained by the company. When you enter a certain URL name, you automatically find the corresponding IP address. However, with more and more websites and more and more frequent additions, it is no longer realistic to use one file to record all the websites, or even an impossible task, so the coming DNS appears.

So back today, what's the use of hosts files? First of all, his function, especially, can still be used to record the correspondence between an IP address and a URL (although we no longer need to do so, when using a browser to access a URL, we will first read the local hosts file, and then go to the DNS server address). Second, we can record the IP addresses of some commonly used working servers, customize some names for these addresses, and declare them in the hosts file. After declaring them, we can directly use the custom names without having to remember IP.

The content configuration of the file is also very simple, the first column is listed as the IP address, and the second column is followed by an alias, which can have multiple columns, that is, multiple names can be defined for an IP address. After the configuration is complete, you can use the ping IP address alias to test whether it works.

2. Windows system configuration hosts file location

C:\ Windows\ System32\ drivers\ etc\ hosts

Remove read-only permissions from hosts files

Right click to find the file: properties-> Security tab-> Select: Users-> Click: edit

Check full control

Next, you can edit it using super notepad software, and you must pay attention to temporarily shutting down 360 and other system protection tools. In addition, the hosts file itself does not have a file suffix, save failure must check the security settings, save as out of the suffixed hosts.txt will not take effect.

3. Linux system configuration hosts file location

/ etc/hosts

You can edit and modify it using root users. Other uses

The hosts file also has many wonderful uses. For example, some software will always request their official website address in the background to confirm the registration information and get the update prompt. Then we can add the URL he requested (usually the official website address) to the hosts file, and then fill in the part of the IP address: 127.0.0.1. In this way, when the software is accessed, it will be pointed to locally every time, thus shielding functions such as automatic updates. At the same time, because the browser will also search DNS when visiting the URL, the access will not be affected, and the network request of the software itself will not be affected. You can try it yourself (not good for all software).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.