Linux service starts normally, Linux server can access, but external machine cannot access

The company used Jenkins to deploy a Jenkins in its own virtual machine. After successful deployment, the Linux virtual machine can be accessed normally, but the external real machine cannot access it. The first reaction at the time was to think that it should be a permission issue, and guess if Jenkins needed to open a certain permission, the external machine would be able to access it. But for a long time to find the information, also did not say what permissions to open and so on. So again in the Linux deployment of a tomcat, found that Tomcat can not access, it is not the problem of Jenkins, it is certainly the cause of the Linux machine. Naturally think will be the cause of the wall, sure enough, a firewall is OK.

Shutting down the firewall does solve the problem, but in real-world situations, firewalls can't be shut down directly, too dangerous. What do we do? You just need to open up the port for the service.

Method One: Turn off the firewall

[[Email protected] ~]# service iptables stop #关闭防火墙

[Email protected] ~]# service iptables start #开启防火墙

[Email protected] ~]# service iptables status #查看防火墙状态

CenOS7 or Red HAT7 the command to operate the firewall has changed, the command is as follows:

[Email protected] ~]# systemctl stop Firewalld.service #关闭防火墙

[Email protected] ~]# systemctl start Firewalld.service #开启防火墙

[Email protected] ~]# systemctl status Firewalld.service #查看防火墙状态

method Two: Open the specified port

[Email protected] ~]# Vim/etc/sysconfig/iptables

: INPUT Accept [0:0]:forward Accept [0:0]:output accept [0:0]-A input-m State--state related,established-j accept-a in  Put-p icmp-j accept-a input-i lo-j accept-a input-m State--state new-m tcp-p TCP--dport 22-j ACCEPT-a   Input-m State--state new-m tcp-p TCP--dport 8080-j ACCEPT  -A input-j REJECT--reject-with Icmp-host-prohi Bited-a forward-j REJECT--reject-with icmp-host-prohibited

Note: Found-A input-m state--state new-m tcp-p TCP--dport 22-j ACCEPT This line, the day after tomorrow add the red line, you can open 8080 port

[Email protected] ~]# service iptables restart #重启防火墙才能生效

The cenOS7 or red HAT7 open port method is as follows:

[Email protected] ~]# firewall-cmd--zone=public--add-port=8080/tcp--permanent
Success

[Email protected] ~# firewall-cmd--reload #开放端口只需需要重启防火墙才能生效
Success

Note: Open port command explanation

-zone Scope

-ADD-PORT=8080/TCP add port in the format: Port/Communication protocol

--permanent Permanent entry into force

Linux service starts normally, Linux server can access, but external machine cannot access