Windows Host cannot access server

When installing Hadoop under CentOS, it is always shown that the host cannot access the server because of the network port, so it is intended to shut down the firewall first.

Accidentally see the firewall configuration operation instructions, feel good. Execute the "Setup" command to start the text mode configuration Utility, select "Firewall Configuration" in "Select a tool", then select the "Run Tool" button, the firewall configuration interface, "Security level" set to "disabled", and then choose OK.

or with a command:

#/sbin/iptables-i input-p tcp–dport 8088-j ACCEPT
#/sbin/iptables-i input-p tcp–dport 8042-j ACCEPT
#/etc/rc.d/init.d/iptables Save
#/etc/init.d/iptables restart
#/etc/init.d/iptables status

This allows the firewall to open 8088 and 8042 ports by default.

To turn off the Firewall service:
#/etc/init.d/iptables stop

Permanently closed? Do not know how a permanent method:
#chkconfig –level iptables off

Read several page content is wrong, the following is the correct method:

#/sbin/iptables-i input-p tcp--dport 8088-j ACCEPT
#/sbin/iptables-i input-p TCP--dport 8042-j ACCEPT

Then Save:
#/etc/rc.d/init.d/iptables Save

Check to see if it already has:
[[email protected] ~]#/etc/init.d/iptables statustable:filterchain INPUT (policy ACCEPT) num target prot opt source Desti Nation 1 ACCEPT UDP--0.0.0.0/0 0.0.0.0/0 UDP dpt:80882 ACCEPT TCP--0.0.0.0/0 0.0.0.0/0 TCP dpt:803 rh-firewall-1-input All--0.0.0.0/0 0.0.0.0/0 Chain FORWARD (Policy AC CEPT) num Target prot opt source destination 1 rh-firewall-1-input All-0.0.0.0/0 0.0.0.0/0

The server suffered a large number of syn_recv,80 end number of death, the website cannot open
No hard-

Is there any way to solve this?

1
Sysctl-w Net.ipv4.tcp_syncookies=1 #启用使用syncookies
Sysctl-w Net.ipv4.tcp_synack_retries=1 #降低syn重试次数
Sysctl-w Net.ipv4.tcp_syn_retries=1 #降低syn重试次数
Sysctl-w net.ipv4.tcp_max_syn_backlog=6000 #最大半连接数
Sysctl-w net.ipv4.conf.all.send_redirects=0
Sysctl-w net.ipv4.conf.all.accept_redirects=0 #不接受重定向的icmp數據包
Sysctl-w net.ipv4.tcp_fin_timeout=30
Sysctl-w net.ipv4.tcp_keepalive_time=60
Sysctl-w net.ipv4.tcp_window_scaling=1
Sysctl-w net.ipv4.icmp_echo_ignore_all=1 #禁止ICMP
Sysctl-w Net.ipv4.icmp_echo_ignore_broadcasts=1 #ICMP禁止广播

2. Limit the number of connections per unit of time, such as:
Iptables-n Syn-flood
Iptables-a forward-p TCP--syn-j Syn-flood
Iptables-a input-p TCP--syn-j Syn-flood
Iptables-a syn-flood-p tcp--syn-m limit--limit 3/s--limit-burst 1-j accep
Iptables-a syn-flood-j DROP
Iptables-a input-i eth0-p TCP! --syn-m State--state New-j DROP
Iptables-a input-p TCP--syn-m State--state new-j DROP

3 If it still does not work,
Iptables-a input-p TCP--dport 80-m recent--name bad_http_access--update--seconds the--hitcount 30-j REJECT
Iptables-a input-p TCP--dport 80-m recent--name bad_http_access--set-j accep

If the traffic is more than your server traffic, then there is no way, if the traffic is not large, the above method, you can temporarily ensure that your 80 can access

If your kernel already supports iptables connlimit can be used, iptables settings section, you can also use

Iptables-i forward-p TCP--syn-m connlimit--connlimit-above 5-j DROP
Or
Iptables-a input-p TCP--syn--dport 80-m connlimit--connlimit-above 5-j REJECT

When dealing with SYN flood, what really works is:

Sysctl-w Net.ipv4.tcp_syncookies=1 #启用使用syncookies
Sysctl-w Net.ipv4.tcp_synack_retries=1 #降低syn重试次数
Other iptables throttling speed features cannot be used against SYN flood (denial of service is not blocked, but it does prevent server crash).

Windows Host cannot access server