GCE上的CentOS防火墙问题 [英] CentOS Firewall Issues on GCE

问题描述

我正在为GCE进行"Hello World"练习.首先，我使用CentOS映像，添加了实例，安装了Apache，添加了防火墙.就配置而言，一切看起来都不错.当我尝试从外部访问网页时，无法访问该页面.

I am trying out a "Hello World" exercise for GCE. First, I went with CentOS Image, added the instance, installed Apache, added the Firewall. All looks good as far as configuration is concerned. When I try to access the web page from outside, it cannot reach the page.

本地Apache服务器正在运行，我可以从本地实例进行卷曲，一切都很好.

The Local Apache Server is running, from the local instance I can do a curl and all is well.

另一方面，如果我尝试使用Debian发行版执行相同的步骤，那么一切都会顺利进行.

On the other hand, if I try out the same exact steps with the Debian distribution, everything works smoothly.

我看到了另一条帖子，其中提到了其他防火墙设置，但我还没有尝试过，我不确定为什么也应该这样做.

I saw another post that mentioned about additional firewall settings but I have not tried that out and I am not sure why it should be done either.

任何人都可以解释CentOS设置是否确实需要其他防火墙设置吗?这些是什么?

Can anyone explain if the CentOS setup does need additional Firewall settings and what those are?

推荐答案

CentOS默认使用限制性操作系统级别的防火墙(使用iptables)，而debian默认使用许可性防火墙.您也可以在CentOS上放宽防火墙规则.在Compute Engine上运行时，服务级别防火墙将仅允许通过已配置的端口从Internet连接.

CentOS defaults to a restrictive operating system level firewall (using iptables), while debian defaults to a permissive one. You can relax the firewall rules on CentOS as well. When running on Compute Engine, the service level firewall will only allow connections from the internet via configured ports.

要放松CentOS防火墙:

To relax the CentOS firewall:

$ sudo iptables -D  INPUT -j REJECT --reject-with icmp-host-prohibited

然后测试您的连接是否按预期工作.要在系统重新启动时保存此配置，请执行以下操作:

Then test that your connections work as expected. To save this configuration across system reboots:

$ /sbin/service iptables save

请参阅CentOS Wiki上的 IPTables HowTo ，以获取有关在以下平台上使用iptables的更多信息. CentOS.

See the IPTables HowTo on the CentOS wiki for more information about working with iptables on CentOS.

这篇关于GCE上的CentOS防火墙问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！