问题描述
我试图在我的 Debian 系统的 iptables 中打开端口 3306 以允许访问 MySQL 服务器.为此我输入了这个命令:
I am trying to open port 3306 in iptables in my Debian System to allow access to MySQL server. For which I entered this command:
root@debian:/# sudo iptables -A INPUT -p tcp --dport 3306 ACCEPT
root@debian:/# iptables-save
我输入了新连接,它已经保存在 iptables 中,因为我可以在 iptables-save 命令生成的 iptables 列表中看到新规则.
I entered the new connection and it has been saved in iptables as I can see the new rule in iptables list genereted by iptables-save command.
但是,这个 debian 系统在 Windows7 上的 VM 上运行,我无法从 Windows telnet 到这个端口.不知道我应该在哪里检查这个问题的解决方案.
However, this debian system is running on a VM over Windows7 and I'm not able to telnet from Windows to this port. Not sure where I am supposed to check for the solution to this problem.
推荐答案
关于你的命令行:
root@debian:/# sudo iptables -A INPUT -p tcp --dport 3306 --jump ACCEPT
root@debian:/# iptables-save
您已经以
root
身份进行身份验证,因此sudo
在那里是多余的.You are already authenticated as
root
sosudo
is redundant there.您在
ACCEPT
参数之前缺少-j
或--jump
(只是认为这是一个错字和您插入正确).You are missing the
-j
or--jump
just before theACCEPT
parameter (just tought that was a typo and you are inserting it correctly).关于你的问题:
如果您在问题中正确插入
iptables
规则,则问题可能与您正在使用的管理程序(虚拟机提供程序)有关.If you are inserting the
iptables
rule correctly as you pointed it in the question, maybe the issue is related to the hypervisor (virtual machine provider) you are using.如果您提供管理程序名称(VirtualBox、VMWare?),我可以进一步指导您,但这里有一些建议您可以先尝试:
If you provide the hypervisor name (VirtualBox, VMWare?) I can further guide you on this but here are some suggestions you can try first:
检查您的虚拟机网络设置并:
check your vmachine network settings and:
如果设置为 NAT,那么您将无法从您的基础计算机连接到虚拟机.
if it is set to NAT, then you won't be able to connect from your base machine to the vmachine.
如果设置为托管,则必须首先配置其网络设置,通常为它们提供 192.168.56.0/24 范围内的 IP,因为这是管理程序用于此的默认设置.
if it is set to Hosted, you have to configure first its network settings, it is usually to provide them an IP in the range 192.168.56.0/24, since is the default the hypervisors use for this.
如果设置为 Bridge,则与 Hosted 相同,但您可以在 IP 范围对您的配置有意义时对其进行配置.
if it is set to Bridge, same as Hosted but you can configure it whenever IP range makes sense for you configuration.
希望这会有所帮助.
这篇关于在 debian 的 iptables 中添加规则以打开新端口的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,WP2