More than 5 years have passed since last update.

Webサーバが稼動していない状態でファイアーウォールの動作を確認する

Posted at 2015-07-04

Webサーバが稼動していない状態でファイアーウォールの動作を確認する

ncコマンドで特定のポートをlistenさせる

# while true; do ( echo "HTTP/1.0 200 Ok"; echo; echo "Hello World" ) | nc -l 《port》; [ $? != 0 ] && break; done

8081ポート開放、80ポートlistenの場合

server

# netstat -lntp | egrep ":80|:8081"
#
# iptables -L -n -v | egrep ":80|:8081"
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8081
#
# while true; do ( echo "HTTP/1.0 200 Ok"; echo; echo "Hello World" ) | nc -l 80; [ $? != 0 ] && break; done

client

# curl http://192.168.56.101
curl: (7) couldn't connect to host
# curl http://192.168.56.101:8081
curl: (7) couldn't connect to host

8081ポート開放、8081ポートlistenの場合

server

# netstat -lntp | egrep ":80|:8081"
#
# iptables -L -n -v | egrep ":80|:8081"
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8081
#
# while true; do ( echo "HTTP/1.0 200 Ok"; echo; echo "Hello World" ) | nc -l 8081; [ $? != 0 ] && break; done

client

# curl http://192.168.56.101
curl: (7) couldn't connect to host
# curl http://192.168.56.101:8081
Hello World

アクセスがあるとサーバ側に出力される

server

# while true; do ( echo "HTTP/1.0 200 Ok"; echo; echo "Hello World" ) | nc -l 8081; [ $? != 0 ] && break; done
GET / HTTP/1.1
User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.15.3 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
Host: 192.168.56.101:8081
Accept: */*

^C

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up