162 lines
3.4 KiB
Markdown
162 lines
3.4 KiB
Markdown
|
# 检查并开放端口 29419 - 操作步骤
|
|||
|
|
|
|||
|
|
## 当前状态
|
|||
|
|
|
|||
|
|
✅ **腾讯云安全组**:已配置开放 29419 端口
|
|||
|
|
✅ **Gerrit 服务**:正在监听 29419 端口(进程 29768)
|
|||
|
|
❌ **本地防火墙**:可能仍在阻止端口访问
|
|||
|
|
|
|||
|
|
## 需要执行的命令
|
|||
|
|
|
|||
|
|
请在服务器上以 root 权限执行以下命令:
|
|||
|
|
|
|||
|
|
### 步骤 1:检查防火墙状态
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 检查 firewalld 是否运行
|
|||
|
|
sudo systemctl status firewalld
|
|||
|
|
|
|||
|
|
# 检查 iptables 规则
|
|||
|
|
sudo iptables -L -n | grep 29419
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 步骤 2:开放端口(选择一种方法)
|
|||
|
|
|
|||
|
|
#### 方法 A:使用 firewall-cmd(如果 firewalld 正在运行)
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 添加端口
|
|||
|
|
sudo firewall-cmd --permanent --add-port=29419/tcp
|
|||
|
|
|
|||
|
|
# 重新加载
|
|||
|
|
sudo firewall-cmd --reload
|
|||
|
|
|
|||
|
|
# 验证
|
|||
|
|
sudo firewall-cmd --list-ports | grep 29419
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
#### 方法 B:使用 iptables(如果使用 iptables)
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 添加规则
|
|||
|
|
sudo iptables -I INPUT -p tcp --dport 29419 -j ACCEPT
|
|||
|
|
|
|||
|
|
# 保存规则(CentOS 7)
|
|||
|
|
sudo iptables-save > /etc/sysconfig/iptables
|
|||
|
|
|
|||
|
|
# 验证
|
|||
|
|
sudo iptables -L -n | grep 29419
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 步骤 3:验证端口可访问性
|
|||
|
|
|
|||
|
|
从**客户端**(您的 Windows 电脑)测试:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 测试 SSH 连接
|
|||
|
|
ssh -p 29419 renjianbo@101.43.95.130 gerrit version
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
如果成功,会显示 Gerrit 版本信息。
|
|||
|
|
|
|||
|
|
### 步骤 4:测试 Git 推送
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
cd /d/zhini_im_android
|
|||
|
|
git push origin HEAD:refs/for/master
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 如果仍然无法连接
|
|||
|
|
|
|||
|
|
### 检查 iptables 默认策略
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 查看 INPUT 链的默认策略
|
|||
|
|
sudo iptables -L INPUT -n
|
|||
|
|
|
|||
|
|
# 如果默认策略是 DROP,需要确保有 ACCEPT 规则
|
|||
|
|
# 或者临时修改策略(不推荐生产环境)
|
|||
|
|
sudo iptables -P INPUT ACCEPT
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 检查是否有其他防火墙软件
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 检查是否有其他防火墙服务
|
|||
|
|
sudo systemctl list-units | grep -i firewall
|
|||
|
|
sudo systemctl list-units | grep -i iptables
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
### 检查 SELinux(如果启用)
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 检查 SELinux 状态
|
|||
|
|
getenforce
|
|||
|
|
|
|||
|
|
# 如果启用,可能需要配置 SELinux 规则
|
|||
|
|
sudo semanage port -a -t ssh_port_t -p tcp 29419
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 快速诊断脚本
|
|||
|
|
|
|||
|
|
在服务器上执行以下命令进行完整诊断:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
echo "=== 1. 检查 Gerrit 服务 ==="
|
|||
|
|
netstat -tlnp | grep 29419
|
|||
|
|
|
|||
|
|
echo ""
|
|||
|
|
echo "=== 2. 检查 firewalld ==="
|
|||
|
|
sudo systemctl status firewalld 2>/dev/null | head -3
|
|||
|
|
|
|||
|
|
echo ""
|
|||
|
|
echo "=== 3. 检查 firewall-cmd 规则 ==="
|
|||
|
|
sudo firewall-cmd --list-ports 2>/dev/null || echo "firewalld 未运行"
|
|||
|
|
|
|||
|
|
echo ""
|
|||
|
|
echo "=== 4. 检查 iptables 规则 ==="
|
|||
|
|
sudo iptables -L -n | grep 29419 || echo "未找到 29419 规则"
|
|||
|
|
|
|||
|
|
echo ""
|
|||
|
|
echo "=== 5. 检查 iptables 默认策略 ==="
|
|||
|
|
sudo iptables -L INPUT -n | head -5
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 完整解决方案(一键执行)
|
|||
|
|
|
|||
|
|
如果确定使用 iptables,可以执行:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 添加规则
|
|||
|
|
sudo iptables -I INPUT -p tcp --dport 29419 -j ACCEPT
|
|||
|
|
|
|||
|
|
# 保存规则
|
|||
|
|
sudo iptables-save > /etc/sysconfig/iptables
|
|||
|
|
|
|||
|
|
# 验证
|
|||
|
|
sudo iptables -L -n | grep 29419
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
如果确定使用 firewalld,可以执行:
|
|||
|
|
|
|||
|
|
```bash
|
|||
|
|
# 确保 firewalld 运行
|
|||
|
|
sudo systemctl start firewalld
|
|||
|
|
sudo systemctl enable firewalld
|
|||
|
|
|
|||
|
|
# 添加端口
|
|||
|
|
sudo firewall-cmd --permanent --add-port=29419/tcp
|
|||
|
|
sudo firewall-cmd --reload
|
|||
|
|
|
|||
|
|
# 验证
|
|||
|
|
sudo firewall-cmd --list-ports | grep 29419
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
## 注意事项
|
|||
|
|
|
|||
|
|
1. ⚠️ 如果修改了防火墙规则,建议先测试,确保不会影响其他服务
|
|||
|
|
2. ⚠️ 生产环境建议使用更严格的防火墙规则(限制源 IP)
|
|||
|
|
3. ✅ 修改后记得保存规则,确保重启后仍然有效
|
|||
|
|
|
|||
|
|
|