iptables防火墙配置教程及代码

例题1 配置基于IP的虚拟主机

1. 配置虚拟网络接口

[root@localhost ~]# ifconfig eth0:1 192.168.0.111 up [root@localhost ~]# ifconfig eth0:2 192.168.0.222 up

如果希望实现永久配置，需要创建并改写ifcfg-eth0:1和ifcfg-eth0:2文件

创建ifcfg-eth0:1和ifcfg-eth0:2文件，复制ifcfg-eth0文件内容到这两个文件中，并将其中设备名和IP地址做如图1，图2所示的修改

[root@localhost ~]#cd /etc/sysconfig/network-scripts/ [root@localhost network-scripts]# cp ifcfg-eth0 ifcfg-eth0:1 [root@localhost network-scripts]# cp ifcfg-eth0 ifcfg-eth0:2 [root@localhost network-scripts]# vi ifcfg-eth0:1

图1 ifcfg-eth0:1内容

[root@localhost network-scripts]# vi ifcfg-eth0:2

图2 ifcfg-eth0:2内容

2. 向/etc/hosts文件增加两条IP地址与域名的映射

[root@localhost network-scripts]# echo "192.168.0.111 www.ipvhost1.me" >>/etc/hosts [root@localhost network-scripts]# echo "192.168.0.222 www.ipvhost2.me" >>/etc/hosts 3. 创建web站点192.168.0.111和192.168.0.222的文件目录树 [root@localhost network-scripts]# mkdir -p

/var/www/vhosts/192.168.0.{111,222}/{htdocs,logs,conf,cgi-bin}

[root@localhost network-scripts]# echo

"192.168.0.111">/var/www/vhosts/192.168.0.111/htdocs/index.html [root@localhost network-scripts]# echo

"192.168.0.222">/var/www/vhosts/192.168.0.222/htdocs/index.html [root@localhost network-scripts]# tree /var/www/vhosts /var/www/vhosts |-- 192.168.0.111 | |-- cgi-bin | |-- conf | |-- htdocs

| | `-- index.html | `-- logs

`-- 192.168.0.222 |-- cgi-bin |-- conf |-- htdocs

|

`-- index.html

`-- logs

10 directories, 2 files

[root@localhost network-scripts]# vi /etc/httpd/vhosts.d/ip-vhosts.conf

[root@localhost network-scripts]# apachectl -S //service httpd configtest VirtualHost configuration:

192.168.0.111:80 www.ipvhost1.me (/etc/httpd/conf.d/ip-vhosts.conf:1) 192.168.0.222:80 www.ipvhost2.me (/etc/httpd/conf.d/ip-vhosts.conf:10) Syntax OK

[root@localhost htdocs]# vi /etc/httpd/conf/httpd.conf

//使用IP地址访问

//使用IP地址访问

//使用域名访问

//使用域名访问

例题2 配置基于域名的虚拟主机

[root@localhost htdocs]# echo "192.168.0.1 " >> /etc/hosts [root@localhost htdocs]# echo "192.168.0.1 " >> /etc/hosts

[root@localhost htdocs]# mkdir -p /var/www/vhosts/olabs.{org,net}/{htdocs,logs,conf,cgi-bin} [root@localhost htdocs]# echo ""> /var/www/vhosts//htdocs/index.html [root@localhost htdocs]# echo ""> /var/www/vhosts//htdocs/index.html [root@localhost htdocs]#mkdir /etc/httpd/vhost.d

[root@localhost htdocs]#

vi /etc/httpd/vhosts.d/.conf

[root@www www]# cp /etc/httpd/vhosts.d/olabs.{org,net}.conf [root@www www]#

vi /etc/httpd/vhosts.d/.conf

[root@www vhosts.d]# service httpd configtest Syntax OK

[root@www vhosts.d]#

service httpd restart

例题3 在主配置文件中配置对/server-status访问的基本认证 [root@www conf.d]# vi /etc/httpd/conf.d/server-status.conf

[root@www conf.d]# mkdir /etc/httpd/passwd

//htpasswd建立和更新用于基本认证的存储用户名/密码的文本文件。 [root@www conf.d]# htpasswd -bcm /etc/httpd/passwd/jamond 1106 1106passwd Adding password for user 1106

[root@www conf.d]# cat /etc/httpd/passwd/jamond 1106:$apr1$G4/Lb...$DwAkUzAO/lMCml2E5pdhc0

[root@www conf.d]# htpasswd -bm /etc/httpd/passwd/jamond 1105 1105passwd Adding password for user 1105

[root@www conf.d]# cat /etc/httpd/passwd/jamond 1106:$apr1$G4/Lb...$DwAkUzAO/lMCml2E5pdhc0 1105:$apr1$8u1Hc/..$cRgnhXPkjXEygoJymL9kH/

[root@www conf.d]# chown apache /etc/httpd/passwd/jamond [root@www conf.d]# service httpd configtest

httpd: apr_sockaddr_info_get() failed for

httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName Syntax OK

[root@www conf.d]# service httpd restart

Stopping httpd: [ OK ] Starting httpd: httpd: apr_sockaddr_info_get() failed for

httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

[ OK ]

例题4 在虚拟主机下使用.htaccess文件配置认证和授权

[root@www conf.d]#

vi /etc/httpd/vhosts.d/.conf

[root@www conf.d]# service httpd restart

Stopping httpd: [ OK ] Starting httpd: httpd: apr_sockaddr_info_get() failed for

httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for

ServerName

[ OK ]

[root@www ~]# echo "digest,private">//var/www/vhosts//htdocs/private/index.html [root@www ~]# vi /var/www/vhosts//htdocs/private/.htaccess

[root@www ~]# cd /var/www/vhosts//conf/

[root@www conf]# htdigest -c digest_passwd jamond 1105 Adding password for 1105 in realm jamond. New password:

Re-type new password:

[root@www conf]# htdigest digest_passwd jamond 1106 Adding user 1106 in realm jamond New password:

Re-type new password: