在 centOS 裡,使用 lighttpd 或 nginx 加 web server 時,default 的 port 可以通,但其他的卻不行。原因是 SELinux 造成。
SELinux 預設只允許 SSH 使用埠號 22, 執行以下指令開啟埠號 2202: (如果你設定的埠號不是 2202, 要將指令修改)
# semanage port -a -t ssh_port_t -p tcp 2202
設定後可以執行 semanage 檢查是否開啟 2202 埠號:
# semanage port -l | grep ssh ssh_port_t tcp 2202, 22
除了開啟 SELinux 外,還要設定 firewalld 開啟埠號 2202:
# firewall-cmd --permanent --zone=public --add-port=2202/tcp
重新載入 firewalld
# firewall-cmd –reload
沒有問題後可以重新啟動 SSH Server:
# systemctl restart sshd.service
更改 SSH 預設埠號後,在終端機連接到 SSH 要加上 -p 參數指定埠號,例如:
ssh -p 2202 [email protected]
This will most likely be related to SELinux
semanage port -l | grep http_port_t
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
As you can see from the output above with SELinux in enforcing mode http is only allowed to bind to the listed ports. The solution is to add the ports you want to bind on to the list
semanage port -a -t http_port_t -p tcp 8090
will add port 8090 to the list.
It is unusual to get a “Permission denied” message when running a command using sudo
. I might check that SELinux isn’t installed/enabled.
The usual reason a network service fails to bind to a port is because the TCP port is already in use by some other service. The usual way to check this is
$ sudo netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 :::80 :::* LISTEN 3944/httpd
tcp 0 0 :::22 :::* LISTEN 3834/sshd
tcp 0 0 :::443 :::* LISTEN 3944/httpd
Here we can see that port 80 is already in use by the httpd program.
If there is a better explanation, someone will be along soon to downvote this answer and post a more useful one 🙂