Linux上Redis要想被远程程序通过6379接口telnet通。需要满足一下几个条件
1. redis-server ../conf/redis.conf 运行了。 并且telnet localhost 6379是通的。
2. conf/redis.conf 里面的
bind 127.0.0.1 ::1 这一行注释掉。
这里的bind指的是只有指定的网段才能远程访问这个redis。 注释掉后,就没有这个限制了。
或者bind 自己所在的网段
3. conf/redis.conf里面
protected-mode 要设置成no (默认是设置成yes的, 防止了远程访问,在redis3.2.3版本后)
4. 看服务器用的是firewall-cmd 还是iptables
如果是iptables,就vim /etc/sysconfig/iptables
增加一行
-A INPUT -p tcp -m state --state NeW -m tcp --dport 6379 -j ACCEPT
结果如下
# Generated by iptables-save v1.4.21 on Sat May 13 16:49:26 2017
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [180:33265]
:syn-flood - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 20000:30000 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NeW -m tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NeW -m tcp --dport 6379 -j ACCEPT
-A INPUT -p icmp -m limit --limit 100/sec --limit-burst 100 -j ACCEPT
-A INPUT -p icmp -m limit --limit 1/sec --limit-burst 10 -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn-flood
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A syn-flood -p tcp -m limit --limit 3/sec --limit-burst 6 -j RETURN
-A syn-flood -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Sat May 13 16:49:26 2017
然后重启iptables服务,在centos7里操作如下,并且查看iptables最终的设置信息
[root@VM_196_224_centos redis-3.2.9]# systemctl restart iptables
[root@VM_196_224_centos redis-3.2.9]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpts:dnp:ndmps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:mysql
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:6379
ACCEPT icmp -- anywhere anywhere limit: avg 100/sec burst 100
ACCEPT icmp -- anywhere anywhere limit: avg 1/sec burst 10
syn-flood tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited