使用JUNOS查询网络服务端口号码

FreeBSD系统中,大部分在RFC 1700中被分配的常用网络协议端口号码已经被列入/etc目录下的service文件当中,方便网络和系统管理员随时查询。当你使用show system connections命令查询当前JUNOS系统连接状态的时候,假如你不确定某个端口号码代表当前Juniper Networks路由器向网络开放了具体哪种服务,那么当你拥有在Juniper路由器上的super-user权限时,可以通过进入UNIX shell来直接查询这个文件。注意以下%为FreeBSD的UNIX shell提示符。

nigel@junos> start shell
% cd /etc
% more services
#
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign
# a single well-known port number for both TCP and UDP;
# hence, most entries here have two entries even if the
# protocol doesn't support UDP operations. Updated from
# RFC 1700, ``Assigned Numbers'' (October 1994).  All
# ports are included.
#
# The latest IANA port assignments can be gotten from
#       http://www.isi.edu/in-notes/iana/assignments/
# port-numbers
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152
# through 65535
#
# Kerberos services are for Kerberos v4, and are
# unofficial. Sites running v5 should uncomment v5
# entries and comment v4 entries.
#
# $FreeBSD: src/etc/services,v 1.62.2.3 2000/10/05
# 07:37:37 sheldonh Exp $
#       From: @(#)services      5.8 (Berkeley) 5/9/91
#
# WELL KNOWN PORT NUMBERS
#
rtmp         1/ddp #Routing Table Maintenance Protocol
tcpmux       1/tcp #TCP Port Service Multiplexer
......
<!--output omitted-->

% cli
nigel@junos> 

然而,根据FreeBSD不同的版本,被收录在/etc/service文件当中的端口号码有可能多达19172个,那么你最好使用pipe让JUNOS仅仅列出你需要了解的相关协议端口号码。另外,出于网络安全考虑,默认情况下JUNOS关闭Juniper路由器上包括telnet, ftp, SSH在内所有的网络服务,你需要通过配置JUNOS将这些服务打开。先使用file show /etc/services查找关于ftp服务的端口号码。

nigel@junos> file show /etc/services | match ftp
ftp-data	 20/tcp	   #File Transfer [Default Data]
ftp-data	 20/udp	   #File Transfer [Default Data]
ftp		 	 21/tcp	   #File Transfer [Control]
ftp		 	 21/udp	   #File Transfer [Control]
ni-ftp		 47/tcp	   #NI FTP
ni-ftp		 47/udp	   #NI FTP
tftp		 69/tcp	   #Trivial File Transfer
tftp		 69/udp	   #Trivial File Transfer
sftp		115/tcp	   #Simple File Transfer Protocol
sftp		115/udp	   #Simple File Transfer Protocol
bftp		152/tcp	   #Background File Transfer Program
bftp		152/udp	   #Background File Transfer Program
softpc		215/tcp	   #Insignia Solutions
softpc		215/udp	   #Insignia Solutions
......
<!--output omitted-->

查询JUNOS系统连接,确认Juniper路由器当前并没有打开ftp网络服务端口21

nigel@junos> show system connections | match 21 | count
Count: 0 lines

配置JUNOS系统服务,打开Juniper路由器的ftp与ssh网络服务。

nigel@junos> configure
Entering configuration mode

[edit]
nigel@junos# set system services ftp 

[edit]
nigel@junos# set system services ssh   

[edit]
nigel@junos# show system services
ftp;
ssh;
telnet;

[edit]
nigel@junos# commit
commit complete

最后,重新查看JUNOS系统连接状态,确认Juniper路由器的ftp网络服务端口21已经被打开,并且JUNOS对该端口号码处于监听状态。

nigel@junos# run show system connections | match 21
tcp4       0      0  *.21        *.*       LISTEN
Advertisements

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s