opening a port in iptables - Security

This is a discussion on opening a port in iptables - Security ; Greetings Group; I installed centOS 4.4 server this weekend to replace an old red hat 7.3. I run a genealogy database (geneweb) that needs port 2317 open. IPTABLES blocks this port. How do I issue a command or edit a ...

+ Reply to Thread
Results 1 to 15 of 15

Thread: opening a port in iptables

  1. opening a port in iptables

    Greetings Group;

    I installed centOS 4.4 server this weekend to replace an old red hat 7.3.

    I run a genealogy database (geneweb) that needs port 2317 open. IPTABLES
    blocks this port.

    How do I issue a command or edit a config file to accomplish this? The man
    file is quite extensive, and even though I've worked with linux 10 years,
    this forum is better than me slugging it out

    Thanks.

    Doug



  2. Re: opening a port in iptables

    On Sat, 28 Apr 2007 11:42:53 -0500, Doug Holtz wrote:

    > Greetings Group;
    >
    > I installed centOS 4.4 server this weekend to replace an old red hat 7.3.
    >
    > I run a genealogy database (geneweb) that needs port 2317 open. IPTABLES
    > blocks this port.
    >
    > How do I issue a command or edit a config file to accomplish this? The man
    > file is quite extensive, and even though I've worked with linux 10 years,
    > this forum is better than me slugging it out
    >
    > Thanks.
    >
    > Doug


    $IPTABLES -A INPUT -p tcp -i eth0 --dport 2317 -j ACCEPT


    --
    Chaos, panic & disorder - my work here is done
    http://beginnerslinux.org

  3. Re: opening a port in iptables


    "repo" wrote in message
    news:lihcg4-qa5.ln1@cannabis.beginnerslinux.org...
    > On Sat, 28 Apr 2007 11:42:53 -0500, Doug Holtz wrote:
    >
    >> Greetings Group;
    >>
    >> I installed centOS 4.4 server this weekend to replace an old red hat 7.3.
    >>
    >> I run a genealogy database (geneweb) that needs port 2317 open. IPTABLES
    >> blocks this port.
    >>
    >> How do I issue a command or edit a config file to accomplish this? The
    >> man
    >> file is quite extensive, and even though I've worked with linux 10 years,
    >> this forum is better than me slugging it out
    >>
    >> Thanks.
    >>
    >> Doug

    >
    > $IPTABLES -A INPUT -p tcp -i eth0 --dport 2317 -j ACCEPT
    >
    >
    > --
    > Chaos, panic & disorder - my work here is done
    > http://beginnerslinux.org


    Thanks repo.



  4. Re: opening a port in iptables


    "repo" wrote in message
    news:lihcg4-qa5.ln1@cannabis.beginnerslinux.org...
    > On Sat, 28 Apr 2007 11:42:53 -0500, Doug Holtz wrote:
    >
    >> Greetings Group;
    >>
    >> I installed centOS 4.4 server this weekend to replace an old red hat 7.3.
    >>
    >> I run a genealogy database (geneweb) that needs port 2317 open. IPTABLES
    >> blocks this port.
    >>
    >> How do I issue a command or edit a config file to accomplish this? The
    >> man
    >> file is quite extensive, and even though I've worked with linux 10 years,
    >> this forum is better than me slugging it out
    >>
    >> Thanks.
    >>
    >> Doug

    >
    > $IPTABLES -A INPUT -p tcp -i eth0 --dport 2317 -j ACCEPT
    >
    >
    > --
    > Chaos, panic & disorder - my work here is done
    > http://beginnerslinux.org


    repo;

    I had to edit the iptables file in /etc/sysconfig to add the line. I also
    had to add a line to open port 2316 (a supporting port apparently). It
    works.

    Thanks.

    Doug



  5. Re: opening a port in iptables


    "repo" wrote in message
    news:lihcg4-qa5.ln1@cannabis.beginnerslinux.org...
    > On Sat, 28 Apr 2007 11:42:53 -0500, Doug Holtz wrote:
    >
    >> Greetings Group;
    >>
    >> I installed centOS 4.4 server this weekend to replace an old red hat 7.3.
    >>
    >> I run a genealogy database (geneweb) that needs port 2317 open. IPTABLES
    >> blocks this port.
    >>
    >> How do I issue a command or edit a config file to accomplish this? The
    >> man
    >> file is quite extensive, and even though I've worked with linux 10 years,
    >> this forum is better than me slugging it out
    >>
    >> Thanks.
    >>
    >> Doug

    >
    > $IPTABLES -A INPUT -p tcp -i eth0 --dport 2317 -j ACCEPT
    >
    >
    > --
    > Chaos, panic & disorder - my work here is done
    > http://beginnerslinux.org


    Repo;

    The file I edited states at the top NOT to edit this file. And, my ports
    seem to be blocked again anyway. Maybe I told the wrong thing before that
    it was working, but it is not now, so I took the lines out of the iptables
    file in sysconfig.

    I can't issue a command it seems either to insert or add a rule. The
    iptables file lists look like this:
    -A RH-Firewall-1-INPUT -p tcp --dport 2317 -j ACCEPT
    if I were to follow convention in the file.

    How do I issue a command so the rule is inserted and stays?

    TNX

    Doug



  6. Re: بنات وشباب للتعارف والزواج


    "عرب زواج" wrote in message
    news:1178458406.970966.49200@n76g2000hsh.googlegro ups.com...
    > بسم الله الرحمن الرحيم
    > بنات وشبابل عايزه تتشرف بمعرفتك تعارف من كل دول العالم ادخل الي عالم
    > من المتعة والزواج والحب
    >
    > افضل موقع للتعارف بين الجنس ين الشباب والبنات من كل دول العالم
    > www.arabzwaj.com
    > تعارف من كل دول العالم بنات وشباب نفسهم يحبوا ويتجوزوا بجد تعارف حقيقي
    > وزواج شرعي
    > عايز تكسب 5000 دولار ادخل واعرف اذاي وشوف التفاصيل بنفسك اضغط علي
    > الرابط ادناه
    >
    > http://www.arabzwaj.com/welcome/view...5f65eb723025a2
    >
    > افضل موقع للتعارف بين الجنس ين الشباب والبنات من كل دول العالم
    > www.arabzwaj.com
    >
    > بنات وشباب عايزيين يتعرفوا عليكم
    >
    >
    > صور عارية حقيقية
    >
    >
    > تعارف مجاني من كل دول العالم www.arabzwaj.com
    > for marrige and friend shipافضل تعارف بين الشباب والبنات موقع زواج
    > مجاني www.arabzwaj.com
    >
    > www.arabzwaj.com افضل موقع مجاني للتعارف و للزواج الشرعي
    >
    > www.arabzwaj.com بنات وشباب عايزه تتعرف عليكم
    >
    >
    >
    >
    >
    > the best web site formarrige and frindship www.arabzwaj.comافضل موقع
    > مجاني للتعارف و للزواج
    >


    Thank you for the reply, but my outlook express does not read this. I will
    try my ubuntu machine another day.

    doug



  7. Re: opening a port in iptables

    Doug Holtz wrote:
    >
    > The file I edited states at the top NOT to edit this file. And, my ports
    > seem to be blocked again anyway. Maybe I told the wrong thing before that
    > it was working, but it is not now, so I took the lines out of the iptables
    > file in sysconfig.
    >
    > I can't issue a command it seems either to insert or add a rule. The
    > iptables file lists look like this:
    > -A RH-Firewall-1-INPUT -p tcp --dport 2317 -j ACCEPT
    > if I were to follow convention in the file.
    >
    > How do I issue a command so the rule is inserted and stays?
    >
    > TNX
    >
    > Doug


    I'm not very familiar with Centos, but I suspect the situation is
    similar to that with Mandriva.

    There will be a firewall program like shorewall that has a higher level
    configuration syntax than iptables, or perhaps a GUI. Whenever you start
    Centos the file you edited will be regerated and manual changes lost.

    You can either:

    1 Find and configure the firewall program.

    2 Stop the firewall program running with

    # chkconfig shorewall off

    or whatever substitutes for shorewall in Centos, and then edit the
    iptables configuration script manually. The changes should then stick.

    I've gone for 2, but it's probably more sensible to do it via the
    firewall program to be honest.

    Mark

  8. Re: opening a port in iptables

    Doug Holtz:

    > I can't issue a command it seems either to insert or add a rule. The
    > iptables file lists look like this:
    > -A RH-Firewall-1-INPUT -p tcp --dport 2317 -j ACCEPT
    > if I were to follow convention in the file.
    >
    > How do I issue a command so the rule is inserted and stays?


    Try (as root of course) the command /usr/sbin/lokkit.

    --
    Hasse E.

  9. Re: opening a port in iptables

    In article <463e76ec$0$18840$4c368faf@roadrunner.com>,
    Doug Holtz wrote:
    :
    :The file I edited states at the top NOT to edit this file. And, my ports
    :seem to be blocked again anyway. Maybe I told the wrong thing before that
    :it was working, but it is not now, so I took the lines out of the iptables
    :file in sysconfig.
    :
    :I can't issue a command it seems either to insert or add a rule. The
    :iptables file lists look like this:
    :-A RH-Firewall-1-INPUT -p tcp --dport 2317 -j ACCEPT
    :if I were to follow convention in the file.
    :
    :How do I issue a command so the rule is inserted and stays?

    If you're going to configure your firewall manually, I suggest naming
    the file something other than /etc/sysconfig/iptables to protect your
    configuration from being wiped out by automatic firewall generators.
    Then add a line in /etc/sysconfig/iptables-config to point to your
    custom file, e.g.:

    # Change the name of the configuration data file to protect our config
    # from distro-supplied tools that generate a firewall configuration.
    IPTABLES_DATA=/etc/sysconfig/iptables.custom

    --
    Bob Nichols AT comcast.net I am "RNichols42"

  10. Re: opening a port in iptables


    "Robert Nichols" wrote in
    message news:f1nalg$eo2$1@omega-3a.local...
    > In article <463e76ec$0$18840$4c368faf@roadrunner.com>,
    > Doug Holtz wrote:
    > :
    > :The file I edited states at the top NOT to edit this file. And, my ports
    > :seem to be blocked again anyway. Maybe I told the wrong thing before
    > that
    > :it was working, but it is not now, so I took the lines out of the
    > iptables
    > :file in sysconfig.
    > :
    > :I can't issue a command it seems either to insert or add a rule. The
    > :iptables file lists look like this:
    > :-A RH-Firewall-1-INPUT -p tcp --dport 2317 -j ACCEPT
    > :if I were to follow convention in the file.
    > :
    > :How do I issue a command so the rule is inserted and stays?
    >
    > If you're going to configure your firewall manually, I suggest naming
    > the file something other than /etc/sysconfig/iptables to protect your
    > configuration from being wiped out by automatic firewall generators.
    > Then add a line in /etc/sysconfig/iptables-config to point to your
    > custom file, e.g.:
    >
    > # Change the name of the configuration data file to protect our config
    > # from distro-supplied tools that generate a firewall configuration.
    > IPTABLES_DATA=/etc/sysconfig/iptables.custom
    >
    > --
    > Bob Nichols AT comcast.net I am "RNichols42"


    Bob;
    Interesting idea. Thanks.
    Doug



  11. Re: opening a port in iptables


    "Hans Ericson" wrote in message
    news:QiD%h.40297$E02.16320@newsb.telia.net...
    > Doug Holtz:
    >
    >> I can't issue a command it seems either to insert or add a rule. The
    >> iptables file lists look like this:
    >> -A RH-Firewall-1-INPUT -p tcp --dport 2317 -j ACCEPT
    >> if I were to follow convention in the file.
    >>
    >> How do I issue a command so the rule is inserted and stays?

    >
    > Try (as root of course) the command /usr/sbin/lokkit.
    >
    > --
    > Hasse E.


    Hans;
    Thanks. I thought the firewall program name was iptables. I will try the
    lokkit program.
    Doug



  12. Re: opening a port in iptables


    "Mark Atherton" wrote in message
    news:2523h4-q8l.ln1@hippolyta.theathertons...
    > Doug Holtz wrote:
    >>
    >> The file I edited states at the top NOT to edit this file. And, my ports
    >> seem to be blocked again anyway. Maybe I told the wrong thing before
    >> that it was working, but it is not now, so I took the lines out of the
    >> iptables file in sysconfig.
    >>
    >> I can't issue a command it seems either to insert or add a rule. The
    >> iptables file lists look like this:
    >> -A RH-Firewall-1-INPUT -p tcp --dport 2317 -j ACCEPT
    >> if I were to follow convention in the file.
    >>
    >> How do I issue a command so the rule is inserted and stays?
    >>
    >> TNX
    >>
    >> Doug

    >
    > I'm not very familiar with Centos, but I suspect the situation is similar
    > to that with Mandriva.
    >
    > There will be a firewall program like shorewall that has a higher level
    > configuration syntax than iptables, or perhaps a GUI. Whenever you start
    > Centos the file you edited will be regerated and manual changes lost.
    >
    > You can either:
    >
    > 1 Find and configure the firewall program.
    >
    > 2 Stop the firewall program running with
    >
    > # chkconfig shorewall off
    >
    > or whatever substitutes for shorewall in Centos, and then edit the
    > iptables configuration script manually. The changes should then stick.
    >
    > I've gone for 2, but it's probably more sensible to do it via the firewall
    > program to be honest.
    >
    > Mark


    Mark;
    I will see if it is shorewall and use it if it is there. Another replier
    thinks it's lokkit. I will look for both.
    Thanks, Doug



  13. Re: opening a port in iptables

    Doug Holtz:

    > Thanks. I thought the firewall program name was iptables. I will try
    > the lokkit program.


    iptables is a command that inserts or deletes firewall rules. The
    firewall itself is included in the kernel.

    lokkit is a very simple program that modifies the
    file /etc/sysconfig/iptables used by the start-up scripts in the CentOS
    and RedHat distributions.

    --
    English is not my native language, so please forgive any errors.


  14. Re: opening a port in iptables


    "Hans Ericson" wrote in message
    news:Ea20i.40405$E02.16402@newsb.telia.net...
    > Doug Holtz:
    >
    >> Thanks. I thought the firewall program name was iptables. I will try
    >> the lokkit program.

    >
    > iptables is a command that inserts or deletes firewall rules. The
    > firewall itself is included in the kernel.
    >
    > lokkit is a very simple program that modifies the
    > file /etc/sysconfig/iptables used by the start-up scripts in the CentOS
    > and RedHat distributions.
    >
    > --
    > English is not my native language, so please forgive any errors.
    >


    Yes, I have it. There is no man page so I'm going to rely on this group for
    help adding 2 open ports to my machine

    I *assume* is issue the command lokkit followed by the "line" I want to
    insert in iptables?

    doug



  15. Re: opening a port in iptables


    "Hans Ericson" wrote in message
    news:Ea20i.40405$E02.16402@newsb.telia.net...
    > Doug Holtz:
    >
    >> Thanks. I thought the firewall program name was iptables. I will try
    >> the lokkit program.

    >
    > iptables is a command that inserts or deletes firewall rules. The
    > firewall itself is included in the kernel.
    >
    > lokkit is a very simple program that modifies the
    > file /etc/sysconfig/iptables used by the start-up scripts in the CentOS
    > and RedHat distributions.
    >
    > --
    > English is not my native language, so please forgive any errors.
    >


    Ah, I got it. Just run the command and add the ports. Slick.

    Thanks.

    doug



+ Reply to Thread