- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- How to open a port in ipchains
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2004 06:56 AM
тАО02-25-2004 06:56 AM
How to open a port in ipchains
I tried putting in ipchains the following:
-A input -s 0/0 -d 0/0 1494 -p tcp -y -j ACCEPT
-A output -s 0/0 -d 0/0 1494 -p tcp -y -j ACCEPT
I can't connect; the county tech says my firewall is blocking port 1494. Can anyone find my error in the ipchains entry ????
Vern
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2004 01:12 PM
тАО02-25-2004 01:12 PM
Re: How to open a port in ipchains
IPChains makes all incoming packets go through the 'forward' chain first, then the 'input' chain (for packets destined for the local host).
I'm picking port 1494 is not being allowed through the forward chain.
Try adding the same rule on your forward chain, as you've added on your input chain.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2004 02:07 PM
тАО02-25-2004 02:07 PM
Re: How to open a port in ipchains
/etc/sysconfig/ipchains. I have two other ipchains entries in rc.local to MASQ my LAN onto the internet.
Looking at Altoona LUG Annotated IPChains Examples, it seems the first input below should be DENY. When I set it to DENY the server blocks everything. It seems to ignore the ACCEPT lines that follow. I'll try your suggestion.
Vern
:input ACCEPT
:forward ACCEPT
:output ACCEPT
-A input -s 0/0 -d 0/0 -p 1 -j ACCEPT
-A input -s 0/0 -d 0/0 1494 -p 0 -y -j ACCEPT
-A output -s 0/0 -d 0/0 1494 -p 0 -y -j ACCEPT
-A input -s 0/0 -d 0/0 53 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 110 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 25 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 80 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 21 -p tcp -y -j ACCEPT
-A input -s 0/0 -d 0/0 23 -p tcp -y -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth0 -j ACCEPT
-A input -s 0/0 67:68 -d 0/0 67:68 -p udp -i eth1 -j ACCEPT
-A input -s 0/0 -d 0/0 -i lo -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
-A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
-A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
-A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
-A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT
"ipchains" 25L, 1126C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2004 02:58 PM
тАО02-25-2004 02:58 PM
Re: How to open a port in ipchains
Can I get you to issue:
ipchains -nvL
And send the results of that.
Changing the default policy for the input chain to 'DENY' will break things.
It's currently configured as a SYN firewall. Basically, it's dropping packets (the REJECT lines) if they are new connections. That's about as good as you can get with IPChains.
My thoughts as to the forward chain are incorrect based upon what you've shown thus far however.
Need more info I'm afraid ;)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-25-2004 04:26 PM
тАО02-25-2004 04:26 PM
Re: How to open a port in ipchains
Then you can look at the logs and figure things out.
Simple tactic.
Turn the firewall off
service ipchains stop
Try the transaction then. If it still doesn't work its not the firewall blocking it. If it does work at least you are sure of the suspect.
I did an ipchains to iptables conversion on my old 7.3 Server(just upraded sunday, i miss it sniff*). I'd be happy to help with that conversion.
It might be easier to make this all work in iptables.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2004 01:07 AM
тАО02-26-2004 01:07 AM
Re: How to open a port in ipchains
[root@linda /root]# ipchains -nvl
ipchains: no command specified
Try `ipchains -h' or 'ipchains --help' for more information.
Thanks Stuart; must be missing something in the command :o) The Linux is RedHat 7.1; I need to upgrade, I know.
Thanks SEP; I'll try your suggestion; only thing; I'm using IP MASQ. Might break my internet access when I stop ipchanins.
Vern
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2004 01:46 AM
тАО02-26-2004 01:46 AM
Re: How to open a port in ipchains
output is:
Chain input (policy ACCEPT: 1085 packets, 449583 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 ACCEPT udp ------ 0xFF 0x00 * 64.91.3.46 0.0.0.0/0 53 -> *
0 0 ACCEPT udp ------ 0xFF 0x00 * 208.34.220.20 0.0.0.0/0 53 -> *
32 4466 ACCEPT udp ------ 0xFF 0x00 * 127.0.0.1 0.0.0.0/0 53 -> *
0 0 ACCEPT icmp ------ 0xFF 0x00 * 0.0.0.0/0 0.0.0.0/0 * -> *
Chain forward (policy DENY: 0 packets, 0 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize source destination ports
0 0 MASQ all ------ 0xFF 0x00 eth0 0.0.0.0/0 0.0.0.0/0 n/a
Chain output (policy ACCEPT: 1080 packets, 451779 bytes):
service ipchains stop
Turned off the service successfully; tried the connection; still wouldn't connect to the service but other internet connections went as usual.
Now I'm wondering about my Apache Proxy. Also wondering if I need the ipchains MASQ. I think I needed MASQ to get POP 3 working.
Thanks for any thoughts; I paid the county for the service; sure would like to use it. I'll also check with the service tech again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2004 03:09 AM
тАО02-26-2004 03:09 AM
Re: How to open a port in ipchains
Tried telnet to the IP with 1492 as port. Times out when trying to connect with anything on my LAN; connects Ok from the server console itself. Also connects Ok from the server with IPChains enabled.
Also connects when I telnet to my server then telnet from there to the remote IP port 1492.
Puzzle !!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2004 03:12 AM
тАО02-26-2004 03:12 AM
Re: How to open a port in ipchains
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2004 08:12 AM
тАО02-26-2004 08:12 AM
Re: How to open a port in ipchains
|
Internet
|
eth0
|
Firewall RedHat 7.1 Apache (HP 8500)
IPChains MASQ
|
eth1
|
------------LAN------------
| | |
eth0 eth0 eth0
Windows SuSE 9.0 Windows
httpd dns
The SuSE server is a development box to replace the Apache 7.1 eventually.
I'm about ready for IPTables. My fear is that I might break by internet access completely.
Vern
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2004 10:20 AM
тАО02-26-2004 10:20 AM
Re: How to open a port in ipchains
I found one big error; last time I reformatted and re-installed RedHat 7.1 Linux I forgot that I have to apply the ipchains MASQ to ppp0, not eth0.
I now can telnet from inside my firewall to the remote service's port 1494.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2004 10:53 AM
тАО02-26-2004 10:53 AM
Re: How to open a port in ipchains
It's now working; the problem all along was masqurading the wrong device. Didn't need an ipchains entry except for the MASQ.
Thanks for your help; kept me going.
Vern