enabling ports!

chris · 11-18-2002, 05:01 PM

I've asked this before and I'll ask again as I can't seem to get any answers anywhere. I'm using RH 8 and by default it blocked all ports except for port ssh /22 and I want to enable port 80 for apache... how do I do that please??

thanks in advanced!

Chris

jetfreggel · 11-18-2002, 06:35 PM

you could try

/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_MASQUERADE

/sbin/iptables -A INPUT -p tcp --syn -s 0/0 --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -s 0/0 --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p TCP -j DROP

but be careful you're playing with you're firewall

or try lokkit under extra>system tools

chris · 11-18-2002, 09:10 PM

Thanks alot for your response.. I'm definately gonna try that and as far as lokkit, I got rid of it since I could never change any changes I made to it. I'd rather insert a few rules as you've shown me.

thanks again!

Chris

chris · 11-19-2002, 08:06 AM

Just so you know that I tried the rule set you gave me and the last satement "/sbin/iptables -A INPUT -p TCP -j DROP" ended up blocking all ports. After commenting that line, still the same problem, port 80 still wasn't opened. Thanks for your help anyways and I guess I'll just have to try to learn IPtable rules on my own.

cheers!

Chris

jetfreggel · 11-19-2002, 10:51 AM

if you don't matter about security you could try also

/sbin/iptables -P OUTPUT -j ACCEPT

/sbin/iptables -P INPUT -j ACCEPT
you change the policy set not secure

good tutorial
http://www.netfilter.org/documentati...-tutorial.html

good luck

jetfreggel · 11-19-2002, 02:32 PM

i looked it again try

first /sbin/iptables -F

/sbin/modprobe ip_conntrack
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe ipt_LOG
/sbin/modprobe ipt_limit
/sbin/modprobe ipt_MASQUERADE

/sbin/iptables -A INPUT -p tcp --syn -s 0/0 --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p TCP -m state --state ESTABLISHED,RELATED -s 0/0 --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -p TCP -j DROP
/sbin/iptables -A OUTPUT -p ALL-o(your ip from isp) -j ACCEPT

GOOD LUCK

chris · 11-19-2002, 05:19 PM

THANKS ALOT!!! that worked! I appreciate the time you took to help me out on this!

Chris

jetfreggel · 11-19-2002, 05:49 PM

and i am glade i made it work (as test,iptables newbie---> me)

you're welcome