Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Hi! I'm not a linux professional and I really don't know anything about linux. What I know is that my linux firewall is giving me a hard time and I need to either shut it down or allow traffic in some ports.
Now, I've tried the redhat-config-securitylevel command. I try to disable the firewall, but it won't allow me.
So, I'd really appreciate if someone could tell me how to shut down the firewall (there's a script to bring it back up after reboot, so I'd only have to do it once in a while, and I understand the risk) or to allow traffic on these ports:
you can turn it off by running "chkconfig --levels 35 iptables off" or if you aren't comfortable with the gui there, you can just add relevant lines to the file /etc/sysconfig/iptables, e.g.:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 27900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 27900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p tcp --dport 29901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
the first command you typed in is exactly right, maybe you made a typo on the command line, possibly only using one dash: -levels instead of two: --levels ? that does give the error you mentioned.
as for the second, that's not a command, that's a configuration rule which you need to add to the file. from a console i'd suggest trying a text editor called nano, works simply, but isn't very powerful. so run "nano /etc/sysconfig/iptables" and just ype the text at the end. the Ctrl + X to quit, y to save. then restart the iptables service however you wish, e.g. "service iptables restart"
As in the previews post, I am still unable to make it work on the ports.
I was trying to disable the firewall, but that didn't work. I might be wrong, but I think that happened because the firewall went off but the ports remained closed. (please do correct me if I'm wrong)
So with a big help from acid_kewpie I learned how to edit the iptables:
Quote:
you can turn it off by running "chkconfig --levels 35 iptables off" or if you aren't comfortable with the gui there, you can just add relevant lines to the file /etc/sysconfig/iptables, e.g.:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 27900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 27900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p tcp --dport 29901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
service iptables restart
The iptables file didn't exist before this. So, should I be trying to start or restart the service? Does it make a difference?
Anyway, the result of the restart command was an error on line 1. That happening, my Internet connection also stops working, and I have to reboot to get it back online.
Now, I'm pretty sure I've typed the above lines correctly. What could be wrong?
By the way... The ports I need cleared are as follow:
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place.
Last edited by acid_kewpie; 12-11-2006 at 07:17 AM.
as for your situation, you shoudl still be trying to use the redhat-config-securitylevel tool if you can, that's the program that creates and maintains the iptables file you say is not there.
Moved: your thread is more suitable in Linux Networking forum and has been moved accordingly to help your thread/question get the exposure it deserves. Additionally your threads have been merged. Next time please *edit* your posts to include relevant information instead of making a new thread. Thanks.
Fine. I'm sorry about creating a new post and I'm really sorry if I'm being annoying.
I really appreciate the help though, and I do understand that you do not *have* to help me...
I'm saying the iptables file was not there because it wasn't. When I listed the folder /etc/sysconfig there was no such file in there. And when you told me to nano the /etc/sysconfig/iptables there was nothing in there, no lines at all.
So, this may be my first experience with linux, but I learn fast. Please be patient.
Anyways, what I believe happened is: as I typed the first command you offered me (chkconfig --levels 35 iptables off) it cleared the iptables file. Do you think that may have happened?
I think so, because after rebooting I was able to see the contents of the iptables file, just like you said. (but hey man, I did say I was totally lamme)
The contents in the current iptables file:
Code:
#Firewall configuration written by redhat-config-securitylevel
#Manual customization of this file is not recommended
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
The redhat-config-securitylevel has a CUSTOMIZE option, where I may add other ports but I have been unable to use it. I mean, there are lots of ports to add, and I didn't see an "add button" nor anything like that. There's just an input line... I typed in a port in there and clicked ok. I suppose that doesn't change the iptables file, 'cause it just didn't. (cat /etc/sysconfig/iptables)
Also, it seems every time I edit (nano) the iptables file, the internet connection goes down.
So, I know this is beyond newbie, this must really be silly stuff, but I do appreciate the help.
* Should I just type in the lines you first told me to just beneath the existing ones?
* How about these udp ports, do I really have to type one line for each one of them?
* Am I gonna have to edit the iptables file after every reboot or is there a way to place it in a boot script or something like that?
"chkconfig --levels 35 iptables off" will turn the iptables sevice off compeltely. it doesn't affect any configuration files relevant to the given service, it has no interest in it at all, it's just the name of a service and that's all it cares about. if you've now done this, then iptables is turned off (once you reboot the box) and so if that's all you want to do then that's finished.
if you wish to add ports through the console ui, then the format is, if i remember right protocolort, e.g. tcp:80 udp:53. not tried to add a port range to be honest, but i'd not be surprised if udp:1000-1100 worked fine
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.