LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-10-2006, 01:41 PM   #1
igordonin
LQ Newbie
 
Registered: Dec 2006
Posts: 5

Rep: Reputation: 0
allowing traffic in some ports


Hi! I'm not a linux professional and I really don't know anything about linux. What I know is that my linux firewall is giving me a hard time and I need to either shut it down or allow traffic in some ports.

Now, I've tried the redhat-config-securitylevel command. I try to disable the firewall, but it won't allow me.

So, I'd really appreciate if someone could tell me how to shut down the firewall (there's a script to bring it back up after reboot, so I'd only have to do it once in a while, and I understand the risk) or to allow traffic on these ports:

UDP 27900
UDP/TCP 29900
TCP 80
TCP 4711
TCP 29901
UDP 1500-4999
UDP/TCP 1024-1124
UDP 28910
UDP 16567
UDP 55123-55125

Please, be very specific. I'm really lamme with this linux stuff.


Greatly Appreciated.
Igor
 
Old 12-10-2006, 01:55 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
you can turn it off by running "chkconfig --levels 35 iptables off" or if you aren't comfortable with the gui there, you can just add relevant lines to the file /etc/sysconfig/iptables, e.g.:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 27900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 27900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p tcp --dport 29901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
 
Old 12-10-2006, 02:17 PM   #3
igordonin
LQ Newbie
 
Registered: Dec 2006
Posts: 5

Original Poster
Rep: Reputation: 0
Thanks Chris, but I couldn't do it.

When I tried the "chkconfig --levels 35 iptables off" it says: -Unknown Option

Whilst the
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 27900 -j ACCEPT
says -bash: Unknown command


How do I add relevant lines to the file? More so, how I do get to the /etc/sysconfig/iptables ???

I don't think this iptables exist 'cause I got as far as sysconfig using the tab key.

I'm telling ya, I never tried to do tasks with linux before.


Please help.

Last edited by igordonin; 12-10-2006 at 02:21 PM.
 
Old 12-10-2006, 02:47 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
the first command you typed in is exactly right, maybe you made a typo on the command line, possibly only using one dash: -levels instead of two: --levels ? that does give the error you mentioned.

as for the second, that's not a command, that's a configuration rule which you need to add to the file. from a console i'd suggest trying a text editor called nano, works simply, but isn't very powerful. so run "nano /etc/sysconfig/iptables" and just ype the text at the end. the Ctrl + X to quit, y to save. then restart the iptables service however you wish, e.g. "service iptables restart"
 
Old 12-10-2006, 03:26 PM   #5
igordonin
LQ Newbie
 
Registered: Dec 2006
Posts: 5

Original Poster
Rep: Reputation: 0
ok

Thank you. You were right. I typed it without a space like: "--levels35"

Althought it didn't act as I expected, your instructions were correct.

Thanks again.
C Ya
 
Old 12-11-2006, 06:58 AM   #6
igordonin
LQ Newbie
 
Registered: Dec 2006
Posts: 5

Original Poster
Rep: Reputation: 0
allowing traffic on some ports (continued)

As in the previews post, I am still unable to make it work on the ports.

I was trying to disable the firewall, but that didn't work. I might be wrong, but I think that happened because the firewall went off but the ports remained closed. (please do correct me if I'm wrong)

So with a big help from acid_kewpie I learned how to edit the iptables:

Quote:
you can turn it off by running "chkconfig --levels 35 iptables off" or if you aren't comfortable with the gui there, you can just add relevant lines to the file /etc/sysconfig/iptables, e.g.:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 27900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 27900 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p tcp --dport 29901 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

service iptables restart
The iptables file didn't exist before this. So, should I be trying to start or restart the service? Does it make a difference?

Anyway, the result of the restart command was an error on line 1. That happening, my Internet connection also stops working, and I have to reboot to get it back online.

Now, I'm pretty sure I've typed the above lines correctly. What could be wrong?

By the way... The ports I need cleared are as follow:

UDP 27900
UDP/TCP 29900
TCP 80
TCP 4711
TCP 29901
UDP 1500-4999
UDP/TCP 1024-1124
UDP 28910
UDP 16567
UDP 16568
UDP 55123-55125

Which takes me to yet another question... There are lots of ports between 1500 and 4999. Do I have to type those line once for each one?!!?!?!


Thank you so much for your help.
Igor.
 
Old 12-11-2006, 07:16 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place.

Last edited by acid_kewpie; 12-11-2006 at 07:17 AM.
 
Old 12-11-2006, 07:18 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
as for your situation, you shoudl still be trying to use the redhat-config-securitylevel tool if you can, that's the program that creates and maintains the iptables file you say is not there.
 
Old 12-11-2006, 07:51 AM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Moved: your thread is more suitable in Linux Networking forum and has been moved accordingly to help your thread/question get the exposure it deserves. Additionally your threads have been merged. Next time please *edit* your posts to include relevant information instead of making a new thread. Thanks.
 
Old 12-11-2006, 08:20 AM   #10
igordonin
LQ Newbie
 
Registered: Dec 2006
Posts: 5

Original Poster
Rep: Reputation: 0
Fine. I'm sorry about creating a new post and I'm really sorry if I'm being annoying.

I really appreciate the help though, and I do understand that you do not *have* to help me...

I'm saying the iptables file was not there because it wasn't. When I listed the folder /etc/sysconfig there was no such file in there. And when you told me to nano the /etc/sysconfig/iptables there was nothing in there, no lines at all.

So, this may be my first experience with linux, but I learn fast. Please be patient.

Anyways, what I believe happened is: as I typed the first command you offered me (chkconfig --levels 35 iptables off) it cleared the iptables file. Do you think that may have happened?

I think so, because after rebooting I was able to see the contents of the iptables file, just like you said. (but hey man, I did say I was totally lamme)

The contents in the current iptables file:

Code:
#Firewall configuration written by redhat-config-securitylevel
#Manual customization of this file is not recommended
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
The redhat-config-securitylevel has a CUSTOMIZE option, where I may add other ports but I have been unable to use it. I mean, there are lots of ports to add, and I didn't see an "add button" nor anything like that. There's just an input line... I typed in a port in there and clicked ok. I suppose that doesn't change the iptables file, 'cause it just didn't. (cat /etc/sysconfig/iptables)

Also, it seems every time I edit (nano) the iptables file, the internet connection goes down.

So, I know this is beyond newbie, this must really be silly stuff, but I do appreciate the help.

* Should I just type in the lines you first told me to just beneath the existing ones?

* How about these udp ports, do I really have to type one line for each one of them?

* Am I gonna have to edit the iptables file after every reboot or is there a way to place it in a boot script or something like that?


Thanks for any help.
 
Old 12-11-2006, 08:46 AM   #11
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
"chkconfig --levels 35 iptables off" will turn the iptables sevice off compeltely. it doesn't affect any configuration files relevant to the given service, it has no interest in it at all, it's just the name of a service and that's all it cares about. if you've now done this, then iptables is turned off (once you reboot the box) and so if that's all you want to do then that's finished.

if you wish to add ports through the console ui, then the format is, if i remember right protocolort, e.g. tcp:80 udp:53. not tried to add a port range to be honest, but i'd not be surprised if udp:1000-1100 worked fine
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
blocking and allowing ports drumlix18 Linux - Networking 4 11-30-2004 06:36 PM
iptables allowing all LAN traffic tebucky Linux - Security 1 11-04-2004 11:27 AM
Allowing Data on Certain Ports bob4432 Linux - Networking 2 07-20-2004 01:30 PM
allowing IP traffic on firewall - unsafe? complus Linux - Security 4 09-04-2003 03:57 PM
Allowing outgoing ports in Smoothwall 0.9.9 AndyShark Linux - Networking 3 10-05-2002 05:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 10:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration