GIPtables firewall need to open custom ports access
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
GIPtables firewall need to open custom ports access
Hello
I'm stuck with server which has installed OpenNA linux on it and uses GIPTABLES firewall which makes me a headache.
I need to enable 2 services access to/from web and I can't seem to find any help about, bcoz openna.com and giptables.org sites seem to close any support for it.
I'm just asking if anyone please can help me opening custom ports from GIPtables as I need it to work (let's say I need port 321 and 8080)
Giptables use GIPTABLES.CONF located in /etc (if I get it right what you meant)
And in that giptables.conf is everything defined with:
ACCEPT_NTP="yes" (or "no" )
which then goes to /lib/giptables/modules to load suitable module, like
'giptables-NTP' containing even more code:
Code:
# ----------------------------------------------------------------------------
# GIPTables Firewall v1.1 http://www.giptables.org
# Copyright (C) 2002 Adrian Pascalau <apascalau@openna.com>
# NTP module
#
# ----------------------------------------------------------------------------
# This file is part of GIPTables Firewall
#
# GIPTables Firewall is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
# ----------------------------------------------------------------------------
# About NTP
# ntp 123/udp # Network Time Protocol
NTP_PORT="123"
# ----------------------------------------------------------------------------
# accept_ntp_request
# Usage: accept_ntp_request chain ntp_client_ipaddr ntp_server_ipaddr
#
accept_ntp_request ()
{
local chain=$1
local ntp_client_ipaddr=$2
local ntp_server_ipaddr=$3
$IPTABLES -A $chain -p udp \
-s $ntp_client_ipaddr --sport $UNPRIV_PORTS \
-d $ntp_server_ipaddr --dport $NTP_PORT \
-m state --state NEW,ESTABLISHED \
-j ACCEPT
return 0
}
# ----------------------------------------------------------------------------
# accept_ntp_reply
# Usage: accept_ntp_reply chain ntp_server_ipaddr ntp_client_ipaddr
#
accept_ntp_reply ()
{
local chain=$1
local ntp_server_ipaddr=$2
local ntp_client_ipaddr=$3
$IPTABLES -A $chain -p udp \
-s $ntp_server_ipaddr --sport $NTP_PORT \
-d $ntp_client_ipaddr --dport $UNPRIV_PORTS \
-m state --state ESTABLISHED \
-j ACCEPT
return 0
}
this goes on 213 lines.
And this is what makes me locked out these services I need custom defined port, if I change the port 123 to 312 or some other, I don't have access to that service from internet.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.