LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   iptables ports opening (http://www.linuxquestions.org/questions/linux-networking-3/iptables-ports-opening-610745/)

prashanlk 01-03-2008 01:50 AM

iptables ports opening
 
Hi all,

can any one tell me how to open the UDP 500 ,UDP 4500 & TCP 4500 ports by using iptables.i'm using open suse 10.2

Thanks

twantrd 01-03-2008 04:13 AM

You could easily find this answer searching the web.

This opens up tcp port 4500.
Code:

iptables -A INPUT -p tcp --dport 4500 -j ACCEPT
-twantrd

prashanlk 01-03-2008 06:07 AM

opened port not showing in nmap
 
Quote:

Originally Posted by twantrd (Post 3009490)
You could easily find this answer searching the web.

This opens up tcp port 4500.
Code:

iptables -A INPUT -p tcp --dport 4500 -j ACCEPT
-twantrd

I opened the wanted ports by using the above command.but the opened ports not shown when i scanned the ports using nmap.why is that?
ex:-tcp 4500 port is not shown in nmap port list.

i wanted to open the UDP 500/4500 TCP 4500 port to accept winxp ipsec sessions to my openswan server.

thanks

win32sux 01-03-2008 06:41 AM

Quote:

Originally Posted by prashanlk (Post 3009578)
I opened the wanted ports by using the above command.but the opened ports not shown when i scanned the ports using nmap.why is that?

Perhaps the packets are getting sent to DROP by a higher rule?

In any case, changing the "-A" to a "-I" should definitely make the ports accessible:
Code:

iptables -I INPUT -p TCP --dport 4500 -j ACCEPT
iptables -I INPUT -p UDP --dport 4500 -j ACCEPT
iptables -I INPUT -p UDP --dport 500 -j ACCEPT

Keep in mind that accessible ports such as these will be closed until there is a service actually listening on them. Only when something is listening will they be open.

prashanlk 01-04-2008 04:09 AM

Winxp clients can't connect to the Openswan server.
 
Quote:

Originally Posted by win32sux (Post 3009608)
Perhaps the packets are getting sent to DROP by a higher rule?

In any case, changing the "-A" to a "-I" should definitely make the ports accessible:
Code:

iptables -I INPUT -p TCP --dport 4500 -j ACCEPT
iptables -I INPUT -p UDP --dport 4500 -j ACCEPT
iptables -I INPUT -p UDP --dport 500 -j ACCEPT

Keep in mind that accessible ports such as these will be closed until there is a service actually listening on them. Only when something is listening will they be open.

Hi,

thanks for sending the commands.i applied that commands also,but still it is not showing in the nmap port list.

my problem is when i try to connect a winxp client machine to the openswan server it is giving error 792 & 789 message.to prevent that error i changed
the registry entry mentioned in the below article.but still i'm receiving the same error.did any one have experience on this..?

(http://support.microsoft.com/default.aspx?kbid=885407).

Thanks

win32sux 01-04-2008 09:58 AM

You didn't reboot or anything like that after you executed the commands, right?
Quote:

Originally Posted by prashanlk (Post 3010813)
i applied that commands also,but still it is not showing in the nmap port list.

Please post the output of these:
Code:

netstat -an --inet | grep 500
Code:

nmap -sU -p 500,4500 192.168.1.123
Code:

nmap -p 4500 192.168.1.123
The first command is local, the last two are remote (replace the example IP).

prashanlk 01-07-2008 03:28 AM

Quote:

Originally Posted by win32sux (Post 3011106)
You didn't reboot or anything like that after you executed the commands, right?
Please post the output of these:
Code:

netstat -an --inet | grep 500
Code:

nmap -sU -p 500,4500 192.168.1.123
Code:

nmap -p 4500 192.168.1.123
The first command is local, the last two are remote (replace the example IP).


Hi all,

Yes i didn't rebooted the server.I executed the given commands.here is the output i got ;

PORT STATE SERVICE
500/udp closed isakmp
4500/udp closed sae-urn

PORT STATE SERVICE
4500/tcp closed sae-urn

Why it's still closed.I already applied the below commands;

iptables -I INPUT -p TCP --dport 4500 -j ACCEPT
iptables -I INPUT -p UDP --dport 4500 -j ACCEPT
iptables -I INPUT -p UDP --dport 500 -j ACCEPT


Thanks

win32sux 01-07-2008 10:38 AM

You forgot the netstat command.


All times are GMT -5. The time now is 08:02 AM.