LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   How do I open ports on CentOS? (https://www.linuxquestions.org/questions/linux-newbie-8/how-do-i-open-ports-on-centos-907261/)

JD0192 10-09-2011 11:59 AM
How do I open ports on CentOS?
 
I need to open ports 1 - 35000 On CentOS 5, UDP and TCP Inbound/Outbound.

I know the security issues, I just need a solution.

My current Rules:
Quote:
-A INPUT -p tcp -m tcp --dport 1:35000 -j ACCEPT
-A INPUT -p udp -m udp --dport 1:35000 -j ACCEPT
NOTE: This is for a VPN.


Full IPtables Rules
Quote:
# Generated by iptables-save v1.3.5 on Sun Oct 9 03:51:32 2011
*mangle
:PREROUTING ACCEPT [8186:444027]
:INPUT ACCEPT [8143:442218]
:FORWARD ACCEPT [43:1809]
:OUTPUT ACCEPT [8078:387238]
:POSTROUTING ACCEPT [8121:389047]
COMMIT
# Completed on Sun Oct 9 03:51:32 2011
# Generated by iptables-save v1.3.5 on Sun Oct 9 03:51:32 2011
*filter
:INPUT ACCEPT [111:13706]
:FORWARD ACCEPT [43:1809]
:OUTPUT ACCEPT [8078:387238]
-A INPUT -p tcp -m tcp --dport 1:35000 -j ACCEPT
-A INPUT -p udp -m udp --dport 1:35000 -j ACCEPT
-A INPUT -s 211.47.235.17 -j DROP
-A INPUT -s 92.239.245.180 -p tcp -m tcp --dport 22 -j ACCEPT
-A FORWARD -s 172.16.36.0/255.255.255.0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
COMMIT
# Completed on Sun Oct 9 03:51:32 2011
# Generated by iptables-save v1.3.5 on Sun Oct 9 03:51:32 2011
*nat
:PREROUTING ACCEPT [7438:375817]
:POSTROUTING ACCEPT [78:6968]
:OUTPUT ACCEPT [78:6968]
-A POSTROUTING -s 172.16.36.0/255.255.255.0 -j SNAT --to-source 1XX.X4X.XX.XX
-A POSTROUTING -s 172.16.36.0/255.255.255.0 -j SNAT --to-source 1XX.X4X.XX.XX
COMMIT
# Completed on Sun Oct 9 03:51:32 2011

What am I doing wrong here?

dman777 10-09-2011 01:38 PM
From what I been told iptables does not close ports, it's only when you have the INPUT filter policy defaulted to DROP or REJECT then nothing get's through. you have your INPUT default policy to ACCEPT, so it's going to accept everything...hence, no need for rules to ACCEPT. I would guess it has something to do with your FORWARD chain.

JD0192 10-09-2011 02:06 PM
So what do you think I should do about the forward rule?


All times are GMT -5. The time now is 05:12 AM.