hi
i have centos5.3 installed with iptables firewall, i want to open port 5222 as i want to access application which uses port 5222 from internet

pls help

Regards
Amar

pls reply

Amar

HTH

let us know if that worked for you

Kind regards

thanks for reply
it not work for me, actually i have 2 lancard on server etho connected to internal lan and eth1 to isp internet ,and my internet is controlled through squid proxy here also i make acl for 5222 port , i add rule in iptables as follows
-A INPUT -p tcp -m tcp -m state -i eth1 --dport 5222 --state NEW,ESTABLISHED,RELATED -j ACCEPT
and fired command netstat tlpn | grep 5222 but not shown any thing


Regards
Amar

have you restarted your services?

First of all, the app should be running on expected port, 5222 in your case. While this doesn't happen, nothing will work, and according to your netstat, there's nothing running in such port.

i restarted the services , the iptables rule i write is ok or not according to the lan set up i explain earlier,and the app is running on the 5222 port


AMar

If your command doesn't show any lines with 5222, which includes the listening port, that means that there's nothing listening on port 5222. If I'm missing something, please elaborate more clearly.

hi

app listening on port 5222 in server , i want to access this app from internet for that i need to unblock port 5222, i mention the rule i apply in my firewall server i.e internet server but it shows nothing pls guide

To rule out firewall problems trying flushing all the rules, this will allow ALL traffic so make sure you set everything back quickly after testing.

1) Copy current iptables file just in case:

cp /etc/sysconfig/iptables /root/iptables

2) Flush iptables rules and allow all traffic

iptables -F

3) Test your app and see if you can access from internet, if not, its an application issue NOT iptables. To replace all your iptables rules run the following command.

/etc/init.d/iptables restart

4) confirm your iptables rules are back.

iptables -L -v

after flushing iptables rules app working

Great, so now lets open the port.


This is how I would do it.

To open port 5222 traffic using TCP add the following:

iptables -I INPUT -p tcp -i eth1 --dport 5222 -j ACCEPT


If your using UDP (or both) add this:
iptables -I INPUT -p udp -i eth1 --dport 5222 -j ACCEPT

added rule after restart iptable service,fired netstat tlpn | grep 5222 still not shown any thing, while netstat tlpn | grep 5222 on app server show port listening and unable still problem not ressolved

AMar

Did you SAVE the iptables config before restarting it?

Can you show me the output of the following command:

pls find the output of iptables -L -v

Chain INPUT (policy ACCEPT 16824 packets, 1413K bytes)
pkts bytes target prot opt in out source destination
23624 2301K LOG all -- eth0 any anywhere anywhere LOG level debug prefix `BANDWIDTH_IN:'
7357 975K ACCEPT tcp -- eth0 any anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:squid
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp spt:squid state RELATED,ESTABLISHED
11612 14M ACCEPT tcp -- eth1 any anywhere anywhere state RELATED,ESTABLISHED tcp spt:http
0 0 ACCEPT tcp -- eth1 any anywhere anywhere tcp dpt:xmpp-client

Chain FORWARD (policy ACCEPT 2953 packets, 949K bytes)
pkts bytes target prot opt in out source destination
2953 949K LOG all -- any eth0 anywhere anywhere LOG level debug prefix `BANDWIDTH_OUT:'
2816 556K LOG all -- eth0 any anywhere anywhere LOG level debug prefix `BANDWIDTH_IN:'
2816 556K ACCEPT all -- eth0 any anywhere anywhere

Chain OUTPUT (policy ACCEPT 46818 packets, 50M bytes)
pkts bytes target prot opt in out source destination
46266 50M LOG all -- any eth0 anywhere anywhere LOG level debug prefix `BANDWIDTH_OUT:'
9699 1155K ACCEPT tcp -- any eth1 anywhere anywhere state NEW,RELATED,ESTABLISHED tcp dpt:http
0 0 ACCEPT tcp -- any eth0 anywhere anywhere state RELATED,ESTABLISHED tcp spt:http


AMar