LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-26-2009, 05:03 AM   #1
a4kata
Member
 
Registered: Aug 2009
Posts: 30

Rep: Reputation: 0
Question How to open port in the firewall ?


Hello, I want to open port 2700 on my firewall but I don't know how I try with
Code:
iptables -A INPUT -i eth0 -p tcp --sport 2700 -m state --state ESTABLISHED -j ACCEPT
But the port is not open I see the firewall configuration with the command setup . I use CentOS 5.3 here a screen of my configuration :

http://upbg.net/out.php/i3537_sshot3.png

Currently my firewall is off because I don't know how to turn on 2700 when the port is open I will turn on firewall .If I write 2700 in other ports field will 2700 be open ? Before 1 month I try but the port was not open . I have only 1 last question will firewall reduce the load of the my server now mysql use many CPU % and I just don't know why ... Thanks in advance and sorry for my bad english .
 
Old 08-26-2009, 05:22 AM   #2
vinaytp
Member
 
Registered: Apr 2009
Location: Bengaluru, India
Distribution: RHEL 5.4, 6.0, Ubuntu 10.04
Posts: 704

Rep: Reputation: 55
Can you try this

-A INPUT -m state --state NEW -m tcp -p tcp --dport 2700 -j ACCEPT

after this restart your iptable service

sudo /sbin/service iptables restart
 
Old 08-26-2009, 05:24 AM   #3
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by a4kata View Post
Hello, I want to open port 2700 on my firewall but I don't know how I try with
Code:
iptables -A INPUT -i eth0 -p tcp --sport 2700 -m state --state ESTABLISHED -j ACCEPT
But the port is not open I see the firewall configuration with the command setup . I use CentOS 5.3 here a screen of my configuration :

http://upbg.net/out.php/i3537_sshot3.png

Currently my firewall is off because I don't know how to turn on 2700 when the port is open I will turn on firewall .If I write 2700 in other ports field will 2700 be open ? Before 1 month I try but the port was not open . I have only 1 last question will firewall reduce the load of the my server now mysql use many CPU % and I just don't know why ... Thanks in advance and sorry for my bad english .

You could add it as "Other Port" in the GUI (system-config-securitylevel)

or
change your command to

Code:
iptables -A INPUT -i eth0 -p tcp --dport 2700 -m state -j ACCEPT
make sure there are no DROP rules before that newly added rule. if there are it might be worth using

Code:
iptables -I INPUT -i eth0 -p tcp --dport 2700  -j ACCEPT
instead

Last edited by centosboy; 08-26-2009 at 05:27 AM.
 
Old 08-26-2009, 05:25 AM   #4
a4kata
Member
 
Registered: Aug 2009
Posts: 30

Original Poster
Rep: Reputation: 0
now works shows me command not found ...
 
Old 08-26-2009, 05:34 AM   #5
a4kata
Member
 
Registered: Aug 2009
Posts: 30

Original Poster
Rep: Reputation: 0
CentOSboy when I run :

Code:
iptables -I INPUT -i eth0 -p tcp --dport 2700  -j ACCEPT
shows me :
Code:
iptables v1.3.5: You must specify `--state'
Try `iptables -h' or 'iptables --help' for more information.
When I run iptables -I INPUT -i eth0 -p tcp --dport 2700 -j ACCEPT . Again nothing when I go on firewall configuration in other ports shows me nothing and must be 2700 ...

Here more one screen from my firewall configuration http://upbg.net/out.php/i3538_sshot1.png

Last edited by a4kata; 08-26-2009 at 05:45 AM.
 
Old 08-26-2009, 05:40 AM   #6
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by a4kata View Post
CentOSboy when I run :

Code:
iptables -I INPUT -i eth0 -p tcp --dport 2700  -j ACCEPT
shows me :
Code:
iptables v1.3.5: You must specify `--state'
Try `iptables -h' or 'iptables --help' for more information.

sorry, typo
i meant

Code:
iptables -I INPUT -i eth0 -p tcp -m state --state NEW --dport 2700 -j ACCEPT
 
Old 08-26-2009, 05:42 AM   #7
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by centosboy View Post
sorry, typo
i meant

Code:
iptables -I INPUT -i eth0 -p tcp -m state --state NEW --dport 2700 -j ACCEPT
if you are happy with this rule and would like it to survive reboots, then run

Code:
iptables-save
alternatively, drop the state checks so it looks like

Code:
iptables -I INPUT -i eth0 -p tcp  --dport 2700 -j ACCEPT

Last edited by centosboy; 08-26-2009 at 05:49 AM.
 
Old 08-26-2009, 06:01 AM   #8
a4kata
Member
 
Registered: Aug 2009
Posts: 30

Original Poster
Rep: Reputation: 0
I try with two codes but again when I go to Firewall Configuration Customize don't show me 2700 in Other ports . Maybe firewall must be turned on to be accepted or ?

Last edited by a4kata; 08-26-2009 at 06:12 AM.
 
Old 08-26-2009, 06:11 AM   #9
mrrangerman
Member
 
Registered: Oct 2007
Location: MI
Distribution: Debian Slackware
Posts: 528

Rep: Reputation: 50
Quote:
vinaytp

Can you try this

-A INPUT -m state --state NEW -m tcp -p tcp --dport 2700 -j ACCEPT

after this restart your iptable service

sudo /sbin/service iptables restart
In most linux distro's iptables is built into the kernel, any changes are dynamic so there is no need to reload/restart the service.
 
Old 08-26-2009, 06:21 AM   #10
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by mrrangerman View Post
In most linux distro's iptables is built into the kernel, any changes are dynamic so there is no need to reload/restart the service.
the changes a lost upon reboot unless an

Code:
iptables-save
is issued after the rule addition.

if /etc/sysconfig/iptables is edited, then the reboot works.
if the new rule is added in a command line then there is no need to reboot but the rule must be saved
 
Old 08-26-2009, 06:22 AM   #11
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,627

Rep: Reputation: Disabled
Port 2700 is used by tqdata. Any specific need to opening it explicitly?
 
Old 08-26-2009, 07:18 AM   #12
a4kata
Member
 
Registered: Aug 2009
Posts: 30

Original Poster
Rep: Reputation: 0
O yeah, sorry my mistake I want to open 2710 not 2700
 
Old 08-26-2009, 07:33 AM   #13
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by a4kata View Post
O yeah, sorry my mistake I want to open 2710 not 2700

well have you done it yet?
 
Old 08-26-2009, 07:50 AM   #14
a4kata
Member
 
Registered: Aug 2009
Posts: 30

Original Poster
Rep: Reputation: 0
I have add the port 2710 in Other ports from Firewall Configuration Customize and then save afterward when I see this :

http://upbg.net/out.php/i3542_sshot3.png

sso-service:tcp instead 2710 is it correct ?
 
Old 08-26-2009, 07:52 AM   #15
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by a4kata View Post
I have add the port 2710 in Other ports from Firewall Configuration Customize and then save afterward when I see this :

http://upbg.net/out.php/i3542_sshot3.png

sso-service:tcp instead 2710 is it correct ?

seems so. not really familiar with that ncurses gui thing.

if you paste the iptables listing here, then i can see it better

Code:
iptables -L -n -v
 
  


Reply

Tags
firewall, how, linux, open


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
If I forward a port in iptables, does the port have to be open on the firewall? qwertyjjj Linux - Server 4 08-06-2009 09:22 AM
port 25 filtered despite firewall having port 25 open ille.pugil42 Linux - Security 8 03-09-2007 12:51 AM
how to open 22.port at firewall ce_emre Linux - Networking 2 10-11-2006 12:00 PM
How to open port 25 in firewall greenranger Linux - Networking 13 03-19-2003 08:04 AM
firewall.rc.config says :"open port 8080" but nmap says port is closed saavik Linux - Security 2 02-14-2002 12:16 PM


All times are GMT -5. The time now is 05:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration