LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-02-2009, 03:59 AM   #1
jdnow09
Member
 
Registered: Jun 2009
Posts: 42

Rep: Reputation: 16
Iptables


Hello,

I am confused. I tried to open port 161 (snmp) so I can poll information from a server. When I added the entries on the iptables file (etc/sysconfig), it didn't work. Then I went into the GUI (system -->administration-->security level & firewall) and added the port 161, it works.

Comparing the syntax for both, they were identical. So I went ahead and disable the firewall via the lokkit.

Then I go into the iptables file (etc/sysconfig) again and modify it to see what the result would be this time. This time it works. My question is modifying the iptables file vs doing the GUI should have the same result in the first place?

This is centos 5.3

John

iptables file:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 55 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
~

Last edited by jdnow09; 09-02-2009 at 04:03 AM.
 
Old 09-02-2009, 08:22 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by jdnow09 View Post
Hello,

I am confused. I tried to open port 161 (snmp) so I can poll information from a server. When I added the entries on the iptables file (etc/sysconfig), it didn't work. Then I went into the GUI (system -->administration-->security level & firewall) and added the port 161, it works.

Comparing the syntax for both, they were identical. So I went ahead and disable the firewall via the lokkit.

Then I go into the iptables file (etc/sysconfig) again and modify it to see what the result would be this time. This time it works. My question is modifying the iptables file vs doing the GUI should have the same result in the first place?

This is centos 5.3

John

iptables file:

:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 55 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 161 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
~
when you modified /etc/sysconfig/iptables, did you reboot??
when modifying via gui, iptables is restarted, and so should be when editing /etc/sysconfig/iptables
 
Old 09-02-2009, 10:44 AM   #3
jdnow09
Member
 
Registered: Jun 2009
Posts: 42

Original Poster
Rep: Reputation: 16
I did restart the iptables


service iptables restart (./etc/init.d/iptables restart)


John
 
Old 09-02-2009, 06:59 PM   #4
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,356

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
You need to save that changes before restart/reboot, or they get wiped.
http://www.linuxtopia.org/online_boo...ion/index.html sections 42.8 & 42.9
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 05:25 AM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 08:20 PM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 04:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 07:36 AM


All times are GMT -5. The time now is 08:40 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration