LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-25-2015, 08:18 AM   #1
Skiph
LQ Newbie
 
Registered: Mar 2015
Location: New Braunfels, TX
Posts: 9

Rep: Reputation: Disabled
iptables not active/firewalld is - my web server is working but I have no idea why.


This is a copy of my /etc/sysconfig/iptables.conf (w/o comments):
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

- Added the port 80/21 entries.
vsftpd does work.

"iptables-save | grep 80" returns nothing.

My web server works (internal and external).

"systemctl is-active iptables" shows "inactive"
I have "just" gotten firewalld up and running thanks to questions answered here.

iptables is truly a mystery to me.

Can someone explain why my web server/vsftpd are up and working w/o iptables being active? How can I get my network and security both up and working safely together?

If I enable/activate iptables, is this going to break my web server?

Is this the appropriate forum for this question?

As always, thank you for your time and patience,

Skip
 
Old 03-25-2015, 08:30 AM   #2
veerain
Senior Member
 
Registered: Mar 2005
Location: Earth bound to Helios
Distribution: Custom
Posts: 2,524

Rep: Reputation: 319Reputation: 319Reputation: 319Reputation: 319
List the rules with:

Code:
iptables -L
Iptables is a firewall program. Things would run even if iptables rules have not loaded. Unless you are doing NAT, etc.
 
1 members found this post helpful.
Old 03-25-2015, 08:56 AM   #3
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
As veerain said "Things would run even if iptables rules have not loaded. Unless you are doing NAT, etc.". As long as you are not blocking external traffic at router or via iptables for internal things will work fine.

What you said is that iptables isn't running that means any traffic is allowed to your system whether it is web or ftp or ssh or samba doesn't matter system will reply to all (provided that the service is running). Basically security is not there as your system is open to reply on all ports.

You have already configured rules for web and ftp in your iptables config so that turning iptables shouldn't be an issue. From the output you shared I can see those web and ftp lines are above explicit deny so things should work even with iptables on.
 
1 members found this post helpful.
Old 03-25-2015, 12:55 PM   #4
Skiph
LQ Newbie
 
Registered: Mar 2015
Location: New Braunfels, TX
Posts: 9

Original Poster
Rep: Reputation: Disabled
Appreciate the responses.

This confuses me. Is iptables supposed to run instead of firewalld or in conjunction with?

I google things that seem to imply that iptables is a replacement for firewalld?

"firewall-cmd --state" shows "running".

firewall-config does not show ftp, http(s) "trusted". But yet I can do both.

I need to learn something about computers.

Skip
 
Old 03-25-2015, 01:09 PM   #5
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
This link will clarify your doubts: https://access.redhat.com/documentat...Firewalls.html
 
1 members found this post helpful.
Old 03-25-2015, 02:12 PM   #6
Skiph
LQ Newbie
 
Registered: Mar 2015
Location: New Braunfels, TX
Posts: 9

Original Poster
Rep: Reputation: Disabled
Thanks for the reading suggestion. I'll close the thread.

Skip
 
Old 03-25-2015, 02:16 PM   #7
T3RM1NVT0R
Senior Member
 
Registered: Dec 2010
Location: Internet
Distribution: Linux Mint, SLES, CentOS, Red Hat
Posts: 2,385

Rep: Reputation: 477Reputation: 477Reputation: 477Reputation: 477Reputation: 477
You're welcome and thanks for marking the thread solved!

Enjoy Linux!!!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I want to create a web server but I have no idea where to begin mothergoose729 Linux - General 17 09-22-2012 09:55 PM
iptables rules for web server email server,ftp and ssh,please help lightwing Linux - Networking 1 03-25-2009 08:58 PM
iptables slows down the web server gubak Linux - Newbie 2 03-21-2007 03:34 PM
[IPTABLES] open ext access to web server on GW server kozaki Linux - Networking 3 08-27-2005 05:11 PM
web server,dmz,iptables puding Linux - Networking 7 08-10-2004 02:48 PM


All times are GMT -5. The time now is 10:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration