LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-26-2009, 03:31 PM   #1
bseehausen
LQ Newbie
 
Registered: Oct 2007
Posts: 2

Rep: Reputation: 0
New To Linux and Need Help


I have a Red Hat Enterprise Linux 5 server which will be used for splunk. I need to backup this server using CA Brighstor Arcserve backup agent for Linux. I need to open up TCP ports 6050 and 6051 on the firewall on the Linux server. I ran the following commands:

iptables -I INPUT -p TCP --dport 6050 -j ACCEPT
iptables -I INPUT -p TCP --dport 6051 -j ACCEPT

I restarted the server and I still cannot connect through arcserve agent. I also cannot see these entries in my iptables.
[root@USSECIS017 sysconfig]# cat iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8000 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

I need to keep this box as locked down as possible. Please advise and let me know if you need any additional information.

Thank you,
 
Old 02-26-2009, 03:50 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
well that file is not your iptables, that's just a config script for the iptables service, which you've not changed. if you run "iptables -L" then that should show your actual ruleset including those changes. I'd recommend you actually try using the system-config-firewall tool which is what does directly modify that script.

Good choice with Splunk btw, Absolutely excellent product.
 
Old 02-26-2009, 04:07 PM   #3
vikas027
Senior Member
 
Registered: May 2007
Location: Sydney
Distribution: RHEL, CentOS, Debian, OS X
Posts: 1,298

Rep: Reputation: 102Reputation: 102
Always, remember, whenever you write a new rule for iptables.

run these commands to make it apply immediately.

Code:
service iptables save; service iptables restart
There, is no need to restart the server.
 
Old 02-27-2009, 07:45 AM   #4
bseehausen
LQ Newbie
 
Registered: Oct 2007
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for your help

I received from Arcserve the entry to make in my iptables file which worked. I found out that runing the two commands that I posted didn't do anything because I did not save them which is what VIKAS027 mentioned. Thanks again for the replies. I am sure I will need more help at some point and it's nice to know you are out there to assist. By the way the entry that arcserve gave me for my iptables is as follows:

go to
/etc/sysconfig
then
su root
vi iptables
add the following line putting the port number where it says to
-A RH-Firewall-1-INPUT -m state _state NEW -m tcp -p tcp _dport port number -
j ACCEPT
save and exit
restart the network service by typing
service iptables restart

Again this worked and I am able to backup the server.
 
Old 02-27-2009, 10:17 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974Reputation: 1974
well yes, that's exactly what the system-config-firewall tool will do.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off




All times are GMT -5. The time now is 08:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration