LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-17-2009, 06:46 AM   #1
NeillH
LQ Newbie
 
Registered: Aug 2009
Location: England-Bedfordshire
Posts: 17

Rep: Reputation: 0
Open port 10000


Hi All

Please be gentle with me as I am very new to Linux. Basically I have inherited a Linux web server that I will host my own web site. But while I am creating this I want to host a new site for a friend. The new site needs port 10000 open for webmin, so I looked on the net and found some useful threads, and added the following command line through putty.exe

# iptables --append INPUT --protocol TCP --source-port 10000 --jump ACCEPT (and repeated for OUTPUT and FOWARD). Then I used this url to test the port is open (http://www.yougetsignal.com/tools/open-ports/) and the result tells me port is not open.

When I entered the command line I recieved no errors.

Any ideas?

Neill.
 
Old 08-17-2009, 06:50 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by NeillH View Post
Hi All

Please be gentle with me as I am very new to Linux. Basically I have inherited a Linux web server that I will host my own web site. But while I am creating this I want to host a new site for a friend. The new site needs port 10000 open for webmin, so I looked on the net and found some useful threads, and added the following command line through putty.exe

# iptables --append INPUT --protocol TCP --source-port 10000 --jump ACCEPT (and repeated for OUTPUT and FOWARD). Then I used this url to test the port is open (http://www.yougetsignal.com/tools/open-ports/) and the result tells me port is not open.

When I entered the command line I recieved no errors.

Any ideas?

Neill.
You would only need the INPUT rule for a start.
Second, if there is a DROP rule before the rule you just added, it wont work. In some cases you have to use -I rather then --append or -A.
also, it is --dport you are after rather then --sport


Code:
iptables --append INPUT --protocol tcp  --dport 10000 --jump ACCEPT

anything that isnt allowd should be dropped and logged - this should be the last couple of lines.
if you have done the above, then troubleshooting is made easier because anything not allowed is blocked and loggged

Last edited by centosboy; 08-17-2009 at 06:53 AM.
 
Old 08-17-2009, 06:50 AM   #3
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,143
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Hi Neil,

you will have to give some more info if you want to help you.

just provide details of your iptables rules and httpd.conf settings.
 
Old 08-17-2009, 06:59 AM   #4
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,143
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Thumbs up

if you have following policy, i.e by default you are dropping all:

iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP

then open port 10000 like this;


iptables -A INPUT -p tcp --dport 10000 -j ACCEPT
 
Old 08-17-2009, 07:06 AM   #5
SteveThePirate
Member
 
Registered: Aug 2009
Distribution: Ubuntu
Posts: 62

Rep: Reputation: 16
What does it mean when you want to "drop" the input output or forward?
 
Old 08-17-2009, 07:55 AM   #6
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Ummm....have you tried to just start the webmin service? You havent put your distribution but on RHEL/Centos you can start the service and it will open the port.
 
Old 08-17-2009, 08:15 AM   #7
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
ok...best way to get this resolved is this.

post command and output from

Code:
iptables --list -n -v

and


Code:
netstat -naplt | grep 10000
 
Old 08-17-2009, 08:29 AM   #8
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
Can somebody explain why a site might need webmin?
 
Old 08-17-2009, 02:13 PM   #9
NeillH
LQ Newbie
 
Registered: Aug 2009
Location: England-Bedfordshire
Posts: 17

Original Poster
Rep: Reputation: 0
Thanks all

Lots of ideas here, before I make any changes, how can I see how the current IPtables are set up, so I can get back to the status quo.

Neill
 
Old 08-17-2009, 02:36 PM   #10
NeillH
LQ Newbie
 
Registered: Aug 2009
Location: England-Bedfordshire
Posts: 17

Original Poster
Rep: Reputation: 0
I think this is what the iptables set up is set as, you can see I have tried a few things now.

Does this makes sense to anyone?

Neill

[root@localhost ~]# iptables --list -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4456 4755K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
15M 2258M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
712K 42M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
54941 2820K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
112 6160 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
1833K 115M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
267 10744 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:69 state NEW
1124 56868 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW
72 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW
10 400 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 state NEW
18361 1081K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW
7026 336K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state NEW
136 7600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state NEW
5 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state NEW
504K 38M DROP all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:10000

Chain OUTPUT (policy ACCEPT 1075 packets, 103K bytes)
pkts bytes target prot opt in out source destination
4456 4755K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
19M 4764M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:10000

Chain RH-Firewall-1-INPUT (0 references)
pkts bytes target prot opt in out source destination
 
Old 08-17-2009, 06:03 PM   #11
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,371

Rep: Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381Reputation: 2381
That last bit shows you are running a RH compatible system, so here's the relevant Deployment Manual section http://www.linuxtopia.org/online_boo...el5_ch-fw.html .
Just for confirmation, can you login as root and post the results of these cmds

uname -a

cat /etc/*release*
 
Old 08-17-2009, 11:33 PM   #12
prayag_pjs
Senior Member
 
Registered: Feb 2008
Location: Pune - India
Distribution: Fedora,RedHat,CentOS,Gentoo
Posts: 1,143
Blog Entries: 4

Rep: Reputation: 147Reputation: 147
Hi,

your iptables configuration seems to be correct... can u access the site now if u have configured it on port 10000?

Regards,


Prayag
 
Old 08-18-2009, 12:35 AM   #13
NeillH
LQ Newbie
 
Registered: Aug 2009
Location: England-Bedfordshire
Posts: 17

Original Poster
Rep: Reputation: 0
Hi Chris, results


[root@localhost ~]# cat /etc/*release*
cat: /etc/lsb-release.d: Is a directory
CentOS release 5.3 (Final)

Neill
 
Old 08-18-2009, 12:40 AM   #14
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,629

Rep: Reputation: Disabled
Did you start the service if it is not already? Check if the service is running.
 
Old 08-18-2009, 02:32 AM   #15
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
here is your problem my friend - as i suspected


Code:
504K 38M DROP all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000

a DROP BEFORE the ACCEPT!!

either do an iptables --line-numbers and get the line numbers for those last accepts and remove them.

Code:
iptables -D INPUT <linenumber>
then


Code:
iptables -I INPUT -p tcp --dport 10000 -j accept


OR

just add the rule above so it goes to the TOP of the chains and is accepted before the DROP is even reached


If it helps, you know my currency. No, not $$$$$ but a thumbs up
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't seem to open port 10000 on FC6 Lordandmaker Fedora 1 12-09-2007 04:48 PM
cannot SFTP to SUSE 9.2 box, port 22 open, can putty in though using same port. jgrady Linux - Networking 6 03-29-2005 08:44 AM
open port 10000 by iptables vijaysh Linux - Security 2 12-24-2004 12:55 PM
webmin port 10000 not going through kevinm2 Linux - Software 3 08-19-2004 12:29 PM
Squid blocks port 10000 sigma957 Linux - Security 1 09-29-2003 04:11 AM


All times are GMT -5. The time now is 09:00 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration