LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-16-2003, 07:33 AM   #1
ShockTherapy
LQ Newbie
 
Registered: Nov 2003
Location: London, U.K
Distribution: RedHat 9, Gentoo, I'm Working On More so Don't Bug Me.
Posts: 23

Rep: Reputation: 15
Opening Internal Ports


How do I open Selective UDP ports on a Redhat 9 system.

I am trying to get MSN voice to work through a linux router, I have enabled upnp on it but it seems the internal UDP ports are not open so it can't get through.

I have edited the firewall script and my udp portscanner says that the Ports are open when scanning my external ip. but when I scan the internal network address they are shut.

any ideas?
 
Old 11-16-2003, 08:55 AM   #2
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
It depends upon how you wrote the iptables rules. I'm assuming you've got two ethernet cards if you using this as a router and it would be VERY easy to write rules that open the appropriate ports on one interface, but not the other. So the upshot is that you'll have to post your rules in order for anyone to help.
 
Old 11-16-2003, 10:10 AM   #3
comawhite
LQ Newbie
 
Registered: Sep 2003
Location: .SE
Distribution: Debian
Posts: 12

Rep: Reputation: 0
Just a thought: you also may want to forward the selected port instead of just opening it, it did the job for me :-)
 
Old 11-16-2003, 02:43 PM   #4
ShockTherapy
LQ Newbie
 
Registered: Nov 2003
Location: London, U.K
Distribution: RedHat 9, Gentoo, I'm Working On More so Don't Bug Me.
Posts: 23

Original Poster
Rep: Reputation: 15
The Linux box has one eth card that works the internal network, and an adsl connection set up on ppp0.

The current rules are thus:

echo " Clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and only existing and related ones IN"
#$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

#echo " Opening UDP port 5000 for msn"

echo -e "\nrc.firewall-2.4 v$FWVER done.\n"

I had some trial port opening code, but I deleted them completely in order to start from scratch.
 
Old 11-16-2003, 10:08 PM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Have you enabled forwarding? There probably should be a line like

echo "1" > /proc/sys/net/ipv4/ip_forward

in there.
 
Old 11-17-2003, 12:37 AM   #6
ShockTherapy
LQ Newbie
 
Registered: Nov 2003
Location: London, U.K
Distribution: RedHat 9, Gentoo, I'm Working On More so Don't Bug Me.
Posts: 23

Original Poster
Rep: Reputation: 15
Forwarding and Masquerading work fine. Its just getting those UDP's through it that are driving me crazy.
 
Old 11-17-2003, 09:21 AM   #7
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
You've got a line commented out that pretty much allows all forwarding between exinf and intif. Does it work when you do that rather than the state matching? (Yes, I know its a bad idea to allow all trafic like that, but it may give a clue as to what's wrong)

The other thing is that you are logging.....Do your logs show anything interesting?

I'll admit to a bit of confusion here. This really isn't a restrictive firewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
opening ports I think jleipert Linux - Security 7 09-04-2005 10:14 AM
Opening ports lunke Linux - Security 10 06-07-2005 04:04 AM
Ports still not opening! Help? spam4scott Linux - Networking 1 05-28-2004 01:48 AM
opening ports for my ps2 thesnaggle Linux - Networking 0 04-03-2004 08:58 AM
Opening Ports george3k Linux - Newbie 7 02-16-2003 02:59 PM


All times are GMT -5. The time now is 10:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration