LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-22-2007, 11:15 AM   #1
JRink
LQ Newbie
 
Registered: Dec 2006
Posts: 27

Rep: Reputation: 15
opening port for radius


This shouldn't be that difficult but I'm having trouble with it.

I'm runnign CentOS with iptables enabled.

I need to open up UDP port 1812 for authentication.

From a shell (I'm not running KDE or Gnome), I type "iptables -A INPUT -p udp --dport 1812 -j ACCEPT" but it's still not allowing me to access that port.

Am I missing another entry or something? Does the firewall have to be stopped and restarted for the changes to go into effect? If so, I'm assuming I have to do a "iptables-save" or something before stopping and restarting the service?

I'm obviously doing something wrong because if I stop iptables, then I can use port 1812 without problem.

Thanks
 
Old 01-22-2007, 12:28 PM   #2
b0uncer
LQ Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
If you restart iptables, the "default rules" are loaded; those that are mentioned in some of the init scripts. So after restarting iptables your newly added rule is flushed away, unless you write it to the same place where all the other rules are (you should see where they are saved from the init script that loads iptables during boot). The command iptables-save produces an output that you can redirect to a file like
Code:
iptables-save > iptables.rules
and then use that file to load the rules back if you happen to flush them. The output of iptables-save is just the same as if you would give the iptables commands one by one, but in a bit different form. You can load the file using iptables-restore, I could imagine like
Code:
iptables-restore < iptables.rules
see
Code:
man iptables
for more information about this.

I'm not sure how your iptables rules are built, but it should not be needed to restart the service; new rules should take action on all new connections. Maybe the rule not affecting has something to do with the way your iptables rules and chains are laid; is it a "stock-one" that came with your install, or have you created the rules yourself? I would recommend creating the iptables rules yourself from scratch, maybe using some "template", but yourself so that you know exactly what is going on in there. I'm not sure if iptables "reads" the rules from top till bottom or vice versa, i.e. does it matter when a rule is added (after or before a similar rule -- if two matching rules are found, which one of them is the effective one?)

My guess, though just a guess, is that the mentioned port matches some other rule that takes action and your new rule is not used. I'd start off by looking where the iptables rules are stored, read the whole file trough and try to deduce what is actually done to block the port; is it just a POLICY (-P) or maybe an appended (-A) rule? In the latter case you'll need to alter the APPENDed rule, or create a new one before it.

Maybe reading the man page (or texinfo: info iptables) reveals more about how iptables handles the information, and reading the appropriate initscript might tell you where to look for the rules. Anyway, after you get it working, you must write your new rule to the same place where all the other rules are "loaded" during boot, unless you want t manually type it in every boot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
opening a port satish Linux - Security 2 11-23-2006 02:14 PM
Opening Port steve007 Linux - Newbie 5 07-23-2005 01:05 PM
opening a port Robin01 Linux - General 3 11-17-2004 10:40 PM
Opening a Port gpamkenny Linux - Networking 3 11-04-2004 02:51 PM
Opening port 80 nmoog Linux - Newbie 4 02-01-2004 04:00 PM


All times are GMT -5. The time now is 01:18 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration