LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-02-2006, 03:57 PM   #1
linuxlainen
Member
 
Registered: Jul 2006
Location: Earth
Distribution: Ubuntu 9.04
Posts: 64

Rep: Reputation: 16
How can find out what ports are open in my system


Hi all,

I'm quite new to linux and I would really appreciate your help with the following:

I'm using BitTorrent for downloads, but it is extremely slow in my Linux box. I found some threads where they mentioned that some ports need to be opened to improve the performance especially when there are multiple downloads.
My questions are, how can I find out what ports are open in my linux box? and how can I open certain ports?

Many thanks in advance for your help.


Linuxlainen
 
Old 08-02-2006, 04:22 PM   #2
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Well if you are talking about bittorrent you will want to see if your firewall is blocking your specific ports. Do you have a firewall turned on? It would help to know your distro type. on the command line you can type "/sbin/iptables -L" to show the rules. Certain distros come with a GUI application where you can view it in a more readable form. Also, do you have a router that you use to connect to the internet with? I've read it helps to forward the ports (6881-6889 i believe) to your computer running BT.

There is also a command "netstat -pant" that will show the open ports, but it does not consider the firewall. So it can show an open port but a firewall can still be blocking it.
 
Old 08-02-2006, 04:42 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
yeah, you need to check your firewall rules... let us know if you are behind a dedicated router or if this is a directly connected box... either way, the key is the firewall rules... checking to see if your ports are "open" won't work, because ports appear as closed when not in use...

so basically, the first thing you wanna do is tell us if you're behind a router...

if not, then post the output of the command benjithegreat98 posted... or better yet, make it a little more thorough:
Code:
iptables -L -n -v
 
Old 08-02-2006, 05:24 PM   #4
linuxlainen
Member
 
Registered: Jul 2006
Location: Earth
Distribution: Ubuntu 9.04
Posts: 64

Original Poster
Rep: Reputation: 16
I'm using Mandriva 2006. I think the firewall I have is Interactive Firewall as I keep on getting warning pop up messages from it about being port scanned
As for my connection to the internet, my linux box is connected through ADSL Router, which I have not changed any of its configurations.

I have applied the command iptables -L and here is what I got:

PHP Code:
Chain AllowICMPs (2 references)
target     prot opt source               destination
ACCEPT     icmp 
--  anywhere             anywhere            icmp fragmentation-
needed
ACCEPT     icmp 
--  anywhere             anywhere            icmp time-exceeded

Chain Drop 
(1 references)
target     prot opt source               destination
RejectAuth  all  
--  anywhere             anywhere
dropBcast  all  
--  anywhere             anywhere
AllowICMPs  icmp 
--  anywhere             anywhere
dropInvalid  all  
--  anywhere             anywhere
DropSMB    all  
--  anywhere             anywhere
DropUPnP   all  
--  anywhere             anywhere
dropNotSyn  tcp  
--  anywhere             anywhere
DropDNSrep  all  
--  anywhere             anywhere

Chain DropDNSrep 
(2 references)
target     prot opt source               destination
DROP       udp  
--  anywhere             anywhere            udp spt:domain

Chain DropSMB 
(1 references)
target     prot opt source               destination
DROP       udp  
--  anywhere             anywhere            udp dpt:135
DROP       udp  
--  anywhere             anywhere            udp dpts:netbios-ns
:netbios-ssn
DROP       udp  
--  anywhere             anywhere            udp dpt:microsoft-d
s
DROP       tcp  
--  anywhere             anywhere            tcp dpt:135
DROP       tcp  
--  anywhere             anywhere            tcp dpt:netbios-ssn

DROP       tcp  
--  anywhere             anywhere            tcp dpt:microsoft-d
s

Chain DropUPnP 
(2 references)
target     prot opt source               destination
DROP       udp  
--  anywhere             anywhere            udp dpt:1900

Chain INPUT 
(policy DROP)
target     prot opt source               destination
ACCEPT     all  
--  anywhere             anywhere
Ifw        all  
--  anywhere             anywhere
eth0_in    all  
--  anywhere             anywhere
Reject     all  
--  anywhere             anywhere
LOG        all  
--  anywhere             anywhere            LOG level info pref
ix 
`Shorewall:INPUT:REJECT:'
reject     all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
eth0_fwd   all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info pref
ix 
`Shorewall:FORWARD:REJECT:'
reject     all  --  anywhere             anywhere

Chain Ifw (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            set ifw_wl src
DROP       all  --  anywhere             anywhere            set ifw_bl src
IFWLOG     all  --  anywhere             anywhere            state INVALID,NEW p
sd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 1 hi-ports-weigh
t: 2 IFWLOG prefix '
SCAN'

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
fw2net     all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info pref
ix `Shorewall:OUTPUT:REJECT:'
reject     all  --  anywhere             anywhere

Chain Reject 
(4 references)
target     prot opt source               destination
RejectAuth  all  
--  anywhere             anywhere
dropBcast  all  
--  anywhere             anywhere
AllowICMPs  icmp 
--  anywhere             anywhere
dropInvalid  all  
--  anywhere             anywhere
RejectSMB  all  
--  anywhere             anywhere
DropUPnP   all  
--  anywhere             anywhere
dropNotSyn  tcp  
--  anywhere             anywhere
DropDNSrep  all  
--  anywhere             anywhere

Chain RejectAuth 
(2 references)
target     prot opt source               destination
reject     tcp  
--  anywhere             anywhere            tcp dpt:auth

Chain RejectSMB 
(1 references)
target     prot opt source               destination
reject     udp  
--  anywhere             anywhere            udp dpt:135
reject     udp  
--  anywhere             anywhere            udp dpts:netbios-ns
:netbios-ssn
reject     udp  
--  anywhere             anywhere            udp dpt:microsoft-d
s
reject     tcp  
--  anywhere             anywhere            tcp dpt:135
reject     tcp  
--  anywhere             anywhere            tcp dpt:netbios-ssn

reject     tcp  
--  anywhere             anywhere            tcp dpt:microsoft-d
s

Chain all2all 
(0 references)
target     prot opt source               destination
ACCEPT     all  
--  anywhere             anywhere            state RELATED,ESTAB
LISHED
Reject     all  
--  anywhere             anywhere
LOG        all  
--  anywhere             anywhere            LOG level info pref
ix 
`Shorewall:all2all:REJECT:'
reject     all  --  anywhere             anywhere

Chain dropBcast (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = broadcast

DROP       all  --  anywhere             anywhere            PKTTYPE = multicast


Chain dropInvalid (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            state INVALID

Chain dropNotSyn (2 references)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,
RST,ACK/SYN

Chain dynamic (2 references)
target     prot opt source               destination

Chain eth0_fwd (1 references)
target     prot opt source               destination
dynamic    all  --  anywhere             anywhere            state INVALID,NEW

Chain eth0_in (1 references)
target     prot opt source               destination
dynamic    all  --  anywhere             anywhere            state INVALID,NEW
net2all    all  --  anywhere             anywhere

Chain fw2net (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB
LISHED
ACCEPT     all  --  anywhere             anywhere

Chain net2all (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB
LISHED
Drop       all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info pref
ix 
`Shorewall:net2all:DROP:'
DROP       all  --  anywhere             anywhere

Chain reject (11 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = broadcast

DROP       all  --  anywhere             anywhere            PKTTYPE = multicast

DROP       all  --  a81-197-63-255.elisa-laajakaista.fi  anywhere
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-res
et
REJECT     udp  --  anywhere             anywhere            reject-with icmp-po
rt-unreachable
REJECT     icmp --  anywhere             anywhere            reject-with icmp-ho
st-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho
st-prohibited

Chain shorewall (0 references)
target     prot opt source               destination

Chain smurfs (0 references)
target     prot opt source               destination
LOG        all  --  a81-197-63-255.elisa-laajakaista.fi  anywhere            LOG
 level info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  a81-197-63-255.elisa-laajakaista.fi  anywhere
LOG        all  
--  255.255.255.255      anywhere            LOG level info pref
ix 
`Shorewall:smurfs:DROP:'
DROP       all  --  255.255.255.255      anywhere
LOG        all  --  BASE-ADDRESS.MCAST.NET/4  anywhere            LOG level info
 prefix 
`Shorewall:smurfs:DROP:'
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
[root@a81-197-40-141 hasan]# clear
[root@a81-197-40-141 hasan]# iptables -L
Chain AllowICMPs (2 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp fragmentation-needed
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded

Chain Drop (1 references)
target     prot opt source               destination
RejectAuth  all  --  anywhere             anywhere
dropBcast  all  --  anywhere             anywhere
AllowICMPs  icmp --  anywhere             anywhere
dropInvalid  all  --  anywhere             anywhere
DropSMB    all  --  anywhere             anywhere
DropUPnP   all  --  anywhere             anywhere
dropNotSyn  tcp  --  anywhere             anywhere
DropDNSrep  all  --  anywhere             anywhere

Chain DropDNSrep (2 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp spt:domain

Chain DropSMB (1 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp dpt:135
DROP       udp  --  anywhere             anywhere            udp dpts:netbios-ns:netbios-ssn
DROP       udp  --  anywhere             anywhere            udp dpt:microsoft-ds
DROP       tcp  --  anywhere             anywhere            tcp dpt:135
DROP       tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn
DROP       tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds

Chain DropUPnP (2 references)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere            udp dpt:1900

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
Ifw        all  --  anywhere             anywhere
eth0_in    all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info prefix `Shorewall:INPUT:REJECT:'
reject     all  --  anywhere             anywhere

Chain FORWARD 
(policy DROP)
target     prot opt source               destination
eth0_fwd   all  
--  anywhere             anywhere
Reject     all  
--  anywhere             anywhere
LOG        all  
--  anywhere             anywhere            LOG level info prefix `Shorewall:FORWARD:REJECT:'
reject     all  --  anywhere             anywhere

Chain Ifw (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere            set ifw_wl src
DROP       all  --  anywhere             anywhere            set ifw_bl src
IFWLOG     all  --  anywhere             anywhere            state INVALID,NEW psd weight-threshold: 10 delay-threshold: 10000 lo-ports-weight: 1 hi-ports-weight: 2 IFWLOG prefix 'SCAN'

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
fw2net     all  --  anywhere             anywhere
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info prefix 
`Shorewall:OUTPUT:REJECT:'
reject     all  --  anywhere             anywhere

Chain Reject (4 references)
target     prot opt source               destination
RejectAuth  all  --  anywhere             anywhere
dropBcast  all  --  anywhere             anywhere
AllowICMPs  icmp --  anywhere             anywhere
dropInvalid  all  --  anywhere             anywhere
RejectSMB  all  --  anywhere             anywhere
DropUPnP   all  --  anywhere             anywhere
dropNotSyn  tcp  --  anywhere             anywhere
DropDNSrep  all  --  anywhere             anywhere

Chain RejectAuth (2 references)
target     prot opt source               destination
reject     tcp  --  anywhere             anywhere            tcp dpt:auth

Chain RejectSMB (1 references)
target     prot opt source               destination
reject     udp  --  anywhere             anywhere            udp dpt:135
reject     udp  --  anywhere             anywhere            udp dpts:netbios-ns:netbios-ssn
reject     udp  --  anywhere             anywhere            udp dpt:microsoft-ds
reject     tcp  --  anywhere             anywhere            tcp dpt:135
reject     tcp  --  anywhere             anywhere            tcp dpt:netbios-ssn
reject     tcp  --  anywhere             anywhere            tcp dpt:microsoft-ds

Chain all2all (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
Reject     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            LOG level info prefix `Shorewall:all2all:REJECT:'
reject     all  --  anywhere             anywhere

Chain dropBcast 
(2 references)
target     prot opt source               destination
DROP       all  
--  anywhere             anywhere            PKTTYPE broadcast
DROP       all  
--  anywhere             anywhere            PKTTYPE multicast

Chain dropInvalid 
(2 references)
target     prot opt source               destination
DROP       all  
--  anywhere             anywhere            state INVALID

Chain dropNotSyn 
(2 references)
target     prot opt source               destination
DROP       tcp  
--  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN

Chain dynamic 
(2 references)
target     prot opt source               destination

Chain eth0_fwd 
(1 references)
target     prot opt source               destination
dynamic    all  
--  anywhere             anywhere            state INVALID,NEW

Chain eth0_in (1 references)
target     prot opt source               destination
dynamic    all  
--  anywhere             anywhere            state INVALID,NEW
net2all    all  --  anywhere             anywhere

Chain fw2net 
(1 references)
target     prot opt source               destination
ACCEPT     all  
--  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  
--  anywhere             anywhere

Chain net2all 
(1 references)
target     prot opt source               destination
ACCEPT     all  
--  anywhere             anywhere            state RELATED,ESTABLISHED
Drop       all  
--  anywhere             anywhere
LOG        all  
--  anywhere             anywhere            LOG level info prefix `Shorewall:net2all:DROP:'
DROP       all  --  anywhere             anywhere

Chain reject (11 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = broadcast
DROP       all  --  anywhere             anywhere            PKTTYPE = multicast
DROP       all  --  a81-197-63-255.elisa-laajakaista.fi  anywhere
DROP       all  --  255.255.255.255      anywhere
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     icmp --  anywhere             anywhere            reject-with icmp-host-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain shorewall (0 references)
target     prot opt source               destination

Chain smurfs (0 references)
target     prot opt source               destination
LOG        all  --  a81-197-63-255.elisa-laajakaista.fi  anywhere            LOG level info prefix 
`Shorewall:smurfs:DROP:'
DROP       all  --  a81-197-63-255.elisa-laajakaista.fi  anywhere
LOG        all  --  255.255.255.255      anywhere            LOG level info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  255.255.255.255      anywhere
LOG        all  
--  BASE-ADDRESS.MCAST.NET/4  anywhere            LOG level info prefix `Shorewall:smurfs:DROP:'
DROP       all  --  BASE-ADDRESS.MCAST.NET/4  anywhere 

So, how am I supposed to proceed now?

Thank you so much for your help

Linuxlainen
 
Old 08-02-2006, 07:20 PM   #5
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
it would have been much easier to comprehend your rules if you would have added the -n and -v...

having said that, what kinda stuff are you doing on this box?? i'm trying to understand why you'd have such complicated rules... either way, this command would open the ports you need:
Code:
iptables -I INPUT -p TCP -i $WAN_IFACE --dport 6881:6889 -j ACCEPT
replace $WAN_IFACE with your interface's name... i don't know what it is since you didn't post the verbose output...
 
Old 08-02-2006, 07:20 PM   #6
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Unfortuneatley I don't know Mandriva so well, but basically you need to go through the menu on the task bar and look for the firewall config program because you do have the firewall running. It's probably called Interactive Firewall. If you can't find it try posting in the Mandriva forum on how to get to it.

Once you are in you need to find where you can allow ports 6881-6889. They might refer to them as exceptions. Then apply your changes.

Next you need to get into your DSL Router. Open up a webbrowser and go to the address of your gateway. Many times it is 192.168.1.1 or 192.168.100.1. If you need help figuring that out let us know. If you've never set a password in there it is probably 'admin' for both the username and password. Once you are in you should look for a way to do "Port Forwarding". If it doesn't call it that it might refer to it as "applications". That varies from router to router. Once there you need to Forward ports 6881-6889 to your ip address. If you need help finding out your IP address let us know on that too.

Let us know if you run into anything. Good luck!
 
Old 08-02-2006, 07:29 PM   #7
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
Looking through the firewall output you sent, it occurs to me that you might want to look for a program called "Shorewall"

It looks like shorewall is the program that generated the firewall rules which would explain why they are as complex as they are.

If you can't find it go to the command line and type 'shorewall' if that doesn't work try '/sbin/shorewall' and '/usr/sbin/shorewall'
 
Old 08-03-2006, 02:56 PM   #8
linuxlainen
Member
 
Registered: Jul 2006
Location: Earth
Distribution: Ubuntu 9.04
Posts: 64

Original Poster
Rep: Reputation: 16
Thank you all for your help,

I have done the port forwarding on my router and it seems to be working fine. However the command
Code:
iptables -I INPUT -p TCP -i $WAN_IFACE --dport 6881:6889 -j ACCEPT
gave me the following message
Quote:
Warning: wierd character in interface `--dport' (No aliases, :, ! or *).
Bad argument `6881:6889'
Try `iptables -h' or 'iptables --help' for more information.
benjithegreat98, I am not really sure where did I get all these complex rules from. I guess this is the default configuration of Mandriva 2006. And yes it seems I have Shorewall. I have applies the command and here is what I got

Quote:
Usage: shorewall [debug|trace] [nolock] [ -x ] [ -q ] [ -f ] [ -v ] <command>
where <command> is one of:
add <interface>[:{<bridge-port>[:<host>]|<host>}[,...]] ... <zone>
allow <address> ...
check [ <directory> ]
clear
delete <interface>[:{<bridge-port>[:<host>]|<host>}[,...]] ... <zone>
drop <address> ...
forget [ <file name> ]
help [ <command > | host | address ]
hits
ipcalc [ <address>/<vlsm> | <address> <netmask> ]
iprange <address>-<address>
logwatch [<refresh interval>]
monitor [<refresh interval>]
refresh
reject <address> ...
reset
restart [ <directory> ]
restore [ <file name> ]
save [ <file name> ]
show [<chain> [ <chain> ... ]|capabilities|classifiers|connections|log|nat|tc|tos|zones]
start [ <directory> ]
stop
status
try <directory> [ <timeout> ]
version
safe-start
safe-restart
I also re-ran the command iptables -L -n -v and here is what I got:
Quote:
Chain AllowICMPs (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11

Chain Drop (1 references)
pkts bytes target prot opt in out source destination
340 45176 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0
340 45176 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
13 504 AllowICMPs icmp -- * * 0.0.0.0/0 0.0.0.0/0
330 43306 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
319 42557 DropSMB all -- * * 0.0.0.0/0 0.0.0.0/0
269 39763 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0
30 1251 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
242 38656 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0

Chain DropDNSrep (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53

Chain DropSMB (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135
11 858 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
28 1408 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
3 144 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
8 384 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445

Chain DropUPnP (2 references)
pkts bytes target prot opt in out source destination
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900

Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2451 133K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1683 488K Ifw all -- * * 0.0.0.0/0 0.0.0.0/0
1683 488K eth0_in all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:IN
PUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 eth0_fwd all -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FO
RWARD:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain Ifw (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 set ifw_wl src
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 set ifw_bl src
0 0 IFWLOG all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW psd weight-threshold:
10 delay-threshold: 10000 lo-ports-weight: 1 hi-ports-weight: 2 IFWLOG prefix 'SCAN'

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
2451 133K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
4792 303K fw2net all -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OU
TPUT:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain Reject (4 references)
pkts bytes target prot opt in out source destination
0 0 RejectAuth all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dropBcast all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 AllowICMPs icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dropInvalid all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 RejectSMB all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DropUPnP all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 dropNotSyn tcp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DropDNSrep all -- * * 0.0.0.0/0 0.0.0.0/0

Chain RejectAuth (2 references)
pkts bytes target prot opt in out source destination
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113

Chain RejectSMB (1 references)
pkts bytes target prot opt in out source destination
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:135
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139
0 0 reject udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445

Chain all2all (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 Reject all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:al
l2all:REJECT:'
0 0 reject all -- * * 0.0.0.0/0 0.0.0.0/0

Chain dropBcast (2 references)
pkts bytes target prot opt in out source destination
10 1870 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast

Chain dropInvalid (2 references)
pkts bytes target prot opt in out source destination
11 749 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID

Chain dropNotSyn (2 references)
pkts bytes target prot opt in out source destination
27 1107 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02

Chain dynamic (2 references)
pkts bytes target prot opt in out source destination

Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW

Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
340 45176 dynamic all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID,NEW
1683 488K net2all all -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
482 62860 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
4310 240K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2all (1 references)
pkts bytes target prot opt in out source destination
1343 442K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
340 45176 Drop all -- * * 0.0.0.0/0 0.0.0.0/0
242 38656 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:ne t2allROP:'
242 38656 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

Chain reject (11 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = multicast
0 0 DROP all -- * * 81.197.63.255 0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT icmp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain shorewall (0 references)
pkts bytes target prot opt in out source destination

Chain smurfs (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 81.197.63.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:sm urfsROP:'
0 0 DROP all -- * * 81.197.63.255 0.0.0.0/0
0 0 LOG all -- * * 255.255.255.255 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:sm urfsROP:'
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 LOG all -- * * 224.0.0.0/4 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:sm urfsROP:'
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
Any idea why the port openning command didn't work? please advise me what to do and thanks againg for the help.
 
Old 08-03-2006, 03:19 PM   #9
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
for the iptables command do this:
Code:
iptables -I INPUT -p TCP -i eth0 --dport 6881:6889 -j ACCEPT
When you do that in the command line it will open the ports up, but it not be applied if you reboot.

You can put that in a script that will start up with Mandriva (/etc/rc.d/rc.local is one such file) or you can find the program in the menu that will let you add the ports to your configuration. I would look for that if you can.

Or another thing you can do is find the shorewall configuration file and edit that, but that will take a skill level that may be a little over you so I wouldn't recommend it.
 
Old 08-03-2006, 04:16 PM   #10
linuxlainen
Member
 
Registered: Jul 2006
Location: Earth
Distribution: Ubuntu 9.04
Posts: 64

Original Poster
Rep: Reputation: 16
Thanks a lot benjithegreat98. My BitTorrent speed jumped from 3kb/s to 180kb/s. This is just GREATE.

One last thing, I have applied the command you gave to open the port and I also found the SW where I can configure my firewall (it is under system configuration --> Security --> Setup personal firewall...), how can I know that these ports are open after I reboot the system? What is the command that would list the open ports?

Many thanks again

Linuxlainen
 
Old 08-03-2006, 05:05 PM   #11
benjithegreat98
Senior Member
 
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019

Rep: Reputation: 45
If you put the ports 6881-6889 to be open in the 'setup personal firewall' and save it, then it should be applied even when you reboot. I don't have Mandriva so unfortunately I can't walk you through how to do that.....

The command to list the open ports is iptables -L -n -v. I would just reboot and see if it is still listed in the 'personal firewall' program.

180kb/s? I'm jealous I never get that fast.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot Open Mail Server Ports 25, 110, and 220. Other Ports will open. Binxter Linux - Newbie 9 11-29-2007 03:03 AM
open ports on linksys, i have ssh open but thats it PlatinumRik Linux - Security 1 07-07-2005 11:38 AM
How go i open ports ? jchikoti Linux - Security 2 06-09-2005 09:56 AM
Find open ports and close them geodo Linux - Newbie 7 11-18-2004 10:33 PM
open ports erikm103 Linux - General 1 03-17-2003 09:41 PM


All times are GMT -5. The time now is 01:34 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration