Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
hi im trying to get azureus set up and when i test the port it is set to by default to use i get this message
Testing port 6881....NAT Error
i think i need to open port 6881. I believe i enabled the firewall when i installed fc3 but im not sure how to manipulate it. Im not asking how to do it specifically i just need some direction. Im not sure if i have to look into selinux or iptables? any replies would be appreciated. thanks in advance.
yeah the syslog daemon is running. I'll have to look up a tutorial on iptables so i understand it more so that i can use it to allow Azureus to run without disabling selinux. I am not sure how to disable selinux but i'd rather try to find a better solution then that. i can still download using azureus with the nat error but my smiley icons for azureus are never green when i have the nat error.
Originally posted by dr_zayus69 yeah the syslog daemon is running. I'll have to look up a tutorial on iptables so i understand it more so that i can use it to allow Azureus to run without disabling selinux.
except that you are already allowing ALL traffic through your firewall, so there's nothing more you could "allow" as far as iptables is concerned...
I am not sure how to disable selinux but i'd rather try to find a better solution then that. i can still download using azureus with the nat error but my smiley icons for azureus are never green when i have the nat error.
if the issue is indeed being caused by selinux, then nothing else you do will help you... if i were you i'd temporarily disable the selinux protection and see if it does the trick, then at least you'd know where you stand and you could then proceed to find the proper configuration you need to apply to selinux for your azureus... i don't know anything about selinux, but this would be a start if you wanna temporarily disable it:
Actually the last rule in the RH-Firewall-1-INPUT chain is usually a clean-up rule with a REJECT target so all packets that make it to that point get rejected before they get to the default input chain policy. I don't see the rule you added in the output of iptables -L, so I'd take a guess that your system rebooted at some point and the firewall reset to the original Fedora Core default. Try re-running the rule posted above (iptables -I INPUT -p TCP --dport 6881:6999 -m state --state NEW -j ACCEPT) and see if azureus works. If so, then do "service iptables save" so that the change will be persistant over reboots.
Originally posted by win32sux having said that, the 6881:6999/tcp rules does show-up:
Thanks, I stand corrected . In that case, you may want to completely rule out the firewall by temporarily disabling it with the command "service iptables stop" and then retry azureus. Make sure to restart it after testing with "service iptables start".
May also want to verify that your ISP hasn't started filtering those ports. Try using a free online security scanner to verify that they are indeed open. There are a number of scanners available, including ones at grc.com and sygate SOS.
yeah it works fine when i do /sbin/service iptables stop but after exiting it and starting iptables back up it gets the nat error message again. i haven't scanned any ports yet tho. i don't understand the 6999 in the command i know the first number is the port but why is the 6999 there? is it declaring a range of ports? I would change the port but then i wouldn't know what i needed to do to change the iptables command. To be honest i had this post bookmarked and would just copy and paste the command when i used azureus so i didn't completely understand it. Recently i'd use ctrl+r to do a reverse lookup of the command in the shell to get it back up to enter it again. And thought about putting it in a shell script to execute when i started azureus or have it execute with the startup scripts. My basic understanding is that it opens up the port to allow for communication. Thanks for the help so far.
yeah i think you are right, Capt_Caveman... i actually had no idea that bittorret used udp packets, i thought it was all tcp... but now i read through this azureus faq: http://azureus.aelitis.com/wiki/inde...PortForwarding and yeah it says it will use both tcp and udp on the same port (it also says azureus only needs one port)... that would explain why an error would be obtained even though things seemed to still be working fine i think... like, it was just complaining about the udp packets not getting through and stuff... i think...