Hi,

I am trying to open VNC ports(5901,5902) on my RHLinux machine using iptables.

I am able to do it from GUI system-config-security. Go to the Administration > Security Level and Firewall, then select "other ports" at the bottom and enter the portNum 5901 to open and select tcp, then click OK and OK again to save your settings.
From my windows m/n iam able to open vncsession using vncviewer on 5901 port.

But when I am trying to do it from command line:
#iptables -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5901 -j ACCEPT
This command added the entry in /etc/sysconfig/iptables and listed in iptables -L command.
Then I saved and restarted the iptables.
#service iptables save
#service iptables restart

When I am trying to open the VNC session from vncviewer, it is giving me error and session not opened.

Is there some thing I missed here? where can I check the logs for this? I definetly need this to be done from command line only. So please suggest me some idea to fix this.

Thanks in advance.

Hi,

I got it.

Actually the entry I made is at the end of the file /etc/sysconfig/iptables (i.e. after REJECT all entry).
I moved my entry just above that line and restarted iptables. Everything looks fine.

Thanks

If you use -I instead of -A your line will not be appended (-A) at the end but (-I) inserted at the top.
You could also use -I <number> to tell the line where to insert.
No need for a restart of iptables service or editing the file.
With -D <number> you can also remove a rule.

You only seem to allow new connections? and no established ones?