FedoraThis forum is for the discussion of the Fedora Project.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Can someone help me understand my iptables. I am trying to understand how my port 22 is open yet I dont see it being opened or blocked in iptables. Still getting a handle on this iptables stuff. I put in the rules for azureus (40260) and amsn (6890). Apart from that I dont think I have done anything for iptables.
The reason I ask is I can sftp into my FC6 desktop from my laptop which is running Ubuntu and using Nautilus. Just doing little steps on this networking and sharing part so havent used nfs, openssh or samba yet. Sftp works well at moment to get access to desktop. When I try and sftp to the ubuntu laptop I get denied because the port 22 is not open. So why is it blocked on Ubuntu when it doesnt show up in iptables yet in my FC6 the port is open even though I dont think I have allowed it to be open.
Hope I havent been too confusing.
I have done a listing of my ports and iptables on my FC6 Desktop/
Code:
[root@STI ~]# nmap -sS -F -O 192.168.1.100
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-07-01 22:54 NZST
Interesting ports on STI (192.168.1.100):
Not shown: 1234 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
631/tcp open ipp
637/tcp open lanserver
2049/tcp open nfs
Uptime 0.100 days (since Sun Jul 1 20:30:58 2007)
Nmap finished: 1 IP address (1 host up) scanned in 9.947 seconds
[root@STI ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpts:6890:6900
ACCEPT tcp -- anywhere anywhere tcp dpts:6890:6900
ACCEPT udp -- anywhere anywhere udp dpt:40260
ACCEPT tcp -- anywhere anywhere tcp dpt:40260
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Distribution: Ubuntu, Debian, Various using VMWare
Posts: 2,088
Rep:
Most likely, the SSH service is not installed and running on the Ubuntu box.
I would suggest using Firestarter or Guarddog to configure IPtables. This way, you will get a good firewall, without needing to understand too much iptables.
The line in iptables -L that shows port 22 open:
Code:
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
Fedora 6 does have a basic firewall config utility, but I can't remember exactly where it is. I think it may be System - Admin - Security?
run from the command line as root, should tell you whether
or not ssh is running on the local machine. The output
for ssh could look like the following, ( looks like it
will wrap, but hopefully it will be helpful ) :
does fedora automatically put these in when i install and setup fedora?
Also under my iptable -L there is
RH-Firewall-1-INPUT all -- anywhere anywhere
What does it mean? Am i letting everything through and should I really remove it and only add my own rules like I have with aMSN and Azureus.
In general what is best to access and share files in a simple home network, sftp, ssh, nfs, samba. I just used sFTP because it popped up on Nautilus under Network and havent tried the other ways yet.
Thanks for your help on this. Getting a little clearer all the time
Thanks
Gimmee (I dont want anything thats just my nickname)
Distribution: Ubuntu, Debian, Various using VMWare
Posts: 2,088
Rep:
For sharing files over your local network - it depends on what other computers you have. If you need to share files with Windows, use Samba. If it is purely Linux, use NFS. SFTP / SCP will also work with either (obviously you would need putty on Windows), however transfers will be slower due to the encryption.
Thanks for those replies. I have dual boot windows/linux on desktop and laptop but the desktop never goes into windows and the laptop does for when i do pic programming but mainly is on linux 95%. I do have an ipaq that is wm5 but i dont know if i would access linux with it. Would probably setup samba as a learning exercise I think.
Will have a look at shorewall, i just read that as i have just printed out four articles and 400 pages on learning iptables.
I still show port22 closed on the ubuntu laptop even though i have opened it up in firestarter. I must be missing something but have a bit more understanding than a couple of days ago. The learning never stops does it.
On a side note and totally off the subject my daughter is estatic that she can input and convert japanese for her second language japanese classes. Tried kinput2 and canna but couldnt get it to work then setup scim-anthy FC6 and it works great for her. I cant believe something like that is free, must cost alot more for windows.
FYI, ssh/scp/sftp are all aspects of the openssh daemon which runs on port 22 by default.
See the file /etc/services which lists all the officially IANA known services.
See the file hdr for more info.
Note that although the services have assigned port nums,that doesn't mean they are running on your machine.
They may not be installed, or they may be turned off.
The firewall rules determine whether the ports can actually be used, regardless of the state of the service.
See http://www.netfilter.org/ for more than you want to know about IPTABLES for Linux.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.