Hello,
A newbie question...but I bought a Internet appliance that has RedHat 7.0 Kernal 2.2.16-22 preloaded. The firewall does not allow opening ports 25 or 110 from the Html gui. I can telnet to it and am at bash. What do I do now? I just want this device to allow traffic in/out on these ports as well as 5900 and 1225-26.
Thanks in advance

What firewall are you using?

The firewall that is native to RedHat 7 I guess.

Ummm....it could be iptables or ipchains. Can you run the GUI firewall setup and open the ports from there?

No doesn'r allow it from there. Just FTP, Telnet, WWW, and Internet Games.

There should be a section where you can specify more ports.

I called Tech support and they said that it wasn't supported, but that it could be done using that command prompt.

Tech support? Who Mandrake tech support? Umm..see which one of your firewalls is running:

chkconfig --list iptables
chkconfig --list ipchains

One of them should be on.

Toshiba tech support. Ok, I'm in the root directory and each one of those commands returns: chkconfig: command not found. Sorry,
I need baby steps here.

You gots to be root! errr...wait a minute I'm not even sure if Mandrake has that command. Are you root?

This system is running RedHat 7.0, I'm logged in as a super user.

This is the etc dir and the output of the ipchains file:

ash-2.04$ pwd
/etc
bash-2.04$ ls
DIR_COLORS fstab isdn/ nscd.conf redhat-release
X11/ fstab.cass* issue nsswitch.conf resolv.conf
adjtime fstab.gls* issue.net openldap/ rpc
aliases ftpaccess krb5.conf opt/ rpm/
aliases.db ftpconversions ld.so.cache pam.d/ samba/
anacrontab ftpgroups ld.so.conf passwd securetty
at.deny ftphosts ldap.conf passwd- security/
atalk/ ftpusers lilo.conf pcmcia/ sendmail.cf
bashrc group localtime@ ppp/ services
conf.linuxconf group- login.defs pptpd.conf shadow
cron.d/ gshadow logrotate.conf printcap shells
cron.daily/ host.conf logrotate.d/ profile skel/
cron.hourly/ hosts lpd.conf profile.d/ smrsh/
cron.monthly/ hosts.allow lpd.perms protocols snmp/
cron.weekly/ hosts.deny lynx.cfg pwdb.conf squid/
crontab htgroup mail/ rc@ sysconfig/

csh.cshrc htpasswd mail.rc rc.d/ sysctl.conf
csh.login httpd/ mailcap rc.local@ syslog.conf
default/ info-dir makedev.d/ rc.sysinit@ termcap
dhcpc/ init.d@ man.config rc0.d@ tmp2.sh*
dhcpcd/ initlog.conf mgetty+sendfax/ rc1.d@ updatedb.conf
dhcpd.conf initscript* mime.types rc2.d@ wvdial.conf
exports inittab modules.conf* rc3.d@ xinetd.conf
fdprm inputrc motd rc4.d@ xinetd.d/
fetchmail/ ioctl.save mtab rc5.d@ yp.conf
filesystems isapnp.gone named.conf rc6.d@
bash-2.04$ less init.d
init.d is a directory
bash-2.04$ cd init.d
bash-2.04$ ls
adsl* execd* kdcrotate* lpd* network* snmpd*
anacron* firstboot* keytable* mondiskd* nscd* snmpstart*
atalk* functions* killall* monfand* pcmcia* spindown*
atd* halt* lcdkbd* monhwd* random* squid*
bridge* httpd* lcdshutdown* monsishw* rawdevices* started*
crond* httpd_admin* linuxconf* monviahw* sendmail* starting*
dhcpd* httpd_intranet* loadisdn* named* single* syslog*
dropboxd* ipchains* loadmodem* netfs* smb* xinetd*
bash-2.04$ less ipchains

ipchains
#!/bin/sh
#
# Startup script to implement /etc/sysconfig/ipchains pre-defined rules.
#
# chkconfig: 2345 08 92
#
# description: Automates a packet filtering firewall with ipchains.
#
# Script Author: Joshua Jensen <joshua@redhat.com>
# -- hacked up by gafton with help from notting
#
# config: /etc/sysconfig/ipchains

# Source 'em up
. /etc/init.d/functions

IPCHAINS_CONFIG=/etc/sysconfig/ipchains

if [ ! -x /sbin/ipchains ]; then
exit 0
fi

KERNELMAJ=`uname -r | sed -e 's,\..*,,'`

:
KERNELMIN=`uname -r | sed -e 's,[^\.]*\.,,' -e 's,\..*,,'`

if [ "$KERNELMAJ" -lt 2 ] ; then
exit 0
fi
if [ "$KERNELMAJ" -eq 2 -a "$KERNELMIN" -lt 2 ] ; then
exit 0
fi

case "$1" in
start)
# don't do squat if we don't have the config file
if [ -f $IPCHAINS_CONFIG ]; then
# If we don't clear these first, we might be adding to
# pre-existing rules.
action "Flushing all current rules and user defined chains:" ipchain
s -F
action "Clearing all current rules and user defined chains:" ipchain
s -X
ipchains -Z
echo -n "Applying ipchains firewall rules: "
grep -v "^[[:space:]]*#" $IPCHAINS_CONFIG | grep -v '^[[:space:]
]*$' | /sbin/ipchains-restore -p -f && \

:
success "Applying ipchains firewall rules" || \
failure "Applying ipchains firewall rules"
echo
touch /var/lock/subsys/ipchains
fi
;;

stop)
action "Flushing all chains:" ipchains -F
action "Removing user defined chains:" ipchains -X
echo -n "Resetting built-in chains to the default ACCEPT policy:"
ipchains -P input ACCEPT && \
ipchains -P forward ACCEPT && \
ipchains -P output ACCEPT && \
success "Resetting built-in chains to the default ACCEPT policy" || \
failure "Resetting built-in chains to the default ACCEPT policy"
echo
rm -f /var/lock/subsys/ipchains
;;

restart)
# "restart" is really just "start" as this isn't a daemon,
# and "start" clears any pre-defined rules anyway.

:
# This is really only here to make those who expect it happy
$0 start
;;

status)
ipchains -nL
;;

panic)
echo -n "Changing target policies to DENY: "
ipchains -P input DENY && \
ipchains -P forward DENY && \

ipchains -P output DENY && \
success "Changing target policies to DENY" || \
failure "Changing target policies to DENY"
echo
action "Flushing all chains:" ipchains -F
action "Removing user defined chains:" ipchains -X
;;

save)
echo -n "Saving current rules to $IPCHAINS_CONFIG: "
/sbin/ipchains-save > $IPCHAINS_CONFIG 2>/dev/null && \
success "Saving current rules to $IPCHAINS_CONFIG" || \
failure "Saving current rules to $IPCHAINS_CONFIG"
echo
;;

*)
echo "Usage: $0 {start|stop|restart|status|panic|save}"
exit 1
esac

exit 0

(END)

I suggest you man iptables and ipchains. I know the command for iptables is:

iptables -L

to see what your current rules are. You might be using ipchains though and I'm not sure if the -L switch is what your looking for.

Hello,
I tried to create a new rule in /sa2/templates/etc/sysconfig/ipchains
and discovered that I can't save anything...error message says
something like could not open <file> for edit and file is read only
use the ! option to override. I get this message when I create a
totally new file in my home directory as well. Is the obvious problem that I don't have write permission? But why would'nt I be able to write to my home dir?
Thanks,
Victorian