Hi unique3,
This is probably the same problem I experienced. Luckily I found a solution
Here goes:
It was the redhat-config-securitylevel "firewall" program that was causing frustration. Like most (all?) firewall programs on linux, it's based upon iptables, witch is a powerful and highly configurable program, if one learns to use it. More info on iptables:
http://www.iptables.org Basicly iptables determines the fate of packets sent and received on your computer.
The solution was to add a rule to the INPUT chain in iptables. A chain works as a set of rules, the first rule is checked first, if it doesn't apply, the second is checked and so on.
A simple example (INPUT chain, could be any chain):
ACCEPT tcp -- anywhere anywhere tcp dpts:80
ACCEPT tcp -- anywhere anywhere tcp dpts:22
DENY tcp -- anywhere anywhere tcp dpts:80
Let's say this is the INPUT chain (handles everything coming to your computer) The firs rule accept all packets on port 80 tcp (http). The second accept all SSH connections, tcp. The third rule tries to deny all incoming http packets,. This won't work, since the first rule already has acceptet all http packets.
A good way to set up a chain is then to have a set of rules to allow incoming packets on selected ports, and the last rule on the chain to deny all:
ACCEPT tcp -- anywhere anywhere tcp dpts:80
ACCEPT tcp -- anywhere anywhere tcp dpts:22
DENY tcp -- anywhere anywhere tcp dpts:80
REJECT tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp reject-with icmp-port-unreachable
Almost at the end now
What I did (simple enough), was to add a rule to the INPUT chain:
ACCEPT tcp -- anywhere anywhere tcp dpts:51000:51999
The command to do so is:
# iptables -I INPUT 6 -p TCP --dport 51000:51999 -j ACCEPT
This adds a rule to the INPUT chain, position 6 from the top, allows all packets from all ip's on port 51000-51999 (my passive port range in proftpd). The position is important, since the last two rules of my chain denys everything on all ports from all ip's, tcp and udp respectivly.
Hope this was helpful, and perhaps even understandable. Sorry for any bad english