Open port 10000
Hi All
Please be gentle with me as I am very new to Linux. Basically I have inherited a Linux web server that I will host my own web site. But while I am creating this I want to host a new site for a friend. The new site needs port 10000 open for webmin, so I looked on the net and found some useful threads, and added the following command line through putty.exe # iptables --append INPUT --protocol TCP --source-port 10000 --jump ACCEPT (and repeated for OUTPUT and FOWARD). Then I used this url to test the port is open (http://www.yougetsignal.com/tools/open-ports/) and the result tells me port is not open. When I entered the command line I recieved no errors. Any ideas? Neill. |
Quote:
Second, if there is a DROP rule before the rule you just added, it wont work. In some cases you have to use -I rather then --append or -A. also, it is --dport you are after rather then --sport Code:
iptables --append INPUT --protocol tcp --dport 10000 --jump ACCEPT anything that isnt allowd should be dropped and logged - this should be the last couple of lines. if you have done the above, then troubleshooting is made easier because anything not allowed is blocked and loggged |
Hi Neil,
you will have to give some more info if you want to help you. just provide details of your iptables rules and httpd.conf settings. |
if you have following policy, i.e by default you are dropping all:
iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP then open port 10000 like this; iptables -A INPUT -p tcp --dport 10000 -j ACCEPT |
What does it mean when you want to "drop" the input output or forward?
|
Ummm....have you tried to just start the webmin service? You havent put your distribution but on RHEL/Centos you can start the service and it will open the port.
|
ok...best way to get this resolved is this.
post command and output from Code:
iptables --list -n -v and Code:
netstat -naplt | grep 10000 |
Can somebody explain why a site might need webmin?
|
Thanks all
Lots of ideas here, before I make any changes, how can I see how the current IPtables are set up, so I can get back to the status quo. Neill |
I think this is what the iptables set up is set as, you can see I have tried a few things now.
Does this makes sense to anyone? Neill [root@localhost ~]# iptables --list -n -v Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 4456 4755K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 15M 2258M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 712K 42M ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW 54941 2820K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW 112 6160 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW 1833K 115M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW 267 10744 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:69 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:69 state NEW 1124 56868 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW 72 3600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW 10 400 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 state NEW 18361 1081K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 state NEW 7026 336K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state NEW 136 7600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state NEW 5 240 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state NEW 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state NEW 504K 38M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:10000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10000 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:10000 Chain OUTPUT (policy ACCEPT 1075 packets, 103K bytes) pkts bytes target prot opt in out source destination 4456 4755K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0 19M 4764M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:10000 Chain RH-Firewall-1-INPUT (0 references) pkts bytes target prot opt in out source destination |
That last bit shows you are running a RH compatible system, so here's the relevant Deployment Manual section http://www.linuxtopia.org/online_boo...el5_ch-fw.html .
Just for confirmation, can you login as root and post the results of these cmds uname -a cat /etc/*release* |
Hi,
your iptables configuration seems to be correct... can u access the site now if u have configured it on port 10000? Regards, Prayag |
Hi Chris, results
[root@localhost ~]# cat /etc/*release* cat: /etc/lsb-release.d: Is a directory CentOS release 5.3 (Final) Neill |
Did you start the service if it is not already? Check if the service is running.
|
here is your problem my friend - as i suspected
Code:
504K 38M DROP all -- * * 0.0.0.0/0 0.0.0.0/0 a DROP BEFORE the ACCEPT!! either do an iptables --line-numbers and get the line numbers for those last accepts and remove them. Code:
iptables -D INPUT <linenumber> Code:
iptables -I INPUT -p tcp --dport 10000 -j accept OR just add the rule above so it goes to the TOP of the chains and is accepted before the DROP is even reached :) If it helps, you know my currency. No, not $$$$$ but a thumbs up :) |
All times are GMT -5. The time now is 05:15 AM. |