LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   opening port for radius (https://www.linuxquestions.org/questions/linux-newbie-8/opening-port-for-radius-521733/)

JRink 01-22-2007 11:15 AM

opening port for radius
 
This shouldn't be that difficult but I'm having trouble with it.

I'm runnign CentOS with iptables enabled.

I need to open up UDP port 1812 for authentication.

From a shell (I'm not running KDE or Gnome), I type "iptables -A INPUT -p udp --dport 1812 -j ACCEPT" but it's still not allowing me to access that port.

Am I missing another entry or something? Does the firewall have to be stopped and restarted for the changes to go into effect? If so, I'm assuming I have to do a "iptables-save" or something before stopping and restarting the service?

I'm obviously doing something wrong because if I stop iptables, then I can use port 1812 without problem.

Thanks

b0uncer 01-22-2007 12:28 PM

If you restart iptables, the "default rules" are loaded; those that are mentioned in some of the init scripts. So after restarting iptables your newly added rule is flushed away, unless you write it to the same place where all the other rules are (you should see where they are saved from the init script that loads iptables during boot). The command iptables-save produces an output that you can redirect to a file like
Code:

iptables-save > iptables.rules
and then use that file to load the rules back if you happen to flush them. The output of iptables-save is just the same as if you would give the iptables commands one by one, but in a bit different form. You can load the file using iptables-restore, I could imagine like
Code:

iptables-restore < iptables.rules
see
Code:

man iptables
for more information about this.

I'm not sure how your iptables rules are built, but it should not be needed to restart the service; new rules should take action on all new connections. Maybe the rule not affecting has something to do with the way your iptables rules and chains are laid; is it a "stock-one" that came with your install, or have you created the rules yourself? I would recommend creating the iptables rules yourself from scratch, maybe using some "template", but yourself so that you know exactly what is going on in there. I'm not sure if iptables "reads" the rules from top till bottom or vice versa, i.e. does it matter when a rule is added (after or before a similar rule -- if two matching rules are found, which one of them is the effective one?)

My guess, though just a guess, is that the mentioned port matches some other rule that takes action and your new rule is not used. I'd start off by looking where the iptables rules are stored, read the whole file trough and try to deduce what is actually done to block the port; is it just a POLICY (-P) or maybe an appended (-A) rule? In the latter case you'll need to alter the APPENDed rule, or create a new one before it.

Maybe reading the man page (or texinfo: info iptables) reveals more about how iptables handles the information, and reading the appropriate initscript might tell you where to look for the rules. Anyway, after you get it working, you must write your new rule to the same place where all the other rules are "loaded" during boot, unless you want t manually type it in every boot.


All times are GMT -5. The time now is 04:45 PM.