opening port for radius
This shouldn't be that difficult but I'm having trouble with it.
I'm runnign CentOS with iptables enabled. I need to open up UDP port 1812 for authentication. From a shell (I'm not running KDE or Gnome), I type "iptables -A INPUT -p udp --dport 1812 -j ACCEPT" but it's still not allowing me to access that port. Am I missing another entry or something? Does the firewall have to be stopped and restarted for the changes to go into effect? If so, I'm assuming I have to do a "iptables-save" or something before stopping and restarting the service? I'm obviously doing something wrong because if I stop iptables, then I can use port 1812 without problem. Thanks |
If you restart iptables, the "default rules" are loaded; those that are mentioned in some of the init scripts. So after restarting iptables your newly added rule is flushed away, unless you write it to the same place where all the other rules are (you should see where they are saved from the init script that loads iptables during boot). The command iptables-save produces an output that you can redirect to a file like
Code:
iptables-save > iptables.rules Code:
iptables-restore < iptables.rules Code:
man iptables I'm not sure how your iptables rules are built, but it should not be needed to restart the service; new rules should take action on all new connections. Maybe the rule not affecting has something to do with the way your iptables rules and chains are laid; is it a "stock-one" that came with your install, or have you created the rules yourself? I would recommend creating the iptables rules yourself from scratch, maybe using some "template", but yourself so that you know exactly what is going on in there. I'm not sure if iptables "reads" the rules from top till bottom or vice versa, i.e. does it matter when a rule is added (after or before a similar rule -- if two matching rules are found, which one of them is the effective one?) My guess, though just a guess, is that the mentioned port matches some other rule that takes action and your new rule is not used. I'd start off by looking where the iptables rules are stored, read the whole file trough and try to deduce what is actually done to block the port; is it just a POLICY (-P) or maybe an appended (-A) rule? In the latter case you'll need to alter the APPENDed rule, or create a new one before it. Maybe reading the man page (or texinfo: info iptables) reveals more about how iptables handles the information, and reading the appropriate initscript might tell you where to look for the rules. Anyway, after you get it working, you must write your new rule to the same place where all the other rules are "loaded" during boot, unless you want t manually type it in every boot. |
All times are GMT -5. The time now is 04:45 PM. |