LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-27-2003, 02:26 AM   #1
jaylee
Member
 
Registered: Jun 2003
Posts: 54

Rep: Reputation: 15
firewall traffic blocking help


I've installed two systems with RedHat 9. They both only have console interface.

During the initial installation of the firewall setup process, one system has all the items checked, the other one only has DHCP checked. Both are setup as Medium security level.

I'm trying to access these two servers from via a SSH client.

The server with all items checked has no problem in establishing the connection.

The other server with onlyDCHP checked is having trouble in establishing the connection.

How to release the traffic blocking?

Any helpful instruction would be greatly appreciated
 
Old 06-27-2003, 01:30 PM   #2
MArgRes
Member
 
Registered: Jun 2003
Distribution: Fedora Core 2
Posts: 37

Rep: Reputation: 15
I'm not sure how the firewall setup does it, because I didn't use it, but I know you can go and check your rules by doing a 'cat /etc/sysconfig/iptables'. You'll need to open up port 22 so that you can connect to it. You could do something like this:

/sbin/iptables -A INPUT --dport 22 -j ACCEPT

Once that's done, check the output of '/sbin/iptables -L -v -n'. Then try to ssh to the machine. If that works, you can save the configuration by doing a '/sbin/service iptables save' (all this is done as root) and it will be there from then on out.

Last edited by MArgRes; 06-27-2003 at 01:31 PM.
 
Old 06-27-2003, 02:59 PM   #3
jaylee
Member
 
Registered: Jun 2003
Posts: 54

Original Poster
Rep: Reputation: 15
I'll give it a try. Are you saying that the following is temporary. When I reboot it will be gone.

/sbin/iptables -A INPUT --dport 22 -j ACCEPT

Unless I execute: '/sbin/service iptables save' to save it to the system?
 
Old 06-27-2003, 03:05 PM   #4
MArgRes
Member
 
Registered: Jun 2003
Distribution: Fedora Core 2
Posts: 37

Rep: Reputation: 15
Yes it wouldn't persist across a reboot unless you saved it. That's because on boot the system loads the chains oulined in the /etc/sysconfig/iptables file, and unless you save your current setup with that command, the file would be the same as it was before you added the one I mentioned above...
 
Old 06-27-2003, 03:27 PM   #5
jaylee
Member
 
Registered: Jun 2003
Posts: 54

Original Poster
Rep: Reputation: 15
Can I just modifiy the file '/etc/sysconfig/iptables' directly for it to take effect?
 
Old 06-27-2003, 03:44 PM   #6
Pcghost
Senior Member
 
Registered: Feb 2003
Location: The Arctic
Distribution: Fedora, Debian, OpenSuSE and Android
Posts: 1,820

Rep: Reputation: 46
You can just follow the syntax of the file. It is slightly different than the commands at the cli.

And the quickest way to see your current config is

iptables -L
 
Old 06-28-2003, 10:31 PM   #7
jaylee
Member
 
Registered: Jun 2003
Posts: 54

Original Poster
Rep: Reputation: 15
I got an error after the executuion of:

iptables -A INPUT --dport 22 -j ACCEPT

Unknown arg '--dport'

Is there something wrong with the parameters?
 
Old 06-29-2003, 08:00 AM   #8
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
well dport works only for tcp/udp so you have to specifiy that protocol. in your case it would be:

iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
Old 06-30-2003, 11:44 AM   #9
MArgRes
Member
 
Registered: Jun 2003
Distribution: Fedora Core 2
Posts: 37

Rep: Reputation: 15
Yeah, sorry.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables blocking traffic JJX Linux - Networking 4 11-07-2005 06:36 AM
Blocking traffic fugzi Linux - Networking 2 12-04-2004 04:31 PM
Blocking outgoing traffic from a specific port billy3 Linux - Security 10 09-24-2004 09:10 PM
Blocking MSN Messenger Traffic With Smoothwall canadiantechie Linux - Software 0 08-21-2004 04:03 PM
Iptables blocking all traffic on other NIC spede Linux - Security 3 05-05-2004 06:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:44 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration