LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 12-02-2008, 09:14 AM   #1
SharpyWarpy
Member
 
Registered: Feb 2003
Location: Florida
Distribution: Fedora 18
Posts: 862

Rep: Reputation: 91
g2ipmsg -- gnome ip messenger -- working, but not with iptables -- configuration??


How do I configure iptables so I can use gnome ip messenger? I did
g2ipmsg&
netstat -na|more
but I could not find which port it uses. I'm not familiar with iptables but I know I don't want to leave it off and that's the only way g2ipmsg will work, otherwise I get "no route to host". Does anybody know what port it uses or how to find out so I can read the iptables man page and write the correct configuration for this? It probably would come in handy in the future if I just knew how to do this kind of thing. Thank you very much in advance.
If I run
iptables -F
and flush all chains g2ipmsg works okay, but what is this doing to my firewall? Am I still safe? Here is the content of my /etc/sysconfig/iptables file:
# Generated by iptables-save v1.3.7 on Tue Dec 2 09:28:25 2008
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Tue Dec 2 09:28:25 2008
# Generated by iptables-save v1.3.7 on Tue Dec 2 09:28:25 2008
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 6881 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Dec 2 09:28:25 2008

Last edited by SharpyWarpy; 12-02-2008 at 11:45 AM. Reason: Forgot to say this
 
Old 12-03-2008, 09:38 PM   #2
tuxtutor
LQ Newbie
 
Registered: Dec 2008
Distribution: Solaris, CentOS
Posts: 4

Rep: Reputation: 0
You might want to setup logging to see what ports are getting blocked by iptables. Here is a good tutorial on the process. From there you can open the required ports.

http://www.redhatmagazine.com/2007/0...prise-linux-4/
 
Old 12-04-2008, 09:35 AM   #3
SharpyWarpy
Member
 
Registered: Feb 2003
Location: Florida
Distribution: Fedora 18
Posts: 862

Original Poster
Rep: Reputation: 91
Quote:
Originally Posted by tuxtutor View Post
You might want to setup logging to see what ports are getting blocked by iptables. Here is a good tutorial on the process. From there you can open the required ports.

http://www.redhatmagazine.com/2007/0...prise-linux-4/
Thank you, tuxtutor. I ran it like that for awhile, logging, and I couldn't make heads or tails out of the results. But I did have some success. Here's my /etc/sysconfig/iptables file after some playing around with it:
# Generated by iptables-save v1.3.7 on Tue Dec 2 09:28:25 2008
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 6881 -j ACCEPT
#log
#-A RH-Firewall-1-INPUT -j LOG
#-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

COMMIT
# Completed on Tue Dec 2 09:28:25 2008

Notice I commented out line 13. Now g2ipmsg works fine. But I'm wondering how safe this is, not from the local network but from the internet.
 
Old 12-06-2008, 02:26 AM   #4
tuxtutor
LQ Newbie
 
Registered: Dec 2008
Distribution: Solaris, CentOS
Posts: 4

Rep: Reputation: 0
SharpyWarpy,

I am not a iptables expert but are you using this box as a router?
Line 13 is a forward chain reject. Saying reject all any source any destination but your default policy is to accept. This chain is used primarily for routing so unless this box is performing routing I don't see how that change could have fixed the issue.
 
Old 12-06-2008, 04:29 AM   #5
SharpyWarpy
Member
 
Registered: Feb 2003
Location: Florida
Distribution: Fedora 18
Posts: 862

Original Poster
Rep: Reputation: 91
Quote:
Originally Posted by tuxtutor View Post
SharpyWarpy,

I am not a iptables expert but are you using this box as a router?
Line 13 is a forward chain reject. Saying reject all any source any destination but your default policy is to accept. This chain is used primarily for routing so unless this box is performing routing I don't see how that change could have fixed the issue.
If you mean is the client machine connected via a crossover ethernet cable directly to this one then the answer is yes, this one is being used as a router.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
MSN Messenger + Iptables andresurzagasti Linux - Networking 3 03-23-2009 11:56 AM
error while installing g2ipmsg 0-9-1 champaneriatushar Linux - Newbie 1 08-22-2007 03:11 PM
blocking yahoo messenger with iptables linuxboy_inside Linux - Security 3 01-20-2004 10:12 PM
MSN Messenger with Iptables Again! mfslena Linux - Newbie 2 07-31-2003 04:44 PM
MSN Messenger with Iptables Again! mfslena Linux - Newbie 0 07-31-2003 08:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration