LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 10-29-2009, 05:07 PM   #1
kernel-P4N1C
Member
 
Registered: Nov 2007
Location: Panama city, Republic of Panmaa
Posts: 167

Rep: Reputation: 18
stupid iptables question.


hello folks..

I've never messed with iptables before... because i know i can screw things up pretty good messing with it.

anyways; i was asked to block ports and stuff on a customer server and guess what happened..


that aside I wondered... why we always open port 631?
i only understand that default iptables stuff on centos open 50 and 51 because ipsec stuff... but what about the rest

cand someone please (be kind with a non so newbe dude) explain me why all default iptables rules seems to have this ?

Code:
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
Old 10-29-2009, 05:20 PM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Arch
Posts: 8,529

Rep: Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899Reputation: 899
Quote:
that aside I wondered... why we always open port 631?
This port is used by cups.
 
Old 10-29-2009, 05:28 PM   #3
janhe
Member
 
Registered: Jul 2007
Location: Belgium
Distribution: slackware64 14.2, slackware 13.1
Posts: 371

Rep: Reputation: 54
Quote:
Originally Posted by kernel-P4N1C View Post
all default iptables rules seems to have this ?

Code:
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
Let the computer receive ping packets, destination-not-found-packets, ...
ICMP stands for Internet Control Message Protocol, it is used to give information about the network. It is used by network admins to debug networks. (Often in Linux-networking I ask people to execute a ping command)
Quote:
Originally Posted by kernel-P4N1C View Post
Code:
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
no idea, sorry
Quote:
Originally Posted by kernel-P4N1C View Post
Code:
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
http://www.linuxquestions.org/questi...rt-5353-91085/
Quote:
Originally Posted by kernel-P4N1C View Post
Code:
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
IPP (Internet Printing Protocol), if your pc is used as a print server, it probably is throug this port.
Quote:
Originally Posted by kernel-P4N1C View Post
Code:
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
Your firewall is a statefull firewall. That means, by default it drops all packets, except when the packets belong to a connection that has already been established. Otherwise it could be a problem, say when you send a request for a webpage, and the response would get dropped (by default).
This rule says that packets related to a connection that has already been established, have to be accepted.

EDIT: If I want more info about a certain port, I usually google for "tcp <portnumber>" or "udp <portnumber>". Except when it is a really obscure protocol, this usually tells me what the service is called. Then I can google a bit more on that service name.

Last edited by janhe; 10-29-2009 at 05:30 PM.
 
Old 10-29-2009, 06:51 PM   #4
rjlee
Senior Member
 
Registered: Jul 2004
Distribution: Ubuntu 7.04
Posts: 1,994

Rep: Reputation: 76
Quote:
Originally Posted by janhe View Post
EDIT: If I want more info about a certain port, I usually google for "tcp <portnumber>" or "udp <portnumber>". Except when it is a really obscure protocol, this usually tells me what the service is called. Then I can google a bit more on that service name.
If you want to know what's listening or connected on a particular port, you can also use
Code:
sudo lsof -i TCP:portnum
 
Old 10-30-2009, 12:51 AM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,348

Rep: Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749Reputation: 2749
You can just grep the port num from /etc/services. See also /etc/protocols.
 
Old 10-30-2009, 08:43 AM   #6
Jim Bengtson
Member
 
Registered: Feb 2009
Location: Iowa
Distribution: Ubuntu 9.10
Posts: 164

Rep: Reputation: 38
Quote:
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
Multicast DNS
http://www.iana.org/assignments/port-numbers
 
Old 10-30-2009, 08:43 AM   #7
Jim Bengtson
Member
 
Registered: Feb 2009
Location: Iowa
Distribution: Ubuntu 9.10
Posts: 164

Rep: Reputation: 38
Quote:
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
Multicast DNS
http://www.iana.org/assignments/port-numbers
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Stupid iptables question narcoman Slackware 5 08-17-2008 05:02 AM
Stupid, stupid question; I lost Klaptop. :( Surfrider Slackware 2 08-31-2005 09:12 PM
Stupid Dumb Stupid Question... drigz Linux - Software 3 09-23-2004 03:09 PM
Very Stupid Question about Iptables & Portforwarding kemplej Linux - Networking 20 07-27-2004 02:37 PM
Very stupid question (about XP actually) vnuser General 7 06-21-2003 09:37 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration