HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   Opening TPC ports (http://www.howtoforge.com/forums/showthread.php?t=22819)

thehappyappy 29th April 2008 15:43

Opening TPC ports
 
I'm not sure if this is the right place for this post, but I'd be grateful if somebody could please help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used
iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
to open the ports but haven't been successful. I was told to make sure that your server TCP ports: 999, 1982, 1983 are fully open inbound and outbound and that destination IP address for those ports is 72.232.181.106.
I've been trying for ages to get these ports open, but haven't had any luck.
This is the first time I've ever used a dedicated server and I am very new to all of this so I in advance for lack of knowledge

Thanks

If it helps after I tried to open the ports I ran iptables -L and this is the result:
Quote:

[root@localhost ~]# iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables -A INPUT -i eth0 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.3.5 on Tue Apr 29 14:42:10 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [13:754]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m tcp --dport 1983 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1982 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 999 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 3306 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5555 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
-A INPUT -j DROP
-A INPUT -i eth0 -p tcp -m tcp --sport 999 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1982 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1983 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Apr 29 14:42:10 2008
[root@localhost ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:lhtp
ACCEPT tcp -- anywhere anywhere tcp dpt:estamp
ACCEPT tcp -- anywhere anywhere tcp dpt:garcon
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:tftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:tftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ntp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql state NEW
ACCEPT udp -- anywhere anywhere udp dpt:mysql state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:personal-agent state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:teradataordbms state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:etlservicemgr state NEW
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:garcon state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:estamp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:lhtp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:garcon state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:estamp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:lhtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:garcon state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:estamp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:lhtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:garcon state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:estamp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:lhtp state NEW,ESTABLISHED

Chain FORWARD (policy DROP)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED

Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
[root@localhost ~]#

falko 30th April 2008 16:03

What firewall software are you using (e.g. shorewall, Bastille, etc.)? I thin you can enable these ports somewhere in the configuration of your firewall software.

thehappyappy 30th April 2008 16:16

I'm not sure what Firewall I'm using - how do I find out?
I used vi /etc/sysconfig/iptables to check which ports are open. The output I
got was:
Code:

# Generated by iptables-save v1.3.5 on Tue Apr 29 19:02:13 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 999 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1982 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1983 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW -j ACCEPT
"/etc/sysconfig/iptables" 32L, 1702C


falko 1st May 2008 20:29

Quote:

Originally Posted by thehappyappy
I'm not sure what Firewall I'm using - how do I find out?

What are the outputs of
Code:

ps aux
and
Code:

ls -l /etc/init.d/
?

thehappyappy 1st May 2008 20:41

Sorry I don't know and don't quite understand your question.

falko 2nd May 2008 15:21

Please run the command
Code:

ps aux
and post the output of that command here. Do the same for the other command.

thehappyappy 2nd May 2008 16:24

The output for is ps aux:
Code:

[root@localhost ~]# ps aux
USER      PID %CPU %MEM    VSZ  RSS TTY      STAT START  TIME COMMAND
root        1  0.0  0.1  2040  668 ?        Ss  Apr29  0:00 init [3]     
root        2  0.0  0.0      0    0 ?        S    Apr29  0:00 [migration/0]
root        3  0.0  0.0      0    0 ?        SN  Apr29  0:00 [ksoftirqd/0]
root        4  0.0  0.0      0    0 ?        S    Apr29  0:00 [watchdog/0]
root        5  0.0  0.0      0    0 ?        S    Apr29  0:00 [migration/1]
root        6  0.0  0.0      0    0 ?        SN  Apr29  0:00 [ksoftirqd/1]
root        7  0.0  0.0      0    0 ?        S    Apr29  0:00 [watchdog/1]
root        8  0.0  0.0      0    0 ?        S<  Apr29  0:00 [events/0]
root        9  0.0  0.0      0    0 ?        S<  Apr29  0:00 [events/1]
root        10  0.0  0.0      0    0 ?        S<  Apr29  0:00 [khelper]
root        11  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kthread]
root        15  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kblockd/0]
root        16  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kblockd/1]
root        17  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kacpid]
root      119  0.0  0.0      0    0 ?        S<  Apr29  0:00 [cqueue/0]
root      120  0.0  0.0      0    0 ?        S<  Apr29  0:00 [cqueue/1]
root      123  0.0  0.0      0    0 ?        S<  Apr29  0:00 [khubd]
root      125  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kseriod]
root      192  0.0  0.0      0    0 ?        S    Apr29  0:00 [pdflush]
root      193  0.0  0.0      0    0 ?        S    Apr29  0:00 [pdflush]
root      194  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kswapd0]
root      195  0.0  0.0      0    0 ?        S<  Apr29  0:00 [aio/0]
root      196  0.0  0.0      0    0 ?        S<  Apr29  0:00 [aio/1]
root      354  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kpsmoused]
root      387  0.0  0.0      0    0 ?        S<  Apr29  0:00 [ata/0]
root      388  0.0  0.0      0    0 ?        S<  Apr29  0:00 [ata/1]
root      389  0.0  0.0      0    0 ?        S<  Apr29  0:00 [ata_aux]
root      393  0.0  0.0      0    0 ?        S<  Apr29  0:00 [scsi_eh_0]
root      394  0.0  0.0      0    0 ?        S<  Apr29  0:00 [scsi_eh_1]
root      395  0.0  0.0      0    0 ?        S<  Apr29  0:01 [kjournald]
root      421  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kauditd]
root      453  0.0  0.1  2224  656 ?        S<s  Apr29  0:00 /sbin/udevd -d
root      1180  0.2  0.5  9000  2724 ?        Ss  15:21  0:00 sshd: root@pts/
root      1184  0.1  0.2  4748  1384 pts/0    Ss  15:21  0:00 -bash
root      1212  0.7  0.4  7780  2524 ?        Ss  15:21  0:00 sshd: unknown [
sshd      1213  0.0  0.2  7492  1300 ?        S    15:21  0:00 sshd: unknown [
root      1214  1.0  0.4  7780  2524 ?        Ss  15:21  0:00 sshd: unknown [
sshd      1215  0.0  0.2  7492  1300 ?        S    15:21  0:00 sshd: unknown [
root      1216  0.0  0.1  4432  884 pts/0    R+  15:21  0:00 ps aux
root      1352  0.0  0.0      0    0 ?        S<  Apr29  0:00 [hda_codec]
root      1486  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kmpathd/0]
root      1487  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kmpathd/1]
root      1519  0.0  0.0      0    0 ?        S<  Apr29  0:06 [kjournald]
root      1521  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kjournald]
root      1523  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kjournald]
root      1805  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kondemand/0]
root      1806  0.0  0.0      0    0 ?        S<  Apr29  0:00 [kondemand/1]
root      2169  0.0  0.1  13084  668 ?        S<sl Apr29  0:00 auditd
root      2171  0.0  0.7  10096  3932 ?        S<s  Apr29  0:00 python /sbin/au
root      2197  0.0  0.1  1704  588 ?        Ss  Apr29  0:01 syslogd -m 0
root      2201  0.0  0.0  1652  396 ?        Ss  Apr29  0:00 klogd -x
named    2249  0.0  0.6  48244  3148 ?        Ssl  Apr29  0:00 /usr/sbin/named
rpc      2275  0.0  0.1  1788  548 ?        Ss  Apr29  0:00 portmap
root      2298  0.0  0.1  1804  728 ?        Ss  Apr29  0:00 rpc.statd
root      2305  0.0  0.0  1644  316 ?        S    Apr29  0:00 /usr/sbin/couri
root      2306  0.0  0.1  2140  696 ?        S    Apr29  0:00 /usr/libexec/co
root      2337  0.0  0.1  2192  784 ?        S    Apr29  0:00 /usr/libexec/co
root      2338  0.0  0.1  2192  784 ?        S    Apr29  0:00 /usr/libexec/co
root      2339  0.0  0.1  2192  784 ?        S    Apr29  0:00 /usr/libexec/co
root      2340  0.0  0.1  2192  784 ?        S    Apr29  0:00 /usr/libexec/co
root      2341  0.0  0.1  2192  784 ?        S    Apr29  0:00 /usr/libexec/co
root      2351  0.0  0.1  5400  588 ?        Ss  Apr29  0:00 rpc.idmapd
dbus      2374  0.0  0.1  2724  748 ?        Ss  Apr29  0:00 dbus-daemon --s
root      2387  0.0  0.1  2128  760 ?        Ss  Apr29  0:00 /usr/sbin/hcid
root      2393  0.0  0.0  1720  500 ?        Ss  Apr29  0:00 /usr/sbin/sdpd
root      2416  0.0  0.0      0    0 ?        S<  Apr29  0:00 [krfcommd]
root      2461  0.0  0.2  12700  1280 ?        Ssl  Apr29  0:00 pcscd
root      2483  0.0  0.0  1892  436 ?        Ss  Apr29  0:00 /usr/bin/hidd -
root      2501  0.0  0.2  9356  1128 ?        Ssl  Apr29  0:00 automount
root      2522  0.0  0.1  1652  536 ?        Ss  Apr29  0:00 /usr/sbin/acpid
root      2538  0.0  0.2  6152  1040 ?        Ss  Apr29  0:01 /usr/sbin/sshd
root      2551  0.0  0.3  9912  1964 ?        Ss  Apr29  0:00 cupsd
root      2578  0.0  1.9  88932 10040 ?        Sl  Apr29  0:10 python MatrixSA
root      2641  0.0  0.3  6704  1748 ?        Ss  Apr29  0:00 /usr/libexec/po
root      2654  0.0  0.0  1884  368 ?        Ss  Apr29  0:00 gpm -m /dev/inp
postfix  2657  0.0  0.3  6824  1864 ?        S    Apr29  0:00 qmgr -l -t fifo
root      2670  0.0  2.1  28176 10864 ?        Ss  Apr29  0:00 /usr/sbin/httpd
root      2683  0.0  0.3  6256  1692 ?        Ss  Apr29  0:00 /usr/sbin/httpd
apache    2684  0.0  0.3  6256  1572 ?        S    Apr29  0:00 /usr/sbin/httpd
apache    2685  0.0  0.3  6384  1592 ?        S    Apr29  0:00 /usr/sbin/httpd
root      2701  0.0  0.0  4436  476 ?        Ss  Apr29  0:00 pure-ftpd (SERV
root      2714  0.0  0.2  5468  1108 ?        Ss  Apr29  0:00 crond
xfs      2737  0.0  0.2  3140  1036 ?        Ss  Apr29  0:00 xfs -droppriv -
apache    2760  0.0  2.7  32348 14000 ?        S    Apr29  2:18 /usr/sbin/httpd
apache    2761  0.0  2.6  32528 13656 ?        R    Apr29  2:19 /usr/sbin/httpd
apache    2762  0.0  2.7  32556 14012 ?        S    Apr29  2:16 /usr/sbin/httpd
apache    2764  0.0  2.6  32392 13456 ?        S    Apr29  2:15 /usr/sbin/httpd
apache    2765  0.0  2.7  32704 14084 ?        S    Apr29  2:15 /usr/sbin/httpd
apache    2767  0.0  2.8  32952 14400 ?        S    Apr29  2:20 /usr/sbin/httpd
apache    2768  0.0  2.6  32544 13596 ?        S    Apr29  2:16 /usr/sbin/httpd
root      2769  0.0  0.0  2216  416 ?        Ss  Apr29  0:00 /usr/sbin/atd
apache    2770  0.0  2.8  32648 14296 ?        S    Apr29  2:17 /usr/sbin/httpd
avahi    2784  0.0  0.2  2552  1380 ?        Ss  Apr29  0:00 avahi-daemon: r
avahi    2785  0.0  0.0  2552  428 ?        Ss  Apr29  0:00 avahi-daemon: c
68        2798  0.0  0.7  5420  3660 ?        Ss  Apr29  0:00 hald
root      2799  0.0  0.1  3116  976 ?        S    Apr29  0:00 hald-runner
68        2806  0.0  0.1  1972  784 ?        S    Apr29  0:00 hald-addon-acpi
root      2807  0.0  0.1  3172  940 ?        S    Apr29  0:00 /usr/libexec/ha
68        2812  0.0  0.1  1972  776 ?        S    Apr29  0:00 hald-addon-keyb
68        2818  0.0  0.1  1976  780 ?        S    Apr29  0:00 hald-addon-keyb
ntp      2874  0.0  0.8  4316  4316 ?        SLs  Apr29  0:00 ntpd -u ntp:ntp
root      2944  0.0  0.0  1640  436 tty1    Ss+  Apr29  0:00 /sbin/mingetty
root      2945  0.0  0.0  1636  432 tty2    Ss+  Apr29  0:00 /sbin/mingetty
root      2946  0.0  0.0  1636  456 tty3    Ss+  Apr29  0:00 /sbin/mingetty
root      2947  0.0  0.0  1636  432 tty4    Ss+  Apr29  0:00 /sbin/mingetty
root      2949  0.0  0.0  1640  436 tty5    Ss+  Apr29  0:00 /sbin/mingetty
root      2952  0.0  0.0  1636  432 tty6    Ss+  Apr29  0:00 /sbin/mingetty
apache    3132  0.0  0.2  6256  1432 ?        S    Apr29  0:00 /usr/sbin/httpd
apache    3137  0.0  0.2  6256  1436 ?        S    Apr29  0:00 /usr/sbin/httpd
apache    3138  0.0  0.2  6256  1432 ?        S    Apr29  0:00 /usr/sbin/httpd
apache    3897  0.0  2.6  32568 13624 ?        S    Apr29  2:12 /usr/sbin/httpd
apache    3898  0.0  2.6  32516 13528 ?        S    Apr29  2:14 /usr/sbin/httpd
apache    4523  0.0  2.7  32672 14036 ?        S    Apr29  2:09 /usr/sbin/httpd
apache    4528  0.0  2.7  32192 13836 ?        S    Apr29  2:07 /usr/sbin/httpd
apache    4536  0.0  2.6  32200 13496 ?        S    Apr29  2:05 /usr/sbin/httpd
apache    4553  0.0  2.7  32840 13808 ?        S    Apr29  2:05 /usr/sbin/httpd
apache    4596  0.0  2.8  32980 14396 ?        S    Apr29  2:11 /usr/sbin/httpd
postfix  30035  0.0  0.3  6772  1724 ?        S    14:14  0:00 pickup -l -t fi
[root@localhost ~]#

and ls -l /etc/init.d/ is:
Code:

[root@localhost ~]# ls -l /etc/init.d/
total 668
-rwxr-xr-x 1 root root  1128 Jan  6  2007 acpid
-rwxr-xr-x 1 root root  1441 Mar 28  2007 anacron
-rwxr-xr-x 1 root root  1429 Mar 14  2007 apmd
-rwxr-xr-x 1 root root  1176 Jan  6  2007 atd
-rwxr-xr-x 1 root root  2796 Nov 10 17:15 auditd
-rwxr-xr-x 1 root root  2461 Feb  9 10:17 autofs
-rwxr-xr-x 1 root root  1848 Mar 14  2007 avahi-daemon
-rwxr-xr-x 1 root root  1789 Mar 14  2007 avahi-dnsconfd
-rwxr-xr-x 1 root root  1477 Mar 28  2007 bluetooth
-rwxr-xr-x 1 root root  1470 Nov 11 17:04 conman
-rwxr-xr-x 1 bin  bin  4796 Jun 28  2007 courier
-r-xr-xr-x 1 root root  893 Jun  7  2007 courier-authlib
-rwxr-xr-x 1 root root  7328 Nov 10 14:42 cpuspeed
-rwxr-xr-x 1 root root  1904 Nov 10 15:17 crond
-rwxr-xr-x 1 root root  1942 Apr  2 10:20 cups
-rwxr-xr-x 1 root root  1505 Jan  6  2007 dc_client
-rwxr-xr-x 1 root root  1347 Jan  6  2007 dc_server
-rwxr-xr-x 1 root root  2785 Mar 14  2007 dhcdbd
-rwxr-xr-x 1 root root  5338 Apr 18 12:59 dkms_autoinstaller
-rwxr-xr-x 1 root root  996 Mar 28  2007 dund
-rwxr-xr-x 1 root root  1965 Nov 10 16:52 firstboot
-rwxr-xr-x 1 root root 13913 Oct 26  2006 functions
-rwxr-xr-x 1 root root  1778 Jan  6  2007 gpm
-rwxr-xr-x 1 root root  1486 Nov 29 23:30 haldaemon
-rwxr-xr-x 1 root root  5766 Jun 22  2007 halt
-rwxr-xr-x 1 root root  966 Mar 28  2007 hidd
-rwxr-xr-x 1 root root  3200 Jan 16 14:31 httpd
-rwxr-xr-x 1 root root  1927 Jun  6  2007 httpd-matrixsa
-rwxr-xr-x 1 root root  1861 Mar 14  2007 ibmasm
-rwxr-xr-x 1 root root  7543 Jan  6  2007 ip6tables
-rwxr-xr-x 1 root root  7460 Jan  6  2007 iptables
-rwxr-xr-x 1 root root  1624 Jan  7  2007 irda
-rwxr-xr-x 1 root root  2120 Nov 10 13:41 irqbalance
-rwxr-xr-x 1 root root  652 Sep  4  2003 killall
-rwxr-xr-x 1 root root  1389 Feb 25  2005 krb524
-rwxr-xr-x 1 root root  1406 Nov 10 16:16 kudzu
-rwxr-xr-x 1 root root  2111 Nov 10 18:50 lvm2-monitor
-rwxr-xr-x 1 root root  2450 Jan 15 13:54 matrixsa
-rwxr-xr-x 1 root root  1871 Dec 19 00:03 mcstrans
-rwxr-xr-x 1 root root  1408 Mar 14  2007 mdmonitor
-rwxr-xr-x 1 root root  1613 Mar 14  2007 mdmpd
-rwxr-xr-x 1 root root  1819 Mar  3 13:44 messagebus
-rwxr-xr-x 1 root root  1926 Nov 10 15:51 microcode_ctl
-rwxr-xr-x 1 root root  1193 Mar 11 18:33 multipathd
-rwxr-xr-x 1 root root  4582 Dec 19 01:07 mysqld
-rwxr-xr-- 1 root root  8643 Nov 10 15:22 named
-rwxr-xr-x 1 root root  2985 Aug  7  2007 netconsole
-rwxr-xr-x 1 root root  5675 Aug  1  2006 netfs
-rwxr-xr-x 1 root root  1289 Jan  7  2007 netplugd
-rwxr-xr-x 1 root root  7992 Jun 22  2007 network
-rwxr-xr-x 1 root root  1598 Mar 14  2007 NetworkManager
-rwxr-xr-x 1 root root  1480 Mar 14  2007 NetworkManagerDispatcher
-rwxr-xr-x 1 root root  4589 Nov 12 06:37 nfs
-rwxr-xr-x 1 root root  3266 Nov 12 06:37 nfslock
-rwxr-xr-x 1 root root  2517 Nov 30 02:22 nscd
-rwxr-xr-x 1 root root  3361 Nov 10 12:34 ntpd
-rwxr-xr-x 1 root root  1790 Jan  6  2007 oddjobd
-rwxr-xr-x 1 root root  1203 Mar 28  2007 pand
-rwxr-xr-x 1 root root  1525 Jan  6  2007 pcscd
-rwxr-xr-x 1 root root  1877 Jan  6  2007 portmap
-rwxr-xr-x 1 root root  2404 Jan 21  2007 postfix
-rwxr-xr-x 1 root root  1021 Jan  6  2007 psacct
-rwxr-xr-x 1 root root  1323 Dec 18  2001 pure-ftpd
-rwxr-xr-x 1 root root  1387 Mar 14  2007 rdisc
-rwxr-xr-x 1 root root  931 Mar 14  2007 readahead_early
-rwxr-xr-x 1 root root  930 Mar 14  2007 readahead_later
-rwxr-xr-x 1 root root  1793 Nov 10 14:46 restorecond
-rwxr-xr-x 1 root root  2415 Nov 12 06:37 rpcgssd
-rwxr-xr-x 1 root root  2040 Nov 12 06:37 rpcidmapd
-rwxr-xr-x 1 root root  2420 Nov 12 06:37 rpcsvcgssd
-rwxr-xr-x 1 root root  1547 Jan  7  2007 saslauthd
-rwxr-xr-x 1 root root  647 Jul 20  2006 single
-rwxr-xr-x 1 root root  2525 Mar 15  2007 smartd
-rwxr-xr-x 1 root root  3283 Apr 18 01:56 squid
-rwxr-xr-x 1 root root  3340 Nov 10 13:58 sshd
-rwxr-xr-x 1 root root  2012 Nov 10 12:49 syslog
-rwxr-xr-x 1 root root  2796 Jan  7  2007 tux
-rwxr-xr-x 1 root root  1650 Jan  7  2007 wpa_supplicant
-rwxr-xr-x 1 root root  3902 Jul 12  2007 xfs
-rwxr-xr-x 1 root root  3465 Nov 10 14:30 ypbind
-rwxr-xr-x 1 root root  1098 Nov 10 17:14 yum-updatesd
[root@localhost ~]#


falko 3rd May 2008 20:51

What's in /etc/init.d/iptables?

thehappyappy 6th May 2008 11:14

That's

Code:

#!/bin/sh
#
# iptables      Start iptables firewall
#
# chkconfig: 2345 08 92
# description:  Starts, stops and saves iptables firewall
#
# config: /etc/sysconfig/iptables
# config: /etc/sysconfig/iptables-config

# Source function library.
. /etc/init.d/functions

IPTABLES=iptables
IPTABLES_DATA=/etc/sysconfig/$IPTABLES
IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES

if [ ! -x /sbin/$IPTABLES ]; then
    echo -n $"/sbin/$IPTABLES does not exist."; warning; echo
    exit 0
fi

if lsmod 2>/dev/null | grep -q ipchains ; then
    echo -n $"ipchains and $IPTABLES can not be used together."; warning; echo
    exit 0
fi

# Old or new modutils
/sbin/modprobe --version 2>&1 | grep -q module-init-tools \
    && NEW_MODUTILS=1 \
    || NEW_MODUTILS=0

# Default firewall configuration:
IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
IPTABLES_STATUS_NUMERIC="yes"

# Load firewall configuration.
[ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"

rmmod_r() {
    # Unload module with all referring modules.
    # At first all referring modules will be unloaded, then the module itself.
    local mod=$1
    local ret=0
    local ref=

    # Get referring modules.
    # New modutils have another output format.
    [ $NEW_MODUTILS = 1 ] \
        && ref=`lsmod | awk "/^${mod}/ { print \\\$4; }" | tr ',' ' '` \
        || ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`

    # recursive call for all referring modules
    for i in $ref; do
        rmmod_r $i
        let ret+=$?;
 done

    # Unload module.
    # The extra test is for 2.6: The module might have autocleaned,
    # after all referring modules are unloaded.
    if grep -q "^${mod}" /proc/modules ; then
        modprobe -r $mod > /dev/null 2>&1
        let ret+=$?;
    fi

    return $ret
}

flush_n_delete() {
    # Flush firewall rules and delete chains.
    [ -e "$PROC_IPTABLES_NAMES" ] || return 1

    # Check if firewall is configured (has tables)
    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
    [ -z "$tables" ] && return 1

    echo -n $"Flushing firewall rules: "
    ret=0
    # For all tables
    for i in $tables; do
        # Flush firewall rules.
        $IPTABLES -t $i -F;
        let ret+=$?;

        # Delete firewall chains.
        $IPTABLES -t $i -X;
        let ret+=$?;

        # Set counter to zero.
        $IPTABLES -t $i -Z;
        let ret+=$?;
    done

    [ $ret -eq 0 ] && success || failure
    echo
    return $ret
}

set_policy() {
    # Set policy for configured tables.
    policy=$1

    # Check if iptable module is loaded
    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1

    # Check if firewall is configured (has tables)
    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
    [ -z "$tables" ] && return 1

    echo -n $"Setting chains to policy $policy: "
    ret=0
    for i in $tables; do
        echo -n "$i "
        case "$i" in
            raw)
                $IPTABLES -t raw -P PREROUTING $policy \
                    && $IPTABLES -t raw -P OUTPUT $policy \
|| let ret+=1
                ;;
            filter)
                $IPTABLES -t filter -P INPUT $policy \
                    && $IPTABLES -t filter -P OUTPUT $policy \
                    && $IPTABLES -t filter -P FORWARD $policy \
                    || let ret+=1
                ;;
            nat)
                $IPTABLES -t nat -P PREROUTING $policy \
                    && $IPTABLES -t nat -P POSTROUTING $policy \
                    && $IPTABLES -t nat -P OUTPUT $policy \
                    || let ret+=1
                ;;
            mangle)
                $IPTABLES -t mangle -P PREROUTING $policy \
                    && $IPTABLES -t mangle -P POSTROUTING $policy \
                    && $IPTABLES -t mangle -P INPUT $policy \
                    && $IPTABLES -t mangle -P OUTPUT $policy \
                    && $IPTABLES -t mangle -P FORWARD $policy \
                    || let ret+=1
                ;;
            *)
                let ret+=1
                ;;
        esac
    done

    [ $ret -eq 0 ] && success || failure
    echo
    return $ret
}

start() {
    # Do not start if there is no config file.
    [ -f "$IPTABLES_DATA" ] || return 1

    echo -n $"Applying $IPTABLES firewall rules: "

    OPT=
    [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"

    $IPTABLES-restore $OPT $IPTABLES_DATA
    if [ $? -eq 0 ]; then
        success; echo
    else
        failure; echo; return 1
    fi

    # Load additional modules (helpers)
    if [ -n "$IPTABLES_MODULES" ]; then
        echo -n $"Loading additional $IPTABLES modules: "
        ret=0
        for mod in $IPTABLES_MODULES; do
            echo -n "$mod "
            modprobe $mod > /dev/null 2>&1
            let ret+=$?;
        done
        [ $ret -eq 0 ] && success || failure
        echo
    fi
 touch $VAR_SUBSYS_IPTABLES
    return $ret
}

stop() {
    # Do not stop if iptables module is not loaded.
    [ -e "$PROC_IPTABLES_NAMES" ] || return 1

    flush_n_delete
    set_policy ACCEPT

    if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
        echo -n $"Unloading $IPTABLES modules: "
        ret=0
        rmmod_r ${IPV}_tables
        let ret+=$?;
        rmmod_r ${IPV}_conntrack
        let ret+=$?;
        [ $ret -eq 0 ] && success || failure
        echo
    fi

    rm -f $VAR_SUBSYS_IPTABLES
    return $ret
}

save() {
    # Check if iptable module is loaded
    [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1

    # Check if firewall is configured (has tables)
    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
    [ -z "$tables" ] && return 1

    echo -n $"Saving firewall rules to $IPTABLES_DATA: "

    OPT=
    [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"

    ret=0
    TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \
        && chmod 600 "$TMP_FILE" \
        && $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
        && size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \
        || ret=1
    if [ $ret -eq 0 ]; then
        if [ -e $IPTABLES_DATA ]; then
            cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
                && chmod 600 $IPTABLES_DATA.save \
                || ret=1
        fi
        if [ $ret -eq 0 ]; then
            cp -f $TMP_FILE $IPTABLES_DATA \
                && chmod 600 $IPTABLES_DATA \
                || ret=1
        fi
    fi
    [ $ret -eq 0 ] && success || failure
    echo
    rm -f $TMP_FILE
    return $ret
}

status() {
    tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`

    # Do not print status if lockfile is missing and iptables modules are not
    # loaded.
    # Check if iptable module is loaded
    if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$tables" ]; then
        echo $"Firewall is stopped."
        return 1
    fi

    # Check if firewall is configured (has tables)
    if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
        echo $"Firewall is not configured. "
        return 1
    fi
    if [ -z "$tables" ]; then
        echo $"Firewall is not configured. "
        return 1
    fi

    NUM=
    [ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
    VERBOSE=
    [ "x$IPTABLES_STATUS_VERBOSE" = "xyes" ] && VERBOSE="--verbose"
    COUNT=
    [ "x$IPTABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers"

    for table in $tables; do
        echo $"Table: $table"
        $IPTABLES -t $table --list $NUM $VERBOSE $COUNT && echo
    done

    return 0
}

restart() {
    [ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save
    stop
    start
}

case "$1" in
    start)
        stop
        start
        RETVAL=$?
        ;;
    stop)
        [ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
        stop
        RETVAL=$?
        ;;
    restart)
        restart
        RETVAL=$?
        ;;
    condrestart)
        [ -e "$VAR_SUBSYS_IPTABLES" ] && restart
        ;;

    status)
        status
        RETVAL=$?
        ;;
    panic)
        flush_n_delete
        set_policy DROP
        RETVAL=$?
        ;;
    save)
        save
        RETVAL=$?
        ;;
    *)
        echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
        exit 1
        ;;
esac

exit $RETVAL

Thanks

falko 7th May 2008 16:58

Ok, the init script reads from /etc/sysconfig/iptables and /etc/sysconfig/iptables-config, so I guess the firewall configuration is in one of these two files. Can you post their contents here?


All times are GMT +2. The time now is 14:53.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.