29th April 2008, 15:43
|
|
Junior Member
|
|
Join Date: Apr 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Opening TPC ports
I'm not sure if this is the right place for this post, but I'd be grateful if somebody could please help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used
iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
to open the ports but haven't been successful. I was told to make sure that your server TCP ports: 999, 1982, 1983 are fully open inbound and outbound and that destination IP address for those ports is 72.232.181.106.
I've been trying for ages to get these ports open, but haven't had any luck.
This is the first time I've ever used a dedicated server and I am very new to all of this so I in advance for lack of knowledge
Thanks
If it helps after I tried to open the ports I ran iptables -L and this is the result:
Quote:
[root@localhost ~]# iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables -A INPUT -i eth0 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.3.5 on Tue Apr 29 14:42:10 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [13:754]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -p tcp -m tcp --dport 1983 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1982 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 999 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 3306 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 5555 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8002 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9001 -m state --state NEW -j ACCEPT
-A INPUT -j DROP
-A INPUT -i eth0 -p tcp -m tcp --sport 999 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1982 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1983 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Tue Apr 29 14:42:10 2008
[root@localhost ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:lhtp
ACCEPT tcp -- anywhere anywhere tcp dpt:estamp
ACCEPT tcp -- anywhere anywhere tcp dpt:garcon
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:https state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:tftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:tftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ntp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:mysql state NEW
ACCEPT udp -- anywhere anywhere udp dpt:mysql state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:personal-agent state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:teradataordbms state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:etlservicemgr state NEW
DROP all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:garcon state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:estamp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:lhtp state ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:garcon state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:estamp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:lhtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:garcon state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:estamp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:lhtp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:garcon state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:estamp state NEW,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp spt:lhtp state NEW,ESTABLISHED
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state NEW,RELATED,ESTABLISHED
Chain RH-Firewall-1-INPUT (0 references)
target prot opt source destination
[root@localhost ~]#
|
|
30th April 2008, 16:03
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,602 Times in 2,451 Posts
|
|
What firewall software are you using (e.g. shorewall, Bastille, etc.)? I thin you can enable these ports somewhere in the configuration of your firewall software.
|
30th April 2008, 16:16
|
|
Junior Member
|
|
Join Date: Apr 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
I'm not sure what Firewall I'm using - how do I find out?
I used vi /etc/sysconfig/iptables to check which ports are open. The output I
got was:
Code:
# Generated by iptables-save v1.3.5 on Tue Apr 29 19:02:13 2008
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 999 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1982 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1983 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 69 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 110 -m state --state NEW -j ACCEPT
-A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW -j ACCEPT
"/etc/sysconfig/iptables" 32L, 1702C
|
1st May 2008, 20:29
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,602 Times in 2,451 Posts
|
|
Quote:
|
Originally Posted by thehappyappy
I'm not sure what Firewall I'm using - how do I find out?
|
What are the outputs of and ?
|
1st May 2008, 20:41
|
|
Junior Member
|
|
Join Date: Apr 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
Sorry I don't know and don't quite understand your question.
|
2nd May 2008, 15:21
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,602 Times in 2,451 Posts
|
|
Please run the command
and post the output of that command here. Do the same for the other command.
|
2nd May 2008, 16:24
|
|
Junior Member
|
|
Join Date: Apr 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
The output for is ps aux:
Code:
[root@localhost ~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 2040 668 ? Ss Apr29 0:00 init [3]
root 2 0.0 0.0 0 0 ? S Apr29 0:00 [migration/0]
root 3 0.0 0.0 0 0 ? SN Apr29 0:00 [ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S Apr29 0:00 [watchdog/0]
root 5 0.0 0.0 0 0 ? S Apr29 0:00 [migration/1]
root 6 0.0 0.0 0 0 ? SN Apr29 0:00 [ksoftirqd/1]
root 7 0.0 0.0 0 0 ? S Apr29 0:00 [watchdog/1]
root 8 0.0 0.0 0 0 ? S< Apr29 0:00 [events/0]
root 9 0.0 0.0 0 0 ? S< Apr29 0:00 [events/1]
root 10 0.0 0.0 0 0 ? S< Apr29 0:00 [khelper]
root 11 0.0 0.0 0 0 ? S< Apr29 0:00 [kthread]
root 15 0.0 0.0 0 0 ? S< Apr29 0:00 [kblockd/0]
root 16 0.0 0.0 0 0 ? S< Apr29 0:00 [kblockd/1]
root 17 0.0 0.0 0 0 ? S< Apr29 0:00 [kacpid]
root 119 0.0 0.0 0 0 ? S< Apr29 0:00 [cqueue/0]
root 120 0.0 0.0 0 0 ? S< Apr29 0:00 [cqueue/1]
root 123 0.0 0.0 0 0 ? S< Apr29 0:00 [khubd]
root 125 0.0 0.0 0 0 ? S< Apr29 0:00 [kseriod]
root 192 0.0 0.0 0 0 ? S Apr29 0:00 [pdflush]
root 193 0.0 0.0 0 0 ? S Apr29 0:00 [pdflush]
root 194 0.0 0.0 0 0 ? S< Apr29 0:00 [kswapd0]
root 195 0.0 0.0 0 0 ? S< Apr29 0:00 [aio/0]
root 196 0.0 0.0 0 0 ? S< Apr29 0:00 [aio/1]
root 354 0.0 0.0 0 0 ? S< Apr29 0:00 [kpsmoused]
root 387 0.0 0.0 0 0 ? S< Apr29 0:00 [ata/0]
root 388 0.0 0.0 0 0 ? S< Apr29 0:00 [ata/1]
root 389 0.0 0.0 0 0 ? S< Apr29 0:00 [ata_aux]
root 393 0.0 0.0 0 0 ? S< Apr29 0:00 [scsi_eh_0]
root 394 0.0 0.0 0 0 ? S< Apr29 0:00 [scsi_eh_1]
root 395 0.0 0.0 0 0 ? S< Apr29 0:01 [kjournald]
root 421 0.0 0.0 0 0 ? S< Apr29 0:00 [kauditd]
root 453 0.0 0.1 2224 656 ? S<s Apr29 0:00 /sbin/udevd -d
root 1180 0.2 0.5 9000 2724 ? Ss 15:21 0:00 sshd: root@pts/
root 1184 0.1 0.2 4748 1384 pts/0 Ss 15:21 0:00 -bash
root 1212 0.7 0.4 7780 2524 ? Ss 15:21 0:00 sshd: unknown [
sshd 1213 0.0 0.2 7492 1300 ? S 15:21 0:00 sshd: unknown [
root 1214 1.0 0.4 7780 2524 ? Ss 15:21 0:00 sshd: unknown [
sshd 1215 0.0 0.2 7492 1300 ? S 15:21 0:00 sshd: unknown [
root 1216 0.0 0.1 4432 884 pts/0 R+ 15:21 0:00 ps aux
root 1352 0.0 0.0 0 0 ? S< Apr29 0:00 [hda_codec]
root 1486 0.0 0.0 0 0 ? S< Apr29 0:00 [kmpathd/0]
root 1487 0.0 0.0 0 0 ? S< Apr29 0:00 [kmpathd/1]
root 1519 0.0 0.0 0 0 ? S< Apr29 0:06 [kjournald]
root 1521 0.0 0.0 0 0 ? S< Apr29 0:00 [kjournald]
root 1523 0.0 0.0 0 0 ? S< Apr29 0:00 [kjournald]
root 1805 0.0 0.0 0 0 ? S< Apr29 0:00 [kondemand/0]
root 1806 0.0 0.0 0 0 ? S< Apr29 0:00 [kondemand/1]
root 2169 0.0 0.1 13084 668 ? S<sl Apr29 0:00 auditd
root 2171 0.0 0.7 10096 3932 ? S<s Apr29 0:00 python /sbin/au
root 2197 0.0 0.1 1704 588 ? Ss Apr29 0:01 syslogd -m 0
root 2201 0.0 0.0 1652 396 ? Ss Apr29 0:00 klogd -x
named 2249 0.0 0.6 48244 3148 ? Ssl Apr29 0:00 /usr/sbin/named
rpc 2275 0.0 0.1 1788 548 ? Ss Apr29 0:00 portmap
root 2298 0.0 0.1 1804 728 ? Ss Apr29 0:00 rpc.statd
root 2305 0.0 0.0 1644 316 ? S Apr29 0:00 /usr/sbin/couri
root 2306 0.0 0.1 2140 696 ? S Apr29 0:00 /usr/libexec/co
root 2337 0.0 0.1 2192 784 ? S Apr29 0:00 /usr/libexec/co
root 2338 0.0 0.1 2192 784 ? S Apr29 0:00 /usr/libexec/co
root 2339 0.0 0.1 2192 784 ? S Apr29 0:00 /usr/libexec/co
root 2340 0.0 0.1 2192 784 ? S Apr29 0:00 /usr/libexec/co
root 2341 0.0 0.1 2192 784 ? S Apr29 0:00 /usr/libexec/co
root 2351 0.0 0.1 5400 588 ? Ss Apr29 0:00 rpc.idmapd
dbus 2374 0.0 0.1 2724 748 ? Ss Apr29 0:00 dbus-daemon --s
root 2387 0.0 0.1 2128 760 ? Ss Apr29 0:00 /usr/sbin/hcid
root 2393 0.0 0.0 1720 500 ? Ss Apr29 0:00 /usr/sbin/sdpd
root 2416 0.0 0.0 0 0 ? S< Apr29 0:00 [krfcommd]
root 2461 0.0 0.2 12700 1280 ? Ssl Apr29 0:00 pcscd
root 2483 0.0 0.0 1892 436 ? Ss Apr29 0:00 /usr/bin/hidd -
root 2501 0.0 0.2 9356 1128 ? Ssl Apr29 0:00 automount
root 2522 0.0 0.1 1652 536 ? Ss Apr29 0:00 /usr/sbin/acpid
root 2538 0.0 0.2 6152 1040 ? Ss Apr29 0:01 /usr/sbin/sshd
root 2551 0.0 0.3 9912 1964 ? Ss Apr29 0:00 cupsd
root 2578 0.0 1.9 88932 10040 ? Sl Apr29 0:10 python MatrixSA
root 2641 0.0 0.3 6704 1748 ? Ss Apr29 0:00 /usr/libexec/po
root 2654 0.0 0.0 1884 368 ? Ss Apr29 0:00 gpm -m /dev/inp
postfix 2657 0.0 0.3 6824 1864 ? S Apr29 0:00 qmgr -l -t fifo
root 2670 0.0 2.1 28176 10864 ? Ss Apr29 0:00 /usr/sbin/httpd
root 2683 0.0 0.3 6256 1692 ? Ss Apr29 0:00 /usr/sbin/httpd
apache 2684 0.0 0.3 6256 1572 ? S Apr29 0:00 /usr/sbin/httpd
apache 2685 0.0 0.3 6384 1592 ? S Apr29 0:00 /usr/sbin/httpd
root 2701 0.0 0.0 4436 476 ? Ss Apr29 0:00 pure-ftpd (SERV
root 2714 0.0 0.2 5468 1108 ? Ss Apr29 0:00 crond
xfs 2737 0.0 0.2 3140 1036 ? Ss Apr29 0:00 xfs -droppriv -
apache 2760 0.0 2.7 32348 14000 ? S Apr29 2:18 /usr/sbin/httpd
apache 2761 0.0 2.6 32528 13656 ? R Apr29 2:19 /usr/sbin/httpd
apache 2762 0.0 2.7 32556 14012 ? S Apr29 2:16 /usr/sbin/httpd
apache 2764 0.0 2.6 32392 13456 ? S Apr29 2:15 /usr/sbin/httpd
apache 2765 0.0 2.7 32704 14084 ? S Apr29 2:15 /usr/sbin/httpd
apache 2767 0.0 2.8 32952 14400 ? S Apr29 2:20 /usr/sbin/httpd
apache 2768 0.0 2.6 32544 13596 ? S Apr29 2:16 /usr/sbin/httpd
root 2769 0.0 0.0 2216 416 ? Ss Apr29 0:00 /usr/sbin/atd
apache 2770 0.0 2.8 32648 14296 ? S Apr29 2:17 /usr/sbin/httpd
avahi 2784 0.0 0.2 2552 1380 ? Ss Apr29 0:00 avahi-daemon: r
avahi 2785 0.0 0.0 2552 428 ? Ss Apr29 0:00 avahi-daemon: c
68 2798 0.0 0.7 5420 3660 ? Ss Apr29 0:00 hald
root 2799 0.0 0.1 3116 976 ? S Apr29 0:00 hald-runner
68 2806 0.0 0.1 1972 784 ? S Apr29 0:00 hald-addon-acpi
root 2807 0.0 0.1 3172 940 ? S Apr29 0:00 /usr/libexec/ha
68 2812 0.0 0.1 1972 776 ? S Apr29 0:00 hald-addon-keyb
68 2818 0.0 0.1 1976 780 ? S Apr29 0:00 hald-addon-keyb
ntp 2874 0.0 0.8 4316 4316 ? SLs Apr29 0:00 ntpd -u ntp:ntp
root 2944 0.0 0.0 1640 436 tty1 Ss+ Apr29 0:00 /sbin/mingetty
root 2945 0.0 0.0 1636 432 tty2 Ss+ Apr29 0:00 /sbin/mingetty
root 2946 0.0 0.0 1636 456 tty3 Ss+ Apr29 0:00 /sbin/mingetty
root 2947 0.0 0.0 1636 432 tty4 Ss+ Apr29 0:00 /sbin/mingetty
root 2949 0.0 0.0 1640 436 tty5 Ss+ Apr29 0:00 /sbin/mingetty
root 2952 0.0 0.0 1636 432 tty6 Ss+ Apr29 0:00 /sbin/mingetty
apache 3132 0.0 0.2 6256 1432 ? S Apr29 0:00 /usr/sbin/httpd
apache 3137 0.0 0.2 6256 1436 ? S Apr29 0:00 /usr/sbin/httpd
apache 3138 0.0 0.2 6256 1432 ? S Apr29 0:00 /usr/sbin/httpd
apache 3897 0.0 2.6 32568 13624 ? S Apr29 2:12 /usr/sbin/httpd
apache 3898 0.0 2.6 32516 13528 ? S Apr29 2:14 /usr/sbin/httpd
apache 4523 0.0 2.7 32672 14036 ? S Apr29 2:09 /usr/sbin/httpd
apache 4528 0.0 2.7 32192 13836 ? S Apr29 2:07 /usr/sbin/httpd
apache 4536 0.0 2.6 32200 13496 ? S Apr29 2:05 /usr/sbin/httpd
apache 4553 0.0 2.7 32840 13808 ? S Apr29 2:05 /usr/sbin/httpd
apache 4596 0.0 2.8 32980 14396 ? S Apr29 2:11 /usr/sbin/httpd
postfix 30035 0.0 0.3 6772 1724 ? S 14:14 0:00 pickup -l -t fi
[root@localhost ~]#
and ls -l /etc/init.d/ is:
Code:
[root@localhost ~]# ls -l /etc/init.d/
total 668
-rwxr-xr-x 1 root root 1128 Jan 6 2007 acpid
-rwxr-xr-x 1 root root 1441 Mar 28 2007 anacron
-rwxr-xr-x 1 root root 1429 Mar 14 2007 apmd
-rwxr-xr-x 1 root root 1176 Jan 6 2007 atd
-rwxr-xr-x 1 root root 2796 Nov 10 17:15 auditd
-rwxr-xr-x 1 root root 2461 Feb 9 10:17 autofs
-rwxr-xr-x 1 root root 1848 Mar 14 2007 avahi-daemon
-rwxr-xr-x 1 root root 1789 Mar 14 2007 avahi-dnsconfd
-rwxr-xr-x 1 root root 1477 Mar 28 2007 bluetooth
-rwxr-xr-x 1 root root 1470 Nov 11 17:04 conman
-rwxr-xr-x 1 bin bin 4796 Jun 28 2007 courier
-r-xr-xr-x 1 root root 893 Jun 7 2007 courier-authlib
-rwxr-xr-x 1 root root 7328 Nov 10 14:42 cpuspeed
-rwxr-xr-x 1 root root 1904 Nov 10 15:17 crond
-rwxr-xr-x 1 root root 1942 Apr 2 10:20 cups
-rwxr-xr-x 1 root root 1505 Jan 6 2007 dc_client
-rwxr-xr-x 1 root root 1347 Jan 6 2007 dc_server
-rwxr-xr-x 1 root root 2785 Mar 14 2007 dhcdbd
-rwxr-xr-x 1 root root 5338 Apr 18 12:59 dkms_autoinstaller
-rwxr-xr-x 1 root root 996 Mar 28 2007 dund
-rwxr-xr-x 1 root root 1965 Nov 10 16:52 firstboot
-rwxr-xr-x 1 root root 13913 Oct 26 2006 functions
-rwxr-xr-x 1 root root 1778 Jan 6 2007 gpm
-rwxr-xr-x 1 root root 1486 Nov 29 23:30 haldaemon
-rwxr-xr-x 1 root root 5766 Jun 22 2007 halt
-rwxr-xr-x 1 root root 966 Mar 28 2007 hidd
-rwxr-xr-x 1 root root 3200 Jan 16 14:31 httpd
-rwxr-xr-x 1 root root 1927 Jun 6 2007 httpd-matrixsa
-rwxr-xr-x 1 root root 1861 Mar 14 2007 ibmasm
-rwxr-xr-x 1 root root 7543 Jan 6 2007 ip6tables
-rwxr-xr-x 1 root root 7460 Jan 6 2007 iptables
-rwxr-xr-x 1 root root 1624 Jan 7 2007 irda
-rwxr-xr-x 1 root root 2120 Nov 10 13:41 irqbalance
-rwxr-xr-x 1 root root 652 Sep 4 2003 killall
-rwxr-xr-x 1 root root 1389 Feb 25 2005 krb524
-rwxr-xr-x 1 root root 1406 Nov 10 16:16 kudzu
-rwxr-xr-x 1 root root 2111 Nov 10 18:50 lvm2-monitor
-rwxr-xr-x 1 root root 2450 Jan 15 13:54 matrixsa
-rwxr-xr-x 1 root root 1871 Dec 19 00:03 mcstrans
-rwxr-xr-x 1 root root 1408 Mar 14 2007 mdmonitor
-rwxr-xr-x 1 root root 1613 Mar 14 2007 mdmpd
-rwxr-xr-x 1 root root 1819 Mar 3 13:44 messagebus
-rwxr-xr-x 1 root root 1926 Nov 10 15:51 microcode_ctl
-rwxr-xr-x 1 root root 1193 Mar 11 18:33 multipathd
-rwxr-xr-x 1 root root 4582 Dec 19 01:07 mysqld
-rwxr-xr-- 1 root root 8643 Nov 10 15:22 named
-rwxr-xr-x 1 root root 2985 Aug 7 2007 netconsole
-rwxr-xr-x 1 root root 5675 Aug 1 2006 netfs
-rwxr-xr-x 1 root root 1289 Jan 7 2007 netplugd
-rwxr-xr-x 1 root root 7992 Jun 22 2007 network
-rwxr-xr-x 1 root root 1598 Mar 14 2007 NetworkManager
-rwxr-xr-x 1 root root 1480 Mar 14 2007 NetworkManagerDispatcher
-rwxr-xr-x 1 root root 4589 Nov 12 06:37 nfs
-rwxr-xr-x 1 root root 3266 Nov 12 06:37 nfslock
-rwxr-xr-x 1 root root 2517 Nov 30 02:22 nscd
-rwxr-xr-x 1 root root 3361 Nov 10 12:34 ntpd
-rwxr-xr-x 1 root root 1790 Jan 6 2007 oddjobd
-rwxr-xr-x 1 root root 1203 Mar 28 2007 pand
-rwxr-xr-x 1 root root 1525 Jan 6 2007 pcscd
-rwxr-xr-x 1 root root 1877 Jan 6 2007 portmap
-rwxr-xr-x 1 root root 2404 Jan 21 2007 postfix
-rwxr-xr-x 1 root root 1021 Jan 6 2007 psacct
-rwxr-xr-x 1 root root 1323 Dec 18 2001 pure-ftpd
-rwxr-xr-x 1 root root 1387 Mar 14 2007 rdisc
-rwxr-xr-x 1 root root 931 Mar 14 2007 readahead_early
-rwxr-xr-x 1 root root 930 Mar 14 2007 readahead_later
-rwxr-xr-x 1 root root 1793 Nov 10 14:46 restorecond
-rwxr-xr-x 1 root root 2415 Nov 12 06:37 rpcgssd
-rwxr-xr-x 1 root root 2040 Nov 12 06:37 rpcidmapd
-rwxr-xr-x 1 root root 2420 Nov 12 06:37 rpcsvcgssd
-rwxr-xr-x 1 root root 1547 Jan 7 2007 saslauthd
-rwxr-xr-x 1 root root 647 Jul 20 2006 single
-rwxr-xr-x 1 root root 2525 Mar 15 2007 smartd
-rwxr-xr-x 1 root root 3283 Apr 18 01:56 squid
-rwxr-xr-x 1 root root 3340 Nov 10 13:58 sshd
-rwxr-xr-x 1 root root 2012 Nov 10 12:49 syslog
-rwxr-xr-x 1 root root 2796 Jan 7 2007 tux
-rwxr-xr-x 1 root root 1650 Jan 7 2007 wpa_supplicant
-rwxr-xr-x 1 root root 3902 Jul 12 2007 xfs
-rwxr-xr-x 1 root root 3465 Nov 10 14:30 ypbind
-rwxr-xr-x 1 root root 1098 Nov 10 17:14 yum-updatesd
[root@localhost ~]#
|
3rd May 2008, 20:51
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,602 Times in 2,451 Posts
|
|
What's in /etc/init.d/iptables?
|
6th May 2008, 11:14
|
|
Junior Member
|
|
Join Date: Apr 2008
Posts: 7
Thanks: 0
Thanked 0 Times in 0 Posts
|
|
That's
Code:
#!/bin/sh
#
# iptables Start iptables firewall
#
# chkconfig: 2345 08 92
# description: Starts, stops and saves iptables firewall
#
# config: /etc/sysconfig/iptables
# config: /etc/sysconfig/iptables-config
# Source function library.
. /etc/init.d/functions
IPTABLES=iptables
IPTABLES_DATA=/etc/sysconfig/$IPTABLES
IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
if [ ! -x /sbin/$IPTABLES ]; then
echo -n $"/sbin/$IPTABLES does not exist."; warning; echo
exit 0
fi
if lsmod 2>/dev/null | grep -q ipchains ; then
echo -n $"ipchains and $IPTABLES can not be used together."; warning; echo
exit 0
fi
# Old or new modutils
/sbin/modprobe --version 2>&1 | grep -q module-init-tools \
&& NEW_MODUTILS=1 \
|| NEW_MODUTILS=0
# Default firewall configuration:
IPTABLES_MODULES=""
IPTABLES_MODULES_UNLOAD="yes"
IPTABLES_SAVE_ON_STOP="no"
IPTABLES_SAVE_ON_RESTART="no"
IPTABLES_SAVE_COUNTER="no"
IPTABLES_STATUS_NUMERIC="yes"
# Load firewall configuration.
[ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
rmmod_r() {
# Unload module with all referring modules.
# At first all referring modules will be unloaded, then the module itself.
local mod=$1
local ret=0
local ref=
# Get referring modules.
# New modutils have another output format.
[ $NEW_MODUTILS = 1 ] \
&& ref=`lsmod | awk "/^${mod}/ { print \\\$4; }" | tr ',' ' '` \
|| ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`
# recursive call for all referring modules
for i in $ref; do
rmmod_r $i
let ret+=$?;
done
# Unload module.
# The extra test is for 2.6: The module might have autocleaned,
# after all referring modules are unloaded.
if grep -q "^${mod}" /proc/modules ; then
modprobe -r $mod > /dev/null 2>&1
let ret+=$?;
fi
return $ret
}
flush_n_delete() {
# Flush firewall rules and delete chains.
[ -e "$PROC_IPTABLES_NAMES" ] || return 1
# Check if firewall is configured (has tables)
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
[ -z "$tables" ] && return 1
echo -n $"Flushing firewall rules: "
ret=0
# For all tables
for i in $tables; do
# Flush firewall rules.
$IPTABLES -t $i -F;
let ret+=$?;
# Delete firewall chains.
$IPTABLES -t $i -X;
let ret+=$?;
# Set counter to zero.
$IPTABLES -t $i -Z;
let ret+=$?;
done
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
set_policy() {
# Set policy for configured tables.
policy=$1
# Check if iptable module is loaded
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
# Check if firewall is configured (has tables)
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
[ -z "$tables" ] && return 1
echo -n $"Setting chains to policy $policy: "
ret=0
for i in $tables; do
echo -n "$i "
case "$i" in
raw)
$IPTABLES -t raw -P PREROUTING $policy \
&& $IPTABLES -t raw -P OUTPUT $policy \
|| let ret+=1
;;
filter)
$IPTABLES -t filter -P INPUT $policy \
&& $IPTABLES -t filter -P OUTPUT $policy \
&& $IPTABLES -t filter -P FORWARD $policy \
|| let ret+=1
;;
nat)
$IPTABLES -t nat -P PREROUTING $policy \
&& $IPTABLES -t nat -P POSTROUTING $policy \
&& $IPTABLES -t nat -P OUTPUT $policy \
|| let ret+=1
;;
mangle)
$IPTABLES -t mangle -P PREROUTING $policy \
&& $IPTABLES -t mangle -P POSTROUTING $policy \
&& $IPTABLES -t mangle -P INPUT $policy \
&& $IPTABLES -t mangle -P OUTPUT $policy \
&& $IPTABLES -t mangle -P FORWARD $policy \
|| let ret+=1
;;
*)
let ret+=1
;;
esac
done
[ $ret -eq 0 ] && success || failure
echo
return $ret
}
start() {
# Do not start if there is no config file.
[ -f "$IPTABLES_DATA" ] || return 1
echo -n $"Applying $IPTABLES firewall rules: "
OPT=
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
$IPTABLES-restore $OPT $IPTABLES_DATA
if [ $? -eq 0 ]; then
success; echo
else
failure; echo; return 1
fi
# Load additional modules (helpers)
if [ -n "$IPTABLES_MODULES" ]; then
echo -n $"Loading additional $IPTABLES modules: "
ret=0
for mod in $IPTABLES_MODULES; do
echo -n "$mod "
modprobe $mod > /dev/null 2>&1
let ret+=$?;
done
[ $ret -eq 0 ] && success || failure
echo
fi
touch $VAR_SUBSYS_IPTABLES
return $ret
}
stop() {
# Do not stop if iptables module is not loaded.
[ -e "$PROC_IPTABLES_NAMES" ] || return 1
flush_n_delete
set_policy ACCEPT
if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
echo -n $"Unloading $IPTABLES modules: "
ret=0
rmmod_r ${IPV}_tables
let ret+=$?;
rmmod_r ${IPV}_conntrack
let ret+=$?;
[ $ret -eq 0 ] && success || failure
echo
fi
rm -f $VAR_SUBSYS_IPTABLES
return $ret
}
save() {
# Check if iptable module is loaded
[ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
# Check if firewall is configured (has tables)
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
[ -z "$tables" ] && return 1
echo -n $"Saving firewall rules to $IPTABLES_DATA: "
OPT=
[ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
ret=0
TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \
&& chmod 600 "$TMP_FILE" \
&& $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
&& size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \
|| ret=1
if [ $ret -eq 0 ]; then
if [ -e $IPTABLES_DATA ]; then
cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
&& chmod 600 $IPTABLES_DATA.save \
|| ret=1
fi
if [ $ret -eq 0 ]; then
cp -f $TMP_FILE $IPTABLES_DATA \
&& chmod 600 $IPTABLES_DATA \
|| ret=1
fi
fi
[ $ret -eq 0 ] && success || failure
echo
rm -f $TMP_FILE
return $ret
}
status() {
tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
# Do not print status if lockfile is missing and iptables modules are not
# loaded.
# Check if iptable module is loaded
if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$tables" ]; then
echo $"Firewall is stopped."
return 1
fi
# Check if firewall is configured (has tables)
if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
echo $"Firewall is not configured. "
return 1
fi
if [ -z "$tables" ]; then
echo $"Firewall is not configured. "
return 1
fi
NUM=
[ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
VERBOSE=
[ "x$IPTABLES_STATUS_VERBOSE" = "xyes" ] && VERBOSE="--verbose"
COUNT=
[ "x$IPTABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers"
for table in $tables; do
echo $"Table: $table"
$IPTABLES -t $table --list $NUM $VERBOSE $COUNT && echo
done
return 0
}
restart() {
[ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save
stop
start
}
case "$1" in
start)
stop
start
RETVAL=$?
;;
stop)
[ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
stop
RETVAL=$?
;;
restart)
restart
RETVAL=$?
;;
condrestart)
[ -e "$VAR_SUBSYS_IPTABLES" ] && restart
;;
status)
status
RETVAL=$?
;;
panic)
flush_n_delete
set_policy DROP
RETVAL=$?
;;
save)
save
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
exit 1
;;
esac
exit $RETVAL
Thanks
|
7th May 2008, 16:58
|
|
Super Moderator
|
|
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,602 Times in 2,451 Posts
|
|
Ok, the init script reads from /etc/sysconfig/iptables and /etc/sysconfig/iptables-config, so I guess the firewall configuration is in one of these two files. Can you post their contents here?
|
| Thread Tools |
|
|
| Display Modes |
 Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +2. The time now is 14:40.
|
|
English | 
Deutsch
Recent comments
8 hours 30 min ago
13 hours 23 min ago
22 hours 15 min ago
23 hours 15 min ago
1 day 3 hours ago
1 day 4 hours ago
1 day 7 hours ago
1 day 15 hours ago
2 days 37 sec ago
2 days 1 hour ago