Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 23rd March 2006, 08:47
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

Do you see a firewall init script in /etc/init.d?

Maybe there's also a firewall configuration file in /etc/sysconfig.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Sponsored Links
  #12  
Old 23rd March 2006, 14:24
dishawjp dishawjp is offline
Junior Member
 
Join Date: Feb 2006
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Ya the point is that i dont know how.... i would like to know what to do... you see that ive been doing stuff through the command i dont know how to SWITCH it of
If you're asking how to temporarily turn iptables off, the command (by root) is:

service iptables stop

To restart, the command is:

service iptables restart

To see the current status if your firewall (iptables) the command is:

service iptables status

The Fedora-specific method is to use the command:
system-config-securitylevel

which will do the same thing (and more) with a little GUI applet.

HTH,

Jim
__________________
Registered Linux User 294493

Last edited by dishawjp; 23rd March 2006 at 14:28.
Reply With Quote
  #13  
Old 23rd March 2006, 14:31
sbovisjb1 sbovisjb1 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 176
Thanks: 0
Thanked 1 Time in 1 Post
Question Hmmm.... its good for now

Yes thanks for that.... i forgot about that oh well.... but what ive been doing is stuff like this
su -
then
/sbin/iptables -I INPUT -p tcp --destination-port 56912 -j ACCEPT
then
/sbin/iptables-save > /etc/sysconfig/iptables
then
/sbin/iptables -I INPUT -p udp --destination-port 56912 -j ACCEPT
then
/sbin/iptables-save > /etc/sysconfig/iptables
then
/sbin/iptables -L
To see if my preferences were saved...

But it didnt work...
I would like to know a way to open port 56912.... with out shutting down the whole firewall.... if this doesnt work ill try my luck with ipCop....
Reply With Quote
  #14  
Old 23rd March 2006, 15:08
dishawjp dishawjp is offline
Junior Member
 
Join Date: Feb 2006
Posts: 16
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Not positive if this is the isue or not, but if you have to add the "/sbin" directory to access iptables, then you are not root. By default, the /sbin directory is in root's path but not in a normal user's path. To change iptables, you need to be root.

For example as a normal user:
Code:
 dishawjp@linux:~> iptables --list
bash: iptables: command not found
But as root:
Code:
dishawjp@linux:~> su -
Password:
linux:~ # iptables --list
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
input_ext  all  --  anywhere             anywhere
input_ext  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_ext (0 references)
target     prot opt source               destination

Chain input_ext (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = broadcast
ACCEPT     icmp --  anywhere             anywhere            icmp source-quench
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp redirect
reject_func  tcp  --  anywhere             anywhere            tcp dpt:ident state NEW
LOG        tcp  --  anywhere             anywhere            limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        icmp --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        udp  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP       all  --  anywhere             anywhere

Chain reject_func (1 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-proto-unreachable
linux:~ #
So, if you *need* to add the /sbin to not get a "command not found" warning, you are probably not root. If you are not root, you cannot modify your iptables.

HTH,

Jim
__________________
Registered Linux User 294493
Reply With Quote
  #15  
Old 23rd March 2006, 17:13
sbovisjb1 sbovisjb1 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 176
Thanks: 0
Thanked 1 Time in 1 Post
Cool um i know that

thanks but i sort of know that... but thanks for the help anyways!!
:P
Reply With Quote
  #16  
Old 23rd March 2006, 17:25
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

Use
Code:
system-config-securitylevel
to configure the firewall, as dishawjp suggested.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #17  
Old 23rd March 2006, 21:32
sbovisjb1 sbovisjb1 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 176
Thanks: 0
Thanked 1 Time in 1 Post
Wink /sbin

THANK YOU sooooo much
I may not enjoy using iptables, so ill install ipCop or something... but is there a way to customise you're iptables, i mean because some commands i cant use ...
ie config.d EVEN when im in root... and that makes me angry...
I would like to know how to do this, because this way has been recommended to me before and if i could do that... thats one more thing that would help me to install linuxBIOS and Gentoo... it Spring Break
Reply With Quote
  #18  
Old 23rd March 2006, 22:11
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
Default

What commands do you mean?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #19  
Old 24th March 2006, 00:04
sbovisjb1 sbovisjb1 is offline
Senior Member
 
Join Date: Feb 2006
Posts: 176
Thanks: 0
Thanked 1 Time in 1 Post
Smile I mean this....

To go into the config files to edit delicate stuff..
the quote is earlier on
Reply With Quote
  #20  
Old 24th March 2006, 08:38
falko falko is online now
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,726 Times in 2,565 Posts
 
Default

To edit files on the command line, use vi (as root). Have a look here: http://www.howtoforge.com/faq/12_15_en.html
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Fedora core 3 humph Installation/Configuration 1 3rd March 2006 09:36
ports closed t_ras Installation/Configuration 3 22nd February 2006 23:30
Perfect Setup - Fedora Core 3 - saslauthd problem Median Installation/Configuration 28 29th January 2006 18:51
open ports rayit General 6 18th January 2006 14:23
Problem opening firewall port weedguy General 15 12th August 2005 01:05


All times are GMT +2. The time now is 08:56.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.