Opening Ports in Fedora to allow Bittorent

[falko]

Do you see a firewall init script in /etc/init.d?

Maybe there's also a firewall configuration file in /etc/sysconfig.

[dishawjp]

Quote:

Ya the point is that i dont know how.... i would like to know what to do... you see that ive been doing stuff through the command i dont know how to SWITCH it of

If you're asking how to temporarily turn iptables off, the command (by root) is:

service iptables stop

To restart, the command is:

service iptables restart

To see the current status if your firewall (iptables) the command is:

service iptables status

The Fedora-specific method is to use the command:
system-config-securitylevel

which will do the same thing (and more) with a little GUI applet.

HTH,

Jim

[sbovisjb1]

Yes thanks for that.... i forgot about that oh well.... but what ive been doing is stuff like this
su -
then
/sbin/iptables -I INPUT -p tcp --destination-port 56912 -j ACCEPT
then
/sbin/iptables-save > /etc/sysconfig/iptables
then
/sbin/iptables -I INPUT -p udp --destination-port 56912 -j ACCEPT
then
/sbin/iptables-save > /etc/sysconfig/iptables
then
/sbin/iptables -L
To see if my preferences were saved...

But it didnt work...
I would like to know a way to open port 56912.... with out shutting down the whole firewall.... if this doesnt work ill try my luck with ipCop....

[dishawjp]

Not positive if this is the isue or not, but if you have to add the "/sbin" directory to access iptables, then you are not root. By default, the /sbin directory is in root's path but not in a normal user's path. To change iptables, you need to be root.

For example as a normal user:

Code:

 dishawjp@linux:~> iptables --list
bash: iptables: command not found

But as root:

Code:

dishawjp@linux:~> su -
Password:
linux:~ # iptables --list
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
input_ext  all  --  anywhere             anywhere
input_ext  all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-IN-ILL-TARGET '
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-FWD-ILL-ROUTING '

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state NEW,RELATED,ESTABLISHED
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-OUT-ERROR '

Chain forward_ext (0 references)
target     prot opt source               destination

Chain input_ext (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere            PKTTYPE = broadcast
ACCEPT     icmp --  anywhere             anywhere            icmp source-quench
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp timestamp-reply
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp address-mask-reply
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp protocol-unreachable
ACCEPT     icmp --  anywhere             anywhere            state RELATED,ESTABLISHED icmp redirect
reject_func  tcp  --  anywhere             anywhere            tcp dpt:ident state NEW
LOG        tcp  --  anywhere             anywhere            limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        icmp --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        udp  --  anywhere             anywhere            limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT '
LOG        all  --  anywhere             anywhere            limit: avg 3/min burst 5 state INVALID LOG level warning tcp-options ip-options prefix `SFW2-INext-DROP-DEFLT-INV '
DROP       all  --  anywhere             anywhere

Chain reject_func (1 references)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere            reject-with tcp-reset
REJECT     udp  --  anywhere             anywhere            reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with icmp-proto-unreachable
linux:~ #

So, if you *need* to add the /sbin to not get a "command not found" warning, you are probably not root. If you are not root, you cannot modify your iptables.

HTH,

Jim

[sbovisjb1]

thanks but i sort of know that... but thanks for the help anyways!!
:P

[falko]

Use

Code:

system-config-securitylevel

to configure the firewall, as dishawjp suggested.

[sbovisjb1]

THANK YOU sooooo much
I may not enjoy using iptables, so ill install ipCop or something... but is there a way to customise you're iptables, i mean because some commands i cant use ...
ie config.d EVEN when im in root... and that makes me angry...
I would like to know how to do this, because this way has been recommended to me before and if i could do that... thats one more thing that would help me to install linuxBIOS and Gentoo... it Spring Break

[falko]

What commands do you mean?

[sbovisjb1]

To go into the config files to edit delicate stuff..
the quote is earlier on

[falko]

To edit files on the command line, use vi (as root). Have a look here: http://www.howtoforge.com/faq/12_15_en.html