Opening TPC ports

Discussion in 'Installation/Configuration' started by thehappyappy, Apr 29, 2008.

  1. thehappyappy

    thehappyappy New Member

    I'm not sure if this is the right place for this post, but I'd be grateful if somebody could please help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used
    iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
    iptables -A INPUT -i eth0 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
    to open the ports but haven't been successful. I was told to make sure that your server TCP ports: 999, 1982, 1983 are fully open inbound and outbound and that destination IP address for those ports is 72.232.181.106.
    I've been trying for ages to get these ports open, but haven't had any luck.
    This is the first time I've ever used a dedicated server and I am very new to all of this so I in advance for lack of knowledge

    Thanks

    If it helps after I tried to open the ports I ran iptables -L and this is the result:
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What firewall software are you using (e.g. shorewall, Bastille, etc.)? I thin you can enable these ports somewhere in the configuration of your firewall software.
     
  3. thehappyappy

    thehappyappy New Member

    I'm not sure what Firewall I'm using - how do I find out?
    I used vi /etc/sysconfig/iptables to check which ports are open. The output I
    got was:
    Code:
    # Generated by iptables-save v1.3.5 on Tue Apr 29 19:02:13 2008
    *filter
    :INPUT DROP [0:0]
    :FORWARD DROP [0:0]
    :OUTPUT ACCEPT [0:0]
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 999 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 1982 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 1983 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 443 -m state --state NEW -j ACCEPT
    -A INPUT -p udp -m udp --dport 53 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 53 -m state --state NEW -j ACCEPT
    -A INPUT -p udp -m udp --dport 69 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 69 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 110 -m state --state NEW -j ACCEPT
    -A INPUT -p udp -m udp --dport 123 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 20 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 21 -m state --state NEW -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 3306 -m state --state NEW -j ACCEPT
    "/etc/sysconfig/iptables" 32L, 1702C
    
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What are the outputs of
    Code:
    ps aux 
    and
    Code:
    ls -l /etc/init.d/
    ?
     
  5. thehappyappy

    thehappyappy New Member

    Sorry I don't know and don't quite understand your question.
     
  6. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Please run the command
    Code:
    ps aux 
    and post the output of that command here. Do the same for the other command.
     
  7. thehappyappy

    thehappyappy New Member

    The output for is ps aux:
    Code:
    [root@localhost ~]# ps aux
    USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
    root         1  0.0  0.1   2040   668 ?        Ss   Apr29   0:00 init [3]      
    root         2  0.0  0.0      0     0 ?        S    Apr29   0:00 [migration/0]
    root         3  0.0  0.0      0     0 ?        SN   Apr29   0:00 [ksoftirqd/0]
    root         4  0.0  0.0      0     0 ?        S    Apr29   0:00 [watchdog/0]
    root         5  0.0  0.0      0     0 ?        S    Apr29   0:00 [migration/1]
    root         6  0.0  0.0      0     0 ?        SN   Apr29   0:00 [ksoftirqd/1]
    root         7  0.0  0.0      0     0 ?        S    Apr29   0:00 [watchdog/1]
    root         8  0.0  0.0      0     0 ?        S<   Apr29   0:00 [events/0]
    root         9  0.0  0.0      0     0 ?        S<   Apr29   0:00 [events/1]
    root        10  0.0  0.0      0     0 ?        S<   Apr29   0:00 [khelper]
    root        11  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kthread]
    root        15  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kblockd/0]
    root        16  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kblockd/1]
    root        17  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kacpid]
    root       119  0.0  0.0      0     0 ?        S<   Apr29   0:00 [cqueue/0]
    root       120  0.0  0.0      0     0 ?        S<   Apr29   0:00 [cqueue/1]
    root       123  0.0  0.0      0     0 ?        S<   Apr29   0:00 [khubd]
    root       125  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kseriod]
    root       192  0.0  0.0      0     0 ?        S    Apr29   0:00 [pdflush]
    root       193  0.0  0.0      0     0 ?        S    Apr29   0:00 [pdflush]
    root       194  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kswapd0]
    root       195  0.0  0.0      0     0 ?        S<   Apr29   0:00 [aio/0]
    root       196  0.0  0.0      0     0 ?        S<   Apr29   0:00 [aio/1]
    root       354  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kpsmoused]
    root       387  0.0  0.0      0     0 ?        S<   Apr29   0:00 [ata/0]
    root       388  0.0  0.0      0     0 ?        S<   Apr29   0:00 [ata/1]
    root       389  0.0  0.0      0     0 ?        S<   Apr29   0:00 [ata_aux]
    root       393  0.0  0.0      0     0 ?        S<   Apr29   0:00 [scsi_eh_0]
    root       394  0.0  0.0      0     0 ?        S<   Apr29   0:00 [scsi_eh_1]
    root       395  0.0  0.0      0     0 ?        S<   Apr29   0:01 [kjournald]
    root       421  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kauditd]
    root       453  0.0  0.1   2224   656 ?        S<s  Apr29   0:00 /sbin/udevd -d
    root      1180  0.2  0.5   9000  2724 ?        Ss   15:21   0:00 sshd: root@pts/
    root      1184  0.1  0.2   4748  1384 pts/0    Ss   15:21   0:00 -bash
    root      1212  0.7  0.4   7780  2524 ?        Ss   15:21   0:00 sshd: unknown [
    sshd      1213  0.0  0.2   7492  1300 ?        S    15:21   0:00 sshd: unknown [
    root      1214  1.0  0.4   7780  2524 ?        Ss   15:21   0:00 sshd: unknown [
    sshd      1215  0.0  0.2   7492  1300 ?        S    15:21   0:00 sshd: unknown [
    root      1216  0.0  0.1   4432   884 pts/0    R+   15:21   0:00 ps aux
    root      1352  0.0  0.0      0     0 ?        S<   Apr29   0:00 [hda_codec]
    root      1486  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kmpathd/0]
    root      1487  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kmpathd/1]
    root      1519  0.0  0.0      0     0 ?        S<   Apr29   0:06 [kjournald]
    root      1521  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kjournald]
    root      1523  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kjournald]
    root      1805  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kondemand/0]
    root      1806  0.0  0.0      0     0 ?        S<   Apr29   0:00 [kondemand/1]
    root      2169  0.0  0.1  13084   668 ?        S<sl Apr29   0:00 auditd
    root      2171  0.0  0.7  10096  3932 ?        S<s  Apr29   0:00 python /sbin/au
    root      2197  0.0  0.1   1704   588 ?        Ss   Apr29   0:01 syslogd -m 0
    root      2201  0.0  0.0   1652   396 ?        Ss   Apr29   0:00 klogd -x
    named     2249  0.0  0.6  48244  3148 ?        Ssl  Apr29   0:00 /usr/sbin/named
    rpc       2275  0.0  0.1   1788   548 ?        Ss   Apr29   0:00 portmap
    root      2298  0.0  0.1   1804   728 ?        Ss   Apr29   0:00 rpc.statd
    root      2305  0.0  0.0   1644   316 ?        S    Apr29   0:00 /usr/sbin/couri
    root      2306  0.0  0.1   2140   696 ?        S    Apr29   0:00 /usr/libexec/co
    root      2337  0.0  0.1   2192   784 ?        S    Apr29   0:00 /usr/libexec/co
    root      2338  0.0  0.1   2192   784 ?        S    Apr29   0:00 /usr/libexec/co
    root      2339  0.0  0.1   2192   784 ?        S    Apr29   0:00 /usr/libexec/co
    root      2340  0.0  0.1   2192   784 ?        S    Apr29   0:00 /usr/libexec/co
    root      2341  0.0  0.1   2192   784 ?        S    Apr29   0:00 /usr/libexec/co
    root      2351  0.0  0.1   5400   588 ?        Ss   Apr29   0:00 rpc.idmapd
    dbus      2374  0.0  0.1   2724   748 ?        Ss   Apr29   0:00 dbus-daemon --s
    root      2387  0.0  0.1   2128   760 ?        Ss   Apr29   0:00 /usr/sbin/hcid
    root      2393  0.0  0.0   1720   500 ?        Ss   Apr29   0:00 /usr/sbin/sdpd
    root      2416  0.0  0.0      0     0 ?        S<   Apr29   0:00 [krfcommd]
    root      2461  0.0  0.2  12700  1280 ?        Ssl  Apr29   0:00 pcscd
    root      2483  0.0  0.0   1892   436 ?        Ss   Apr29   0:00 /usr/bin/hidd -
    root      2501  0.0  0.2   9356  1128 ?        Ssl  Apr29   0:00 automount
    root      2522  0.0  0.1   1652   536 ?        Ss   Apr29   0:00 /usr/sbin/acpid
    root      2538  0.0  0.2   6152  1040 ?        Ss   Apr29   0:01 /usr/sbin/sshd
    root      2551  0.0  0.3   9912  1964 ?        Ss   Apr29   0:00 cupsd
    root      2578  0.0  1.9  88932 10040 ?        Sl   Apr29   0:10 python MatrixSA
    root      2641  0.0  0.3   6704  1748 ?        Ss   Apr29   0:00 /usr/libexec/po
    root      2654  0.0  0.0   1884   368 ?        Ss   Apr29   0:00 gpm -m /dev/inp
    postfix   2657  0.0  0.3   6824  1864 ?        S    Apr29   0:00 qmgr -l -t fifo
    root      2670  0.0  2.1  28176 10864 ?        Ss   Apr29   0:00 /usr/sbin/httpd
    root      2683  0.0  0.3   6256  1692 ?        Ss   Apr29   0:00 /usr/sbin/httpd
    apache    2684  0.0  0.3   6256  1572 ?        S    Apr29   0:00 /usr/sbin/httpd
    apache    2685  0.0  0.3   6384  1592 ?        S    Apr29   0:00 /usr/sbin/httpd
    root      2701  0.0  0.0   4436   476 ?        Ss   Apr29   0:00 pure-ftpd (SERV
    root      2714  0.0  0.2   5468  1108 ?        Ss   Apr29   0:00 crond
    xfs       2737  0.0  0.2   3140  1036 ?        Ss   Apr29   0:00 xfs -droppriv -
    apache    2760  0.0  2.7  32348 14000 ?        S    Apr29   2:18 /usr/sbin/httpd
    apache    2761  0.0  2.6  32528 13656 ?        R    Apr29   2:19 /usr/sbin/httpd
    apache    2762  0.0  2.7  32556 14012 ?        S    Apr29   2:16 /usr/sbin/httpd
    apache    2764  0.0  2.6  32392 13456 ?        S    Apr29   2:15 /usr/sbin/httpd
    apache    2765  0.0  2.7  32704 14084 ?        S    Apr29   2:15 /usr/sbin/httpd
    apache    2767  0.0  2.8  32952 14400 ?        S    Apr29   2:20 /usr/sbin/httpd
    apache    2768  0.0  2.6  32544 13596 ?        S    Apr29   2:16 /usr/sbin/httpd
    root      2769  0.0  0.0   2216   416 ?        Ss   Apr29   0:00 /usr/sbin/atd
    apache    2770  0.0  2.8  32648 14296 ?        S    Apr29   2:17 /usr/sbin/httpd
    avahi     2784  0.0  0.2   2552  1380 ?        Ss   Apr29   0:00 avahi-daemon: r
    avahi     2785  0.0  0.0   2552   428 ?        Ss   Apr29   0:00 avahi-daemon: c
    68        2798  0.0  0.7   5420  3660 ?        Ss   Apr29   0:00 hald
    root      2799  0.0  0.1   3116   976 ?        S    Apr29   0:00 hald-runner
    68        2806  0.0  0.1   1972   784 ?        S    Apr29   0:00 hald-addon-acpi
    root      2807  0.0  0.1   3172   940 ?        S    Apr29   0:00 /usr/libexec/ha
    68        2812  0.0  0.1   1972   776 ?        S    Apr29   0:00 hald-addon-keyb
    68        2818  0.0  0.1   1976   780 ?        S    Apr29   0:00 hald-addon-keyb
    ntp       2874  0.0  0.8   4316  4316 ?        SLs  Apr29   0:00 ntpd -u ntp:ntp
    root      2944  0.0  0.0   1640   436 tty1     Ss+  Apr29   0:00 /sbin/mingetty
    root      2945  0.0  0.0   1636   432 tty2     Ss+  Apr29   0:00 /sbin/mingetty
    root      2946  0.0  0.0   1636   456 tty3     Ss+  Apr29   0:00 /sbin/mingetty
    root      2947  0.0  0.0   1636   432 tty4     Ss+  Apr29   0:00 /sbin/mingetty
    root      2949  0.0  0.0   1640   436 tty5     Ss+  Apr29   0:00 /sbin/mingetty
    root      2952  0.0  0.0   1636   432 tty6     Ss+  Apr29   0:00 /sbin/mingetty
    apache    3132  0.0  0.2   6256  1432 ?        S    Apr29   0:00 /usr/sbin/httpd
    apache    3137  0.0  0.2   6256  1436 ?        S    Apr29   0:00 /usr/sbin/httpd
    apache    3138  0.0  0.2   6256  1432 ?        S    Apr29   0:00 /usr/sbin/httpd
    apache    3897  0.0  2.6  32568 13624 ?        S    Apr29   2:12 /usr/sbin/httpd
    apache    3898  0.0  2.6  32516 13528 ?        S    Apr29   2:14 /usr/sbin/httpd
    apache    4523  0.0  2.7  32672 14036 ?        S    Apr29   2:09 /usr/sbin/httpd
    apache    4528  0.0  2.7  32192 13836 ?        S    Apr29   2:07 /usr/sbin/httpd
    apache    4536  0.0  2.6  32200 13496 ?        S    Apr29   2:05 /usr/sbin/httpd
    apache    4553  0.0  2.7  32840 13808 ?        S    Apr29   2:05 /usr/sbin/httpd
    apache    4596  0.0  2.8  32980 14396 ?        S    Apr29   2:11 /usr/sbin/httpd
    postfix  30035  0.0  0.3   6772  1724 ?        S    14:14   0:00 pickup -l -t fi
    [root@localhost ~]# 
    
    and ls -l /etc/init.d/ is:
    Code:
    [root@localhost ~]# ls -l /etc/init.d/
    total 668
    -rwxr-xr-x 1 root root  1128 Jan  6  2007 acpid
    -rwxr-xr-x 1 root root  1441 Mar 28  2007 anacron
    -rwxr-xr-x 1 root root  1429 Mar 14  2007 apmd
    -rwxr-xr-x 1 root root  1176 Jan  6  2007 atd
    -rwxr-xr-x 1 root root  2796 Nov 10 17:15 auditd
    -rwxr-xr-x 1 root root  2461 Feb  9 10:17 autofs
    -rwxr-xr-x 1 root root  1848 Mar 14  2007 avahi-daemon
    -rwxr-xr-x 1 root root  1789 Mar 14  2007 avahi-dnsconfd
    -rwxr-xr-x 1 root root  1477 Mar 28  2007 bluetooth
    -rwxr-xr-x 1 root root  1470 Nov 11 17:04 conman
    -rwxr-xr-x 1 bin  bin   4796 Jun 28  2007 courier
    -r-xr-xr-x 1 root root   893 Jun  7  2007 courier-authlib
    -rwxr-xr-x 1 root root  7328 Nov 10 14:42 cpuspeed
    -rwxr-xr-x 1 root root  1904 Nov 10 15:17 crond
    -rwxr-xr-x 1 root root  1942 Apr  2 10:20 cups
    -rwxr-xr-x 1 root root  1505 Jan  6  2007 dc_client
    -rwxr-xr-x 1 root root  1347 Jan  6  2007 dc_server
    -rwxr-xr-x 1 root root  2785 Mar 14  2007 dhcdbd
    -rwxr-xr-x 1 root root  5338 Apr 18 12:59 dkms_autoinstaller
    -rwxr-xr-x 1 root root   996 Mar 28  2007 dund
    -rwxr-xr-x 1 root root  1965 Nov 10 16:52 firstboot
    -rwxr-xr-x 1 root root 13913 Oct 26  2006 functions
    -rwxr-xr-x 1 root root  1778 Jan  6  2007 gpm
    -rwxr-xr-x 1 root root  1486 Nov 29 23:30 haldaemon
    -rwxr-xr-x 1 root root  5766 Jun 22  2007 halt
    -rwxr-xr-x 1 root root   966 Mar 28  2007 hidd
    -rwxr-xr-x 1 root root  3200 Jan 16 14:31 httpd
    -rwxr-xr-x 1 root root  1927 Jun  6  2007 httpd-matrixsa
    -rwxr-xr-x 1 root root  1861 Mar 14  2007 ibmasm
    -rwxr-xr-x 1 root root  7543 Jan  6  2007 ip6tables
    -rwxr-xr-x 1 root root  7460 Jan  6  2007 iptables
    -rwxr-xr-x 1 root root  1624 Jan  7  2007 irda
    -rwxr-xr-x 1 root root  2120 Nov 10 13:41 irqbalance
    -rwxr-xr-x 1 root root   652 Sep  4  2003 killall
    -rwxr-xr-x 1 root root  1389 Feb 25  2005 krb524
    -rwxr-xr-x 1 root root  1406 Nov 10 16:16 kudzu
    -rwxr-xr-x 1 root root  2111 Nov 10 18:50 lvm2-monitor
    -rwxr-xr-x 1 root root  2450 Jan 15 13:54 matrixsa
    -rwxr-xr-x 1 root root  1871 Dec 19 00:03 mcstrans
    -rwxr-xr-x 1 root root  1408 Mar 14  2007 mdmonitor
    -rwxr-xr-x 1 root root  1613 Mar 14  2007 mdmpd
    -rwxr-xr-x 1 root root  1819 Mar  3 13:44 messagebus
    -rwxr-xr-x 1 root root  1926 Nov 10 15:51 microcode_ctl
    -rwxr-xr-x 1 root root  1193 Mar 11 18:33 multipathd
    -rwxr-xr-x 1 root root  4582 Dec 19 01:07 mysqld
    -rwxr-xr-- 1 root root  8643 Nov 10 15:22 named
    -rwxr-xr-x 1 root root  2985 Aug  7  2007 netconsole
    -rwxr-xr-x 1 root root  5675 Aug  1  2006 netfs
    -rwxr-xr-x 1 root root  1289 Jan  7  2007 netplugd
    -rwxr-xr-x 1 root root  7992 Jun 22  2007 network
    -rwxr-xr-x 1 root root  1598 Mar 14  2007 NetworkManager
    -rwxr-xr-x 1 root root  1480 Mar 14  2007 NetworkManagerDispatcher
    -rwxr-xr-x 1 root root  4589 Nov 12 06:37 nfs
    -rwxr-xr-x 1 root root  3266 Nov 12 06:37 nfslock
    -rwxr-xr-x 1 root root  2517 Nov 30 02:22 nscd
    -rwxr-xr-x 1 root root  3361 Nov 10 12:34 ntpd
    -rwxr-xr-x 1 root root  1790 Jan  6  2007 oddjobd
    -rwxr-xr-x 1 root root  1203 Mar 28  2007 pand
    -rwxr-xr-x 1 root root  1525 Jan  6  2007 pcscd
    -rwxr-xr-x 1 root root  1877 Jan  6  2007 portmap
    -rwxr-xr-x 1 root root  2404 Jan 21  2007 postfix
    -rwxr-xr-x 1 root root  1021 Jan  6  2007 psacct
    -rwxr-xr-x 1 root root  1323 Dec 18  2001 pure-ftpd
    -rwxr-xr-x 1 root root  1387 Mar 14  2007 rdisc
    -rwxr-xr-x 1 root root   931 Mar 14  2007 readahead_early
    -rwxr-xr-x 1 root root   930 Mar 14  2007 readahead_later
    -rwxr-xr-x 1 root root  1793 Nov 10 14:46 restorecond
    -rwxr-xr-x 1 root root  2415 Nov 12 06:37 rpcgssd
    -rwxr-xr-x 1 root root  2040 Nov 12 06:37 rpcidmapd
    -rwxr-xr-x 1 root root  2420 Nov 12 06:37 rpcsvcgssd
    -rwxr-xr-x 1 root root  1547 Jan  7  2007 saslauthd
    -rwxr-xr-x 1 root root   647 Jul 20  2006 single
    -rwxr-xr-x 1 root root  2525 Mar 15  2007 smartd
    -rwxr-xr-x 1 root root  3283 Apr 18 01:56 squid
    -rwxr-xr-x 1 root root  3340 Nov 10 13:58 sshd
    -rwxr-xr-x 1 root root  2012 Nov 10 12:49 syslog
    -rwxr-xr-x 1 root root  2796 Jan  7  2007 tux
    -rwxr-xr-x 1 root root  1650 Jan  7  2007 wpa_supplicant
    -rwxr-xr-x 1 root root  3902 Jul 12  2007 xfs
    -rwxr-xr-x 1 root root  3465 Nov 10 14:30 ypbind
    -rwxr-xr-x 1 root root  1098 Nov 10 17:14 yum-updatesd
    [root@localhost ~]# 
    
     
  8. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in /etc/init.d/iptables?
     
  9. thehappyappy

    thehappyappy New Member

    That's

    Code:
    #!/bin/sh
    #
    # iptables      Start iptables firewall
    #
    # chkconfig: 2345 08 92
    # description:  Starts, stops and saves iptables firewall
    #
    # config: /etc/sysconfig/iptables
    # config: /etc/sysconfig/iptables-config
    
    # Source function library.
    . /etc/init.d/functions
    
    IPTABLES=iptables
    IPTABLES_DATA=/etc/sysconfig/$IPTABLES
    IPTABLES_CONFIG=/etc/sysconfig/${IPTABLES}-config
    IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
    PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
    VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
    
    if [ ! -x /sbin/$IPTABLES ]; then
        echo -n $"/sbin/$IPTABLES does not exist."; warning; echo
        exit 0
    fi
    
    if lsmod 2>/dev/null | grep -q ipchains ; then
        echo -n $"ipchains and $IPTABLES can not be used together."; warning; echo
        exit 0
    fi
    
    # Old or new modutils
    /sbin/modprobe --version 2>&1 | grep -q module-init-tools \
        && NEW_MODUTILS=1 \
        || NEW_MODUTILS=0
    
    # Default firewall configuration:
    IPTABLES_MODULES=""
    IPTABLES_MODULES_UNLOAD="yes"
    IPTABLES_SAVE_ON_STOP="no"
    IPTABLES_SAVE_ON_RESTART="no"
    IPTABLES_SAVE_COUNTER="no"
    IPTABLES_STATUS_NUMERIC="yes"
    
    # Load firewall configuration.
    [ -f "$IPTABLES_CONFIG" ] && . "$IPTABLES_CONFIG"
    
    rmmod_r() {
        # Unload module with all referring modules.
        # At first all referring modules will be unloaded, then the module itself.
        local mod=$1
        local ret=0
        local ref=
    
        # Get referring modules.
        # New modutils have another output format.
        [ $NEW_MODUTILS = 1 ] \
            && ref=`lsmod | awk "/^${mod}/ { print \\\$4; }" | tr ',' ' '` \
            || ref=`lsmod | grep ^${mod} | cut -d "[" -s -f 2 | cut -d "]" -s -f 1`
    
        # recursive call for all referring modules
        for i in $ref; do
            rmmod_r $i
            let ret+=$?;
     done
    
        # Unload module.
        # The extra test is for 2.6: The module might have autocleaned,
        # after all referring modules are unloaded.
        if grep -q "^${mod}" /proc/modules ; then
            modprobe -r $mod > /dev/null 2>&1
            let ret+=$?;
        fi
    
        return $ret
    }
    
    flush_n_delete() {
        # Flush firewall rules and delete chains.
        [ -e "$PROC_IPTABLES_NAMES" ] || return 1
    
        # Check if firewall is configured (has tables)
        tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
        [ -z "$tables" ] && return 1
    
        echo -n $"Flushing firewall rules: "
        ret=0
        # For all tables
        for i in $tables; do
            # Flush firewall rules.
            $IPTABLES -t $i -F;
            let ret+=$?;
    
            # Delete firewall chains.
            $IPTABLES -t $i -X;
            let ret+=$?;
    
            # Set counter to zero.
            $IPTABLES -t $i -Z;
            let ret+=$?;
        done
    
        [ $ret -eq 0 ] && success || failure
        echo
        return $ret
    }
    
    set_policy() {
        # Set policy for configured tables.
        policy=$1
    
        # Check if iptable module is loaded
        [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
    
        # Check if firewall is configured (has tables)
        tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
        [ -z "$tables" ] && return 1
    
        echo -n $"Setting chains to policy $policy: "
        ret=0
        for i in $tables; do
            echo -n "$i "
            case "$i" in
                raw)
                    $IPTABLES -t raw -P PREROUTING $policy \
                        && $IPTABLES -t raw -P OUTPUT $policy \
    || let ret+=1
                    ;;
                filter)
                    $IPTABLES -t filter -P INPUT $policy \
                        && $IPTABLES -t filter -P OUTPUT $policy \
                        && $IPTABLES -t filter -P FORWARD $policy \
                        || let ret+=1
                    ;;
                nat)
                    $IPTABLES -t nat -P PREROUTING $policy \
                        && $IPTABLES -t nat -P POSTROUTING $policy \
                        && $IPTABLES -t nat -P OUTPUT $policy \
                        || let ret+=1
                    ;;
                mangle)
                    $IPTABLES -t mangle -P PREROUTING $policy \
                        && $IPTABLES -t mangle -P POSTROUTING $policy \
                        && $IPTABLES -t mangle -P INPUT $policy \
                        && $IPTABLES -t mangle -P OUTPUT $policy \
                        && $IPTABLES -t mangle -P FORWARD $policy \
                        || let ret+=1
                    ;;
                *)
                    let ret+=1
                    ;;
            esac
        done
    
        [ $ret -eq 0 ] && success || failure
        echo
        return $ret
    }
    
    start() {
        # Do not start if there is no config file.
        [ -f "$IPTABLES_DATA" ] || return 1
    
        echo -n $"Applying $IPTABLES firewall rules: "
    
        OPT=
        [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
    
        $IPTABLES-restore $OPT $IPTABLES_DATA
        if [ $? -eq 0 ]; then
            success; echo
        else
            failure; echo; return 1
        fi
    
        # Load additional modules (helpers)
        if [ -n "$IPTABLES_MODULES" ]; then
            echo -n $"Loading additional $IPTABLES modules: "
            ret=0
            for mod in $IPTABLES_MODULES; do
                echo -n "$mod "
                modprobe $mod > /dev/null 2>&1
                let ret+=$?;
            done
            [ $ret -eq 0 ] && success || failure
            echo
        fi
     touch $VAR_SUBSYS_IPTABLES
        return $ret
    }
    
    stop() {
        # Do not stop if iptables module is not loaded.
        [ -e "$PROC_IPTABLES_NAMES" ] || return 1
    
        flush_n_delete
        set_policy ACCEPT
    
        if [ "x$IPTABLES_MODULES_UNLOAD" = "xyes" ]; then
            echo -n $"Unloading $IPTABLES modules: "
            ret=0
            rmmod_r ${IPV}_tables
            let ret+=$?;
            rmmod_r ${IPV}_conntrack
            let ret+=$?;
            [ $ret -eq 0 ] && success || failure
            echo
        fi
    
        rm -f $VAR_SUBSYS_IPTABLES
        return $ret
    }
    
    save() {
        # Check if iptable module is loaded
        [ ! -e "$PROC_IPTABLES_NAMES" ] && return 1
    
        # Check if firewall is configured (has tables)
        tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
        [ -z "$tables" ] && return 1
    
        echo -n $"Saving firewall rules to $IPTABLES_DATA: "
    
        OPT=
        [ "x$IPTABLES_SAVE_COUNTER" = "xyes" ] && OPT="-c"
    
        ret=0
        TMP_FILE=`/bin/mktemp -q /tmp/$IPTABLES.XXXXXX` \
            && chmod 600 "$TMP_FILE" \
            && $IPTABLES-save $OPT > $TMP_FILE 2>/dev/null \
            && size=`stat -c '%s' $TMP_FILE` && [ $size -gt 0 ] \
            || ret=1
        if [ $ret -eq 0 ]; then
            if [ -e $IPTABLES_DATA ]; then
                cp -f $IPTABLES_DATA $IPTABLES_DATA.save \
                    && chmod 600 $IPTABLES_DATA.save \
                    || ret=1
            fi
            if [ $ret -eq 0 ]; then
                cp -f $TMP_FILE $IPTABLES_DATA \
                    && chmod 600 $IPTABLES_DATA \
                    || ret=1
            fi
        fi
        [ $ret -eq 0 ] && success || failure
        echo
        rm -f $TMP_FILE
        return $ret
    }
    
    status() {
        tables=`cat $PROC_IPTABLES_NAMES 2>/dev/null`
    
        # Do not print status if lockfile is missing and iptables modules are not
        # loaded.
        # Check if iptable module is loaded
        if [ ! -f "$VAR_SUBSYS_IPTABLES" -a -z "$tables" ]; then
            echo $"Firewall is stopped."
            return 1
        fi
    
        # Check if firewall is configured (has tables)
        if [ ! -e "$PROC_IPTABLES_NAMES" ]; then
            echo $"Firewall is not configured. "
            return 1
        fi
        if [ -z "$tables" ]; then
            echo $"Firewall is not configured. "
            return 1
        fi
    
        NUM=
        [ "x$IPTABLES_STATUS_NUMERIC" = "xyes" ] && NUM="-n"
        VERBOSE=
        [ "x$IPTABLES_STATUS_VERBOSE" = "xyes" ] && VERBOSE="--verbose"
        COUNT=
        [ "x$IPTABLES_STATUS_LINENUMBERS" = "xyes" ] && COUNT="--line-numbers"
    
        for table in $tables; do
            echo $"Table: $table"
            $IPTABLES -t $table --list $NUM $VERBOSE $COUNT && echo
        done
    
        return 0
    }
    
    restart() {
        [ "x$IPTABLES_SAVE_ON_RESTART" = "xyes" ] && save
        stop
        start
    }
    
    case "$1" in
        start)
            stop
            start
            RETVAL=$?
            ;;
        stop)
            [ "x$IPTABLES_SAVE_ON_STOP" = "xyes" ] && save
            stop
            RETVAL=$?
            ;;
        restart)
            restart
            RETVAL=$?
            ;;
        condrestart)
            [ -e "$VAR_SUBSYS_IPTABLES" ] && restart
            ;;
    
        status)
            status
            RETVAL=$?
            ;;
        panic)
            flush_n_delete
            set_policy DROP
            RETVAL=$?
            ;;
        save)
            save
            RETVAL=$?
            ;;
        *)
            echo $"Usage: $0 {start|stop|restart|condrestart|status|panic|save}"
            exit 1
            ;;
    esac
    
    exit $RETVAL
    
    Thanks
     
  10. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Ok, the init script reads from /etc/sysconfig/iptables and /etc/sysconfig/iptables-config, so I guess the firewall configuration is in one of these two files. Can you post their contents here?
     
  11. thehappyappy

    thehappyappy New Member

    Thanks.
    the output from /etc/sysconfig/iptables is:


    and /etc/sysconfig/iptables-config is:
     
  12. chipsafts

    chipsafts New Member

    Which application are these ports for?

    How do you know that the ports are not "working" ?
     
  13. thehappyappy

    thehappyappy New Member

    An engineer for host said they'd look into it this morning so it could be that the ports are now open, but they definately weren't open before because I had video that wouldn't play because the ports weren't open
     

Share This Page