Hello,
I followed the sticky bit as to how to open a port and it doesn't appear to be working for me.
I typed - iptables -A INPUT -i eth0 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT
I restarted iptables - service iptables restart
However when I run iptables -L I do not see my open port. see below -
===============================================================
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
=============================================================
Also I cannot see my new entry in the /etc/sysconfig/iptables file -
==============================================
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
====================================================
Am I doing something wrong here?
Thanks
PJ
Hi,
When you add ip rules with the iptables command they are added on the fly, you don't need to restart your iptables.
For the iptables to still be there when you restart you need to use:
iptables-save > /etc/sysconfig/iptables
Thanks for your quick reply.
I don't know I'm getting well stressed out with this iptables lark.
I still can't seem to get udp port 514 open. What would you expect to see in your iptables if this port was open. After doing the iptables-save option I see the following -
==============================================
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
============================================================
When I run nmap I still cannot see an open port on 514 and my router syslog messages are not appearing in the logs.
[img]<___base_url___>/uploads/emoticons/default_mad.gif[/img]
PJ
Hi,
Simply use the following IP rule:
Code:
iptables -I INPUT 1 -p udp --dport 514 -j ACCEPT
Thanks,
I tried this did an iptables save and iptables restart but no sign in the iptables file of udp port 514
=================================================================
[root@pjfed log]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:syslog
RH-Firewall-1-INPUT 0 -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:syslog state ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
=====================================================================
Quote:ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
That line up above is your port. do this: grep 514 /etc/services
Iptables were working.................and too is my syslogging that sparked this post
grep /etc/services 514 showed this
I ran a UDP port scanner called "portqueryui" which gave more information than the other scanners I tried. It told me that port 514 was open but not LISTENING. After a bit of Googling I realised that the instructions I followed for setting up syslog were different. I had added '-r -x' to the /etc/rc.d/init.d/syslog file and not the /etc/sysconfig/syslog. Made the changes and my router syslog messages started flowing.
Thanks for taking the time in helping me with this.
Cheers
PJ