Linux-Noob Forums Linux Server Administration Security and Firewalls v
Are my iptables working

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Are my iptables working
Criller Offline
Junior Member
**
Posts: 4
Threads: 1
Joined: Aug 2007
Reputation: 0
#1
2007-08-02, 06:19 PM

Hello,

 

I followed the sticky bit as to how to open a port and it doesn't appear to be working for me.

 

I typed - iptables -A INPUT -i eth0 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT

 

I restarted iptables - service iptables restart

 

However when I run iptables -L I do not see my open port. see below -

===============================================================

Chain INPUT (policy ACCEPT)

target prot opt source destination

RH-Firewall-1-INPUT 0 -- anywhere anywhere

 

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

 

Chain RH-Firewall-1-INPUT (1 references)

target prot opt source destination

ACCEPT 0 -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere icmp any

ACCEPT esp -- anywhere anywhere

ACCEPT ah -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere anywhere udp dpt:ipp

ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

=============================================================

 

Also I cannot see my new entry in the /etc/sysconfig/iptables file -

 

==============================================

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

====================================================

 

Am I doing something wrong here?

 

Thanks

 

PJ

Find
Reply
xDamox Offline
Senior Member
****
Posts: 383
Threads: 63
Joined: Dec 2004
Reputation: 0
#2
2007-08-02, 06:42 PM

Hi,

 

When you add ip rules with the iptables command they are added on the fly, you don't need to restart your iptables.

For the iptables to still be there when you restart you need to use:

 

iptables-save > /etc/sysconfig/iptables

Find
Reply
Criller Offline
Junior Member
**
Posts: 4
Threads: 1
Joined: Aug 2007
Reputation: 0
#3
2007-08-02, 08:09 PM

Thanks for your quick reply.

 

I don't know I'm getting well stressed out with this iptables lark.

 

I still can't seem to get udp port 514 open. What would you expect to see in your iptables if this port was open. After doing the iptables-save option I see the following -

==============================================

Chain INPUT (policy ACCEPT)

target prot opt source destination

RH-Firewall-1-INPUT 0 -- anywhere anywhere

 

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

 

Chain RH-Firewall-1-INPUT (1 references)

target prot opt source destination

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT 0 -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere icmp any

ACCEPT esp -- anywhere anywhere

ACCEPT ah -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere anywhere udp dpt:ipp

ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

============================================================

 

When I run nmap I still cannot see an open port on 514 and my router syslog messages are not appearing in the logs.

 

[img]<___base_url___>/uploads/emoticons/default_mad.gif[/img]

 

PJ

Find
Reply
xDamox Offline
Senior Member
****
Posts: 383
Threads: 63
Joined: Dec 2004
Reputation: 0
#4
2007-08-02, 08:47 PM

Hi,

 

Simply use the following IP rule:

 



Code:
iptables -I INPUT 1 -p udp --dport 514 -j ACCEPT




Find
Reply
Criller Offline
Junior Member
**
Posts: 4
Threads: 1
Joined: Aug 2007
Reputation: 0
#5
2007-08-03, 02:58 PM

Thanks,

 

I tried this did an iptables save and iptables restart but no sign in the iptables file of udp port 514

 

=================================================================

[root@pjfed log]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT udp -- anywhere anywhere udp dpt:syslog

RH-Firewall-1-INPUT 0 -- anywhere anywhere

ACCEPT udp -- anywhere anywhere udp spt:syslog state ESTABLISHED

 

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

 

Chain RH-Firewall-1-INPUT (1 references)

target prot opt source destination

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT 0 -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere icmp any

ACCEPT esp -- anywhere anywhere

ACCEPT ah -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere anywhere udp dpt:ipp

ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

=====================================================================

Find
Reply
magikman Offline
Member
***
Posts: 63
Threads: 10
Joined: Apr 2004
Reputation: 0
#6
2007-08-03, 10:31 PM

Quote:ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
 

 

That line up above is your port. do this: grep 514 /etc/services

Find
Reply
Criller Offline
Junior Member
**
Posts: 4
Threads: 1
Joined: Aug 2007
Reputation: 0
#7
2007-08-04, 02:19 PM

Iptables were working.................and too is my syslogging that sparked this post

 

grep /etc/services 514 showed this

 

I ran a UDP port scanner called "portqueryui" which gave more information than the other scanners I tried. It told me that port 514 was open but not LISTENING. After a bit of Googling I realised that the instructions I followed for setting up syslog were different. I had added '-r -x' to the /etc/rc.d/init.d/syslog file and not the /etc/sysconfig/syslog. Made the changes and my router syslog messages started flowing.

 

Thanks for taking the time in helping me with this.

 

Cheers

 

PJ

Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)