Re: Opening port on machine



On Fri, 15 Sep 2006 02:21:06 -0700 cris.pini wrote:

Hi,

I'm using Red Hat Enterprise Linux ES release 4 (Nahant Update 3) and
have used the system-config-securitylevel utility to open port 5505 on
the firewall. The iptables config now looks like this:


# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -i eth0 -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5505
-j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT

Standard RHEL4 iptables setup with your port 5505/tcp add.

I restarted iptables successfully and would now expect to be able to
telnet to that port on the machine locally as I'm expecting the port to
have been opened and ready listening, however, I get connection
refused.

service iptables status

gives you a list of all active iptables rules.

# telnet localhost 5505
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused

Can anyone help please as this seems to be a trivial problem that
should be easy to sort out but I've been racking my brains for a while
trying to get this to work.

Many thx.

There must be service listening on port 5505 to be successful with such a
simple "telnet test".

lsof -i :5505

Alexander


--
Alexander Dalloz | Löhne, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 12:34:12 up 8 days, 14:43, load average: 0.15, 0.18, 0.07

.



Relevant Pages

  • RE: redhat-list Digest, Vol 4, Issue 38
    ... Re: Iptables: port 22 open only for my IP ... Windows Services for Unix 3.5 ... It does absolutely nothing if you have a rampant application on your Windows box that opens a port to the outside world. ...
    (RedHat)
  • Re: How to maximize security with iptables when http service opening?
    ... You're running firewall ... single host running httpd and iptables. ... If you want to run www server then you need to open port 80 ... Of course, attacker still can get it, ...
    (comp.os.linux.security)
  • Re: Telnet is not working with iptables
    ... You are appending to the existing rules. ... above your rule that is causing denial of the the specific port. ... rule list with iptables -nL command. ... Whenever i tried to telnet it generates the following error ...
    (RedHat)
  • Re: Webmin & system-config-securitylevel
    ... > I have a server running FC2, iptables were setup using ... > service unless I expressly opened that port. ... I did this thru webmin using the firewall config tool under ... <snip config files> ...
    (alt.os.linux.redhat)
  • Re: Telnet is not working with iptables
    ... I enabled SSH port by using ... Telnet is not working with iptables ...
    (RedHat)