Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Firewall on RH9
- Thread starter ascikey
- Start date
![[soapbox]](/data/assets/smilies/soapbox.gif "[soapbox] [soapbox]")
sleipnir214
Programmer
Yes, there is a firewall running on your system. It's called IPTables and it's built into your kernel.
Whether it's currently configured to do anything is another question. The command:
/sbin/iptables --list
will show you what rules are currently active.
Want the best answers? Ask the best questions!
TANSTAAFL!!
Whether it's currently configured to do anything is another question. The command:
/sbin/iptables --list
will show you what rules are currently active.
Want the best answers? Ask the best questions!
TANSTAAFL!!
- Thread starter
- #3
thanks for your reply.
this is the result of /sbin/iptables --list
does anybody know if this means that i am excepting requests on port 80 from the Internet or from the router IP 10.0.0.2 ? thanks
this is the result of /sbin/iptables --list
Code:
[root@jstlinbox root]# /sbin/iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Lokkit-0-50-INPUT (2 references)
target prot opt source destination
ACCEPT udp -- 10.0.0.2 anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SY
N
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:
bootpc
ACCEPT udp -- anywhere anywhere udp spts:bootps:bootpc dpts:bootps:
bootpc
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/S
YN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN r
eject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-po
rt-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-u
nreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK
/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN r
eject-with icmp-port-unreachable
[root@jstlinbox root]#sleipnir214
Programmer
This line:
[tt]ACCEPT tcp -- anywhere anywhere tcp dpt:http[/tt]
Should be allowing HTTP incoming.
But one quick way to tell whether your firewall settings are blocking incoming HTTP connections: clear the configuration.
Issue:
/etc/rc.d/init.d/iptables stop
then try to connect to your web server.
Want the best answers? Ask the best questions!
TANSTAAFL!!
[tt]ACCEPT tcp -- anywhere anywhere tcp dpt:http[/tt]
Should be allowing HTTP incoming.
But one quick way to tell whether your firewall settings are blocking incoming HTTP connections: clear the configuration.
Issue:
/etc/rc.d/init.d/iptables stop
then try to connect to your web server.
Want the best answers? Ask the best questions!
TANSTAAFL!!
- Thread starter
- #5
![[atom]](/data/assets/smilies/atom.gif "[atom] [atom]")
- Status
Similar threads
- Locked
- Question