Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Troubleshooting firewall issues - CentOS 4.4

Status
Not open for further replies.
motoslide

motoslide

MIS
Oct 30, 2002
764
US
I'm not a total newbie, but feel like one today.
I've set up a test box running CentOS 4.4 On that server is an application which communicates on TCP ports 2000 - 2007. I am unable to establish a connection from a PC on the same LAN. The server can run the application using it's local loopback IP address.
How do I determine if these ports are blocked? NMAP says they are open. I'm able to establish an SSH connection to this system from the same PC which appears blocked on port 2002 (and others).
This is the results of running iptables -L
Code: 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     ipv6-crypt--  anywhere             anywhere
ACCEPT     ipv6-auth--  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251         udp dpt:5353
ACCEPT     udp  --  anywhere             anywhere            udp dpt:ipp
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ftp
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited
That last entry looks ominous to me, but I'm not sure. This system will only be used for internal R&D. The firewall is probably not needed at all. How can it be disabled, and how can I selectively enable ports? I'd like to know both answers.

Thanks much for your time.

"Proof that there is intelligent life in Oregon. Well, Life anyway.
 
Sort by date Sort by votes
Have you tried turning off the Redhat firewall completely to validate that it's a problem on the server side? You didn't mention any issues with other infrastrcture such as controls on the client, switching fabric, routes and routing, DNS for the server for the client to resolve from, etc.

D.E.R. Management - IT Project Management Consulting
 
Upvote 0 Downvote
Thanks for the reply.
Once I got the GUI interface running, I was able to adjust the firewall rules to allow the port I had needed using a GUI tool. This made a corresponding change to my iptables:
Code: 
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:2002
The GUI tool added a line to /etc/sysconfig/iptables. Life is more better.

Note: That was just one of the 8 ports I needed to open. The rest were similar.

"Proof that there is intelligent life in Oregon. Well, Life anyway.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
CentOS is Dead? 1
Replies
0
Views
103
SamBones
SamBones
spamjim
  • Locked
  • Question
Sorting out NTFS filesystem issues
Replies
0
Views
131
spamjim
spamjim
SamBones
  • Locked
  • Question
CentOS 7 and Putty
Replies
2
Views
142
SamBones
SamBones
MCP2000
  • Locked
  • Question
CentOS 6.9, LDAP, Vault, Active Directory
Replies
0
Views
71
MCP2000
MCP2000
RedLinux
  • Locked
  • Question
Login session issues with HTTP headers
Replies
0
Views
71
RedLinux
RedLinux

Part and Inventory Search

Sponsor

Back
Top