Jump to content

Criller

Members
  • Content Count

    4
  • Joined

  • Last visited

Posts posted by Criller

  1. Iptables were working.................and too is my syslogging that sparked this post

     

    grep /etc/services 514 showed this

     

    I ran a UDP port scanner called "portqueryui" which gave more information than the other scanners I tried. It told me that port 514 was open but not LISTENING. After a bit of Googling I realised that the instructions I followed for setting up syslog were different. I had added '-r -x' to the /etc/rc.d/init.d/syslog file and not the /etc/sysconfig/syslog. Made the changes and my router syslog messages started flowing.

     

    Thanks for taking the time in helping me with this.

     

    Cheers

     

    PJ

  2. Thanks,

     

    I tried this did an iptables save and iptables restart but no sign in the iptables file of udp port 514

     

    =================================================================

    [root@pjfed log]# iptables -L

    Chain INPUT (policy ACCEPT)

    target prot opt source destination

    ACCEPT udp -- anywhere anywhere udp dpt:syslog

    RH-Firewall-1-INPUT 0 -- anywhere anywhere

    ACCEPT udp -- anywhere anywhere udp spt:syslog state ESTABLISHED

     

    Chain FORWARD (policy ACCEPT)

    target prot opt source destination

    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

     

    Chain OUTPUT (policy ACCEPT)

    target prot opt source destination

     

    Chain RH-Firewall-1-INPUT (1 references)

    target prot opt source destination

    ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

    ACCEPT 0 -- anywhere anywhere

    ACCEPT icmp -- anywhere anywhere icmp any

    ACCEPT esp -- anywhere anywhere

    ACCEPT ah -- anywhere anywhere

    ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

    ACCEPT udp -- anywhere anywhere udp dpt:ipp

    ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

    ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

    ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

    =====================================================================

  3. Thanks for your quick reply.

     

    I don't know I'm getting well stressed out with this iptables lark.

     

    I still can't seem to get udp port 514 open. What would you expect to see in your iptables if this port was open. After doing the iptables-save option I see the following -

    ==============================================

    Chain INPUT (policy ACCEPT)

    target prot opt source destination

    RH-Firewall-1-INPUT 0 -- anywhere anywhere

     

    Chain FORWARD (policy ACCEPT)

    target prot opt source destination

    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

     

    Chain OUTPUT (policy ACCEPT)

    target prot opt source destination

     

    Chain RH-Firewall-1-INPUT (1 references)

    target prot opt source destination

    ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

    ACCEPT 0 -- anywhere anywhere

    ACCEPT icmp -- anywhere anywhere icmp any

    ACCEPT esp -- anywhere anywhere

    ACCEPT ah -- anywhere anywhere

    ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

    ACCEPT udp -- anywhere anywhere udp dpt:ipp

    ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

    ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

    ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

    ============================================================

     

    When I run nmap I still cannot see an open port on 514 and my router syslog messages are not appearing in the logs.

     

    :angry:

     

    PJ

  4. Hello,

     

    I followed the sticky bit as to how to open a port and it doesn't appear to be working for me.

     

    I typed - iptables -A INPUT -i eth0 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT

     

    I restarted iptables - service iptables restart

     

    However when I run iptables -L I do not see my open port. see below -

    ===============================================================

    Chain INPUT (policy ACCEPT)

    target prot opt source destination

    RH-Firewall-1-INPUT 0 -- anywhere anywhere

     

    Chain FORWARD (policy ACCEPT)

    target prot opt source destination

    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

     

    Chain OUTPUT (policy ACCEPT)

    target prot opt source destination

     

    Chain RH-Firewall-1-INPUT (1 references)

    target prot opt source destination

    ACCEPT 0 -- anywhere anywhere

    ACCEPT icmp -- anywhere anywhere icmp any

    ACCEPT esp -- anywhere anywhere

    ACCEPT ah -- anywhere anywhere

    ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

    ACCEPT udp -- anywhere anywhere udp dpt:ipp

    ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

    ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

    ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

    =============================================================

     

    Also I cannot see my new entry in the /etc/sysconfig/iptables file -

     

    ==============================================

    # Firewall configuration written by system-config-securitylevel

    # Manual customization of this file is not recommended.

    *filter

    :INPUT ACCEPT [0:0]

    :FORWARD ACCEPT [0:0]

    :OUTPUT ACCEPT [0:0]

    :RH-Firewall-1-INPUT - [0:0]

    -A INPUT -j RH-Firewall-1-INPUT

    -A RH-Firewall-1-INPUT -i lo -j ACCEPT

    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT

    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT

    -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

    -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

    -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

    -A FORWARD -j REJECT --reject-with icmp-host-prohibited

    COMMIT

    ====================================================

     

    Am I doing something wrong here?

     

    Thanks

     

    PJ

×
×
  • Create New...