Jump to content

Are my iptables working


Recommended Posts

Hello,

 

I followed the sticky bit as to how to open a port and it doesn't appear to be working for me.

 

I typed - iptables -A INPUT -i eth0 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT

 

I restarted iptables - service iptables restart

 

However when I run iptables -L I do not see my open port. see below -

===============================================================

Chain INPUT (policy ACCEPT)

target prot opt source destination

RH-Firewall-1-INPUT 0 -- anywhere anywhere

 

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

 

Chain RH-Firewall-1-INPUT (1 references)

target prot opt source destination

ACCEPT 0 -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere icmp any

ACCEPT esp -- anywhere anywhere

ACCEPT ah -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere anywhere udp dpt:ipp

ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

=============================================================

 

Also I cannot see my new entry in the /etc/sysconfig/iptables file -

 

==============================================

# Firewall configuration written by system-config-securitylevel

# Manual customization of this file is not recommended.

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:RH-Firewall-1-INPUT - [0:0]

-A INPUT -j RH-Firewall-1-INPUT

-A RH-Firewall-1-INPUT -i lo -j ACCEPT

-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT

-A RH-Firewall-1-INPUT -p 50 -j ACCEPT

-A RH-Firewall-1-INPUT -p 51 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT

-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

====================================================

 

Am I doing something wrong here?

 

Thanks

 

PJ

Link to post
Share on other sites

Hi,

 

When you add ip rules with the iptables command they are added on the fly, you don't need to restart your iptables.

For the iptables to still be there when you restart you need to use:

 

iptables-save > /etc/sysconfig/iptables

Link to post
Share on other sites

Thanks for your quick reply.

 

I don't know I'm getting well stressed out with this iptables lark.

 

I still can't seem to get udp port 514 open. What would you expect to see in your iptables if this port was open. After doing the iptables-save option I see the following -

==============================================

Chain INPUT (policy ACCEPT)

target prot opt source destination

RH-Firewall-1-INPUT 0 -- anywhere anywhere

 

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

 

Chain RH-Firewall-1-INPUT (1 references)

target prot opt source destination

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT 0 -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere icmp any

ACCEPT esp -- anywhere anywhere

ACCEPT ah -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere anywhere udp dpt:ipp

ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

============================================================

 

When I run nmap I still cannot see an open port on 514 and my router syslog messages are not appearing in the logs.

 

:angry:

 

PJ

Link to post
Share on other sites

Thanks,

 

I tried this did an iptables save and iptables restart but no sign in the iptables file of udp port 514

 

=================================================================

[root@pjfed log]# iptables -L

Chain INPUT (policy ACCEPT)

target prot opt source destination

ACCEPT udp -- anywhere anywhere udp dpt:syslog

RH-Firewall-1-INPUT 0 -- anywhere anywhere

ACCEPT udp -- anywhere anywhere udp spt:syslog state ESTABLISHED

 

Chain FORWARD (policy ACCEPT)

target prot opt source destination

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target prot opt source destination

 

Chain RH-Firewall-1-INPUT (1 references)

target prot opt source destination

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT 0 -- anywhere anywhere

ACCEPT icmp -- anywhere anywhere icmp any

ACCEPT esp -- anywhere anywhere

ACCEPT ah -- anywhere anywhere

ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns

ACCEPT udp -- anywhere anywhere udp dpt:ipp

ACCEPT tcp -- anywhere anywhere tcp dpt:ipp

ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED

ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog

ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh

REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

=====================================================================

Link to post
Share on other sites

Iptables were working.................and too is my syslogging that sparked this post

 

grep /etc/services 514 showed this

 

I ran a UDP port scanner called "portqueryui" which gave more information than the other scanners I tried. It told me that port 514 was open but not LISTENING. After a bit of Googling I realised that the instructions I followed for setting up syslog were different. I had added '-r -x' to the /etc/rc.d/init.d/syslog file and not the /etc/sysconfig/syslog. Made the changes and my router syslog messages started flowing.

 

Thanks for taking the time in helping me with this.

 

Cheers

 

PJ

Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...