Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


newbie @ Iptables
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

newbie @ Iptables

AsimAsim Member
edited February 2012 in Help

I am newbie at iptables on CentOS 5.7

How do you open ports, lets say 12345 for incoming and outgoing on tcp only?

Comments

  • iptables -A INPUT -p tcp --dport 12345 -m state --state NEW -j ACCEPT

    iptables -A OUTPUT -p tcp --dport 12345 -m state --state NEW -j ACCEPT

    I believe that's the way to do it.

    Thanked by 2Kairus Asim
  • Please use the following command for open outgoing port as well use for incoming
    iptables -A OUTPUT -p tcp -d --dport 12345 -j ACCEPT

    Thanked by 1Asim
  • Thanks guys, let me try that

  • @BreezeHost it says

    [root@kvm1 ~]# iptables -A OUTPUT -p tcp -d --dport 12345 -j ACCEPT
    Bad argument 12345' Tryiptables -h' or 'iptables --help' for more information.

  • Remove the -d

    Thanked by 1Asim
  • @Keith that worked, thanks

    Quick question, how to verify if the ports are actually open? using the ssh command line?

  • @Asim - you can use telnet to check any address:port - telnet 1.2.3.4 12345

    Thanked by 1Asim
  • I rebooted and its all gone

  • Ah, I need to do this

    service iptables save to actually save those rules

    told ya, im a newbie @ iptables

  • @Asim said: service iptables save to actually save those rules

    or put your own rules at /etc/sysconfig/iptables before REJECT line. :D

  • KairusKairus Member
    edited February 2012

    There's a lot of documentation you can find by googling, most of the information is on major distribution's websites too, so it's pretty solid information. There's a lot of neat things you can do/learn from them, like throttling connections and what not.

  • sleddogsleddog Member
    edited February 2012

    @Asim said: How do you open ports, lets say 12345 for incoming and outgoing on tcp only?

    Strictly speaking, you don't.

    Software running on your server will open ports. Until that happens the port doesn't really exist -- it's just a number, a 'possible port'.

    What the iptables commands above do is allow access to a port. For those commands to really do anything,

    • The port must be opened by some application for use
    • Access to the port must be otherwise blocked.

    By default, all ports are not blocked. If port 12345 is blocked on your server, it suggests there is a firewall of some sort in place. And if that's the case, you should figure out how it's configured and work with it, rather than dropping iptables rules in from the command line.

    Thanked by 1marrco
  • Like many things in the Linux world the learning curve for iptables can be rather steep. Be sure to test, test, test as it's easy to get wrong and not block something or lock yourself out. I invariably lock myself out a few times when I setup really restrictive rule sets. If your provider has an out of band ssh or terminal connection, learn how to use it before you start working on rules. It's one thing I require in a VPS provider.

    A way of learning is to start with one of the many iptables scripts. Set them up and take a look at what they do to with the iptables config.

  • @sleddog said: Strictly speaking, you don't.

    Software running on your server will open ports. Until that happens the port doesn't really exist -- it's just a number, a 'possible port'.

    Exactly, I don't get it, why to open a port? i.e. do you closed all the ports? o_O When you run the service it will "open the port" as sleddog says.

  • @sleddog @cleonard @yomero

    Exactly, I never had to BUT this time I installed nrpe (nagios client) on a box and it does not respond although iptables were there from the start. Unsure, thats why I wanted to explicitly open ports to fix it.

    Thanks a lot everyone, its working fine now

  • hi guys sorry to hijack this thread, the iptables flag "INPUT" means traffic incoming to the box and "OUTPUT" means traffic outgoing from the box right?

    Thanked by 1Asim
  • @Asim said: I am newbie at iptables on CentOS 5.7

    There you go: http://wiki.centos.org/HowTos/Network/IPTables

Sign In or Register to comment.