New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
iptables -A OUTPUT -p tcp --dport 12345 -m state --state NEW -j ACCEPT
I believe that's the way to do it.
Please use the following command for open outgoing port as well use for incoming
iptables -A OUTPUT -p tcp -d --dport 12345 -j ACCEPT
Thanks guys, let me try that
@BreezeHost it says
Remove the -d
@Keith that worked, thanks
Quick question, how to verify if the ports are actually open? using the ssh command line?
@Asim - you can use telnet to check any address:port -
telnet 1.2.3.4 12345
I rebooted and its all gone
Ah, I need to do this
service iptables save to actually save those rules
told ya, im a newbie @ iptables
or put your own rules at /etc/sysconfig/iptables before REJECT line.
There's a lot of documentation you can find by googling, most of the information is on major distribution's websites too, so it's pretty solid information. There's a lot of neat things you can do/learn from them, like throttling connections and what not.
Strictly speaking, you don't.
Software running on your server will open ports. Until that happens the port doesn't really exist -- it's just a number, a 'possible port'.
What the iptables commands above do is allow access to a port. For those commands to really do anything,
By default, all ports are not blocked. If port 12345 is blocked on your server, it suggests there is a firewall of some sort in place. And if that's the case, you should figure out how it's configured and work with it, rather than dropping iptables rules in from the command line.
Like many things in the Linux world the learning curve for iptables can be rather steep. Be sure to test, test, test as it's easy to get wrong and not block something or lock yourself out. I invariably lock myself out a few times when I setup really restrictive rule sets. If your provider has an out of band ssh or terminal connection, learn how to use it before you start working on rules. It's one thing I require in a VPS provider.
A way of learning is to start with one of the many iptables scripts. Set them up and take a look at what they do to with the iptables config.
Exactly, I don't get it, why to open a port? i.e. do you closed all the ports? o_O When you run the service it will "open the port" as sleddog says.
@sleddog @cleonard @yomero
Exactly, I never had to BUT this time I installed nrpe (nagios client) on a box and it does not respond although iptables were there from the start. Unsure, thats why I wanted to explicitly open ports to fix it.
Thanks a lot everyone, its working fine now
hi guys sorry to hijack this thread, the iptables flag "INPUT" means traffic incoming to the box and "OUTPUT" means traffic outgoing from the box right?
@cosmicgate
Right
There you go: http://wiki.centos.org/HowTos/Network/IPTables