[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Regarding changing external IP address on Web server

Posted on 2004-11-23
14
Medium Priority
?
293 Views
Last Modified: 2013-12-15
My ISP is giving us a diferent IP ADDRESS for our web server (Apache) running on Red Hat Linux 8.0 and we are currently hosting few domains. Ithink I need to change IP address for eth0 using Network Configuration( neat command) and make changes in the NAMED.CONF file (for DNS BIND server) and ZONE files for each Domain. Is THERE ANYHING ELSE that I need to do or am I MISSING something ?
0
Comment
Question by:mn210
14 Comments
 

Author Comment

by:mn210
ID: 12659921
As the same server is also acting as Router, is this change of IP address has anything to do with FIREWALL (IPTABLES) ?
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12660313
> is this change of IP address has anything to do with FIREWALL
No, unless your firewall rule related to local ip instead of interface (eth0, eth1)

> Is THERE ANYHING ELSE that I need to do or am I MISSING something
"neat" to change IP, /etc/hosts, default gateway, and seconday DNS server (If change).

Any other server application running on this RedHat Linux 8 box?

Regards,

Wesly
0
 
LVL 12

Expert Comment

by:paullamhkg
ID: 12662604
not sure the network configuration will change everything for your or not, I will suggest you to check /etc/hosts, /etc/sysconfig/network, /etc/resolv.conf and /etc/sysconfig/network-scripts/ifcfg-eth0 after you used the Network Configuration tools. the above files are maintain the network info of your linux box.

and wesly_chen gave you the answer of your firewall (iptables).
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 38

Accepted Solution

by:
wesly_chen earned 400 total points
ID: 12662655
> /etc/hosts, /etc/sysconfig/network, /etc/resolv.conf and /etc/sysconfig/network-scripts/ifcfg-eth0
As my experience, "neat" or "redhat-config-network" already take care of those files and do "ifconfig"
to make the change take effect immediately.

Wesly
0
 

Author Comment

by:mn210
ID: 12669917
Thanks  alot . I am trying to locate iptables file for checking  ethernet interface( whetther eth0 or w.x.y.z) but could n't get any success so far.
This is what I have :
______________________________________
[root@vader sysconfig]# cat iptables-config
# Additional ip6tables modules (nat helper)
# Default: -empty-
#IP6TABLES_MODULES="ip_nat_ftp"

# Save current firewall rules on stop.
# Value: yes|no,  default: no
#IP6TABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
# Value: yes|no,  default: no
#IP6TABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule counter.
# Value: yes|no,  default: no
#IP6TABLES_SAVE_COUNTER="no"

# Numeric status output
# Value: yes|no,  default: no
#IP6TABLES_STATUS_NUMERIC="no"

[root@vader sysconfig]# cat ip6tables-config
# Additional iptables modules (nat helper)
# Default: -empty-
#IPTABLES_MODULES="ip_nat_ftp"

# Save current firewall rules on stop.
# Value: yes|no,  default: no
#IPTABLES_SAVE_ON_STOP="no"

# Save current firewall rules on restart.
# Value: yes|no,  default: no
#IPTABLES_SAVE_ON_RESTART="no"

# Save (and restore) rule counter.
# Value: yes|no,  default: no
#IPTABLES_SAVE_COUNTER="no"

# Numeric status output
# Value: yes|no,  default: no
#IPTABLES_STATUS_NUMERIC="no"
_______________________________________

How can I locate the file in which all rules for firewall are specified ?
Thanks in advance for your cooperation.
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12670045
> How can I locate the file in which all rules for firewall are specified
iptable -L

/etc/sysconfig/iptables-config is not easy to read.

Wesly
0
 
LVL 14

Expert Comment

by:chris_calabrese
ID: 12697218
It sounds like you're trying to use "home" ISP service to run a business. Contact your ISP about getting a commercial account with fixed IP addresses.
0
 

Author Comment

by:mn210
ID: 12711458
Still couldn't find the iptable file ......
Urgent help needed .

This is the o/p :
[sharmam@vader lib]$ iptable -L
iptable: Command not found.
[sharmam@vader lib]$ iptables -L
iptables: Command not found.

[sharmam@vader lib]$ locate iptable
/home/old_masta/usr/usr/bin/psfstriptable
/home/old_masta/usr/usr/lib/iptables
/home/old_masta/usr/usr/lib/iptables/libip6t_icmp.so
/home/old_masta/usr/usr/lib/iptables/libip6t_standard.so
/home/old_masta/usr/usr/lib/iptables/libip6t_tcp.so
/home/old_masta/usr/usr/lib/iptables/libip6t_udp.so
/home/old_masta/usr/usr/lib/iptables/libipt_DNAT.so
/home/old_masta/usr/usr/lib/iptables/libipt_LOG.so
/home/old_masta/usr/usr/lib/iptables/libipt_MARK.so
/home/old_masta/usr/usr/lib/iptables/libipt_MASQUERADE.so
/home/old_masta/usr/usr/lib/iptables/libipt_REDIRECT.so
/home/old_masta/usr/usr/lib/iptables/libipt_REJECT.so
/home/old_masta/usr/usr/lib/iptables/libipt_SNAT.so
/home/old_masta/usr/usr/lib/iptables/libipt_TOS.so
/home/old_masta/usr/usr/lib/iptables/libipt_icmp.so
/home/old_masta/usr/usr/lib/iptables/libipt_limit.so
/home/old_masta/usr/usr/lib/iptables/libipt_mac.so
/home/old_masta/usr/usr/lib/iptables/libipt_mark.so
/home/old_masta/usr/usr/lib/iptables/libipt_multiport.so
/home/old_masta/usr/usr/lib/iptables/libipt_owner.so
/home/old_masta/usr/usr/lib/iptables/libipt_standard.so
/home/old_masta/usr/usr/lib/iptables/libipt_state.so
/home/old_masta/usr/usr/lib/iptables/libipt_tcp.so
/home/old_masta/usr/usr/lib/iptables/libipt_tos.so
/home/old_masta/usr/usr/lib/iptables/libipt_udp.so
/home/old_masta/usr/usr/lib/iptables/libipt_unclean.so
/home/old_masta/usr/usr/share/man/man1/psfstriptable.1.gz
/home/old_masta/usr/usr/share/man/man8/iptables.8.gz
/home/old_masta/usr/usr/share/man/man8/iptables-restore.8.gz
/home/old_masta/usr/usr/share/man/man8/iptables-save.8.gz
/usr/bin/psfstriptable
/usr/share/doc/iptables-1.2.8
/usr/share/doc/iptables-1.2.8/KNOWN_BUGS
/usr/share/doc/iptables-1.2.8/COPYING
/usr/share/man/man1/psfstriptable.1.gz
/usr/share/man/man8/iptables-restore.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/man/man8/iptables.8.gz
/usr/src/linux-2.4.20-27.7/net/ipv4/netfilter/iptable_filter.c
/usr/src/linux-2.4.20-27.7/net/ipv4/netfilter/iptable_mangle.c
/etc/rc.d/init.d/iptables
/etc/rc.d/rc0.d/K92iptables
/etc/rc.d/rc1.d/K92iptables
/etc/rc.d/rc2.d/S08iptables
/etc/rc.d/rc3.d/S08iptables
/etc/rc.d/rc4.d/S08iptables
/etc/rc.d/rc5.d/S08iptables
/etc/rc.d/rc6.d/K92iptables
/etc/firewall/firewall.conf.iptables
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-17.7.x/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.18-17.7.x/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.18-17.7.x/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-18.7.x/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.18-18.7.x/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.18-18.7.x/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-19.7.x/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.18-19.7.x/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.18-19.7.x/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-19.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.20-19.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.20-19.7/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-20.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.20-20.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.20-20.7/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-24.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.20-24.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.20-24.7/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-27.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.20-27.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.20-27.7/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/iptables
/lib/iptables/libipt_MASQUERADE.so
/lib/iptables/libipt_DNAT.so
/lib/iptables/libip6t_LOG.so
/lib/iptables/libipt_LOG.so
/lib/iptables/libipt_MARK.so
/lib/iptables/libip6t_multiport.so
/lib/iptables/libipt_MIRROR.so
/lib/iptables/libipt_REDIRECT.so
/lib/iptables/libipt_REJECT.so
/lib/iptables/libipt_SAME.so
/lib/iptables/libipt_SNAT.so
/lib/iptables/libipt_TCPMSS.so
/lib/iptables/libipt_TOS.so
/lib/iptables/libipt_TTL.so
/lib/iptables/libipt_ULOG.so
/lib/iptables/libipt_ah.so
/lib/iptables/libipt_esp.so
/lib/iptables/libipt_icmp.so
/lib/iptables/libipt_iplimit.so
/lib/iptables/libipt_limit.so
/lib/iptables/libipt_mac.so
/lib/iptables/libipt_mark.so
/lib/iptables/libipt_multiport.so
/lib/iptables/libipt_owner.so
/lib/iptables/libipt_standard.so
/lib/iptables/libipt_state.so
/lib/iptables/libipt_tcp.so
/lib/iptables/libipt_tcpmss.so
/lib/iptables/libipt_tos.so
/lib/iptables/libipt_ttl.so
/lib/iptables/libipt_udp.so
/lib/iptables/libipt_unclean.so
/lib/iptables/libip6t_MARK.so
/lib/iptables/libip6t_icmpv6.so
/lib/iptables/libip6t_mark.so
/lib/iptables/libip6t_standard.so
/lib/iptables/libip6t_tcp.so
/lib/iptables/libip6t_udp.so
/lib/iptables/libipt_DSCP.so
/lib/iptables/libipt_ECN.so
/lib/iptables/libip6t_limit.so
/lib/iptables/libip6t_mac.so
/lib/iptables/libip6t_owner.so
/lib/iptables/libipt_TARPIT.so
/lib/iptables/libipt_conntrack.so
/lib/iptables/libipt_dscp.so
/lib/iptables/libipt_ecn.so
/lib/iptables/libipt_helper.so
/lib/iptables/libipt_length.so
/lib/iptables/libipt_physdev.so
/lib/iptables/libipt_pkttype.so
/lib/iptables/libipt_rpc.so
/lib/iptables/libip6t_HL.so
/lib/iptables/libip6t_eui64.so
/lib/iptables/libip6t_hl.so
/lib/iptables/libip6t_length.so
/sbin/iptables-restore
/sbin/iptables
/sbin/iptables-save
[sharmam@vader lib]$ iptable -L
iptable: Command not found.
[sharmam@vader lib]$ iptableS -L
iptableS: Command not found.
[sharmam@vader lib]$ locatle iptable
locatle: Command not found.
[sharmam@vader lib]$ locate iptable
/home/old_masta/usr/usr/bin/psfstriptable
/home/old_masta/usr/usr/lib/iptables
/home/old_masta/usr/usr/lib/iptables/libip6t_icmp.so
/home/old_masta/usr/usr/lib/iptables/libip6t_standard.so
/home/old_masta/usr/usr/lib/iptables/libip6t_tcp.so
/home/old_masta/usr/usr/lib/iptables/libip6t_udp.so
/home/old_masta/usr/usr/lib/iptables/libipt_DNAT.so
/home/old_masta/usr/usr/lib/iptables/libipt_LOG.so
/home/old_masta/usr/usr/lib/iptables/libipt_MARK.so
/home/old_masta/usr/usr/lib/iptables/libipt_MASQUERADE.so
/home/old_masta/usr/usr/lib/iptables/libipt_REDIRECT.so
/home/old_masta/usr/usr/lib/iptables/libipt_REJECT.so
/home/old_masta/usr/usr/lib/iptables/libipt_SNAT.so
/home/old_masta/usr/usr/lib/iptables/libipt_TOS.so
/home/old_masta/usr/usr/lib/iptables/libipt_icmp.so
/home/old_masta/usr/usr/lib/iptables/libipt_limit.so
/home/old_masta/usr/usr/lib/iptables/libipt_mac.so
/home/old_masta/usr/usr/lib/iptables/libipt_mark.so
/home/old_masta/usr/usr/lib/iptables/libipt_multiport.so
/home/old_masta/usr/usr/lib/iptables/libipt_owner.so
/home/old_masta/usr/usr/lib/iptables/libipt_standard.so
/home/old_masta/usr/usr/lib/iptables/libipt_state.so
/home/old_masta/usr/usr/lib/iptables/libipt_tcp.so
/home/old_masta/usr/usr/lib/iptables/libipt_tos.so
/home/old_masta/usr/usr/lib/iptables/libipt_udp.so
/home/old_masta/usr/usr/lib/iptables/libipt_unclean.so
/home/old_masta/usr/usr/share/man/man1/psfstriptable.1.gz
/home/old_masta/usr/usr/share/man/man8/iptables.8.gz
/home/old_masta/usr/usr/share/man/man8/iptables-restore.8.gz
/home/old_masta/usr/usr/share/man/man8/iptables-save.8.gz
/usr/bin/psfstriptable
/usr/share/doc/iptables-1.2.8
/usr/share/doc/iptables-1.2.8/KNOWN_BUGS
/usr/share/doc/iptables-1.2.8/COPYING
/usr/share/man/man1/psfstriptable.1.gz
/usr/share/man/man8/iptables-restore.8.gz
/usr/share/man/man8/iptables-save.8.gz
/usr/share/man/man8/iptables.8.gz
/usr/src/linux-2.4.20-27.7/net/ipv4/netfilter/iptable_filter.c
/usr/src/linux-2.4.20-27.7/net/ipv4/netfilter/iptable_mangle.c
/etc/rc.d/init.d/iptables
/etc/rc.d/rc0.d/K92iptables
/etc/rc.d/rc1.d/K92iptables
/etc/rc.d/rc2.d/S08iptables
/etc/rc.d/rc3.d/S08iptables
/etc/rc.d/rc4.d/S08iptables
/etc/rc.d/rc5.d/S08iptables
/etc/rc.d/rc6.d/K92iptables
/etc/firewall/firewall.conf.iptables
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.7-10/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-17.7.x/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.18-17.7.x/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.18-17.7.x/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-18.7.x/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.18-18.7.x/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.18-18.7.x/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-19.7.x/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.18-19.7.x/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.18-19.7.x/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.18-24.7.x/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-19.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.20-19.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.20-19.7/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-20.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.20-20.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.20-20.7/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-24.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.20-24.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.20-24.7/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/modules/2.4.20-27.7/kernel/net/ipv4/netfilter/iptable_filter.o
/lib/modules/2.4.20-27.7/kernel/net/ipv4/netfilter/iptable_mangle.o
/lib/modules/2.4.20-27.7/kernel/net/ipv4/netfilter/iptable_nat.o
/lib/iptables
/lib/iptables/libipt_MASQUERADE.so
/lib/iptables/libipt_DNAT.so
/lib/iptables/libip6t_LOG.so
/lib/iptables/libipt_LOG.so
/lib/iptables/libipt_MARK.so
/lib/iptables/libip6t_multiport.so
/lib/iptables/libipt_MIRROR.so
/lib/iptables/libipt_REDIRECT.so
/lib/iptables/libipt_REJECT.so
/lib/iptables/libipt_SAME.so
/lib/iptables/libipt_SNAT.so
/lib/iptables/libipt_TCPMSS.so
/lib/iptables/libipt_TOS.so
/lib/iptables/libipt_TTL.so
/lib/iptables/libipt_ULOG.so
/lib/iptables/libipt_ah.so
/lib/iptables/libipt_esp.so
/lib/iptables/libipt_icmp.so
/lib/iptables/libipt_iplimit.so
/lib/iptables/libipt_limit.so
/lib/iptables/libipt_mac.so
/lib/iptables/libipt_mark.so
/lib/iptables/libipt_multiport.so
/lib/iptables/libipt_owner.so
/lib/iptables/libipt_standard.so
/lib/iptables/libipt_state.so
/lib/iptables/libipt_tcp.so
/lib/iptables/libipt_tcpmss.so
/lib/iptables/libipt_tos.so
/lib/iptables/libipt_ttl.so
/lib/iptables/libipt_udp.so
/lib/iptables/libipt_unclean.so
/lib/iptables/libip6t_MARK.so
/lib/iptables/libip6t_icmpv6.so
/lib/iptables/libip6t_mark.so
/lib/iptables/libip6t_standard.so
/lib/iptables/libip6t_tcp.so
/lib/iptables/libip6t_udp.so
/lib/iptables/libipt_DSCP.so
/lib/iptables/libipt_ECN.so
/lib/iptables/libip6t_limit.so
/lib/iptables/libip6t_mac.so
/lib/iptables/libip6t_owner.so
/lib/iptables/libipt_TARPIT.so
/lib/iptables/libipt_conntrack.so
/lib/iptables/libipt_dscp.so
/lib/iptables/libipt_ecn.so
/lib/iptables/libipt_helper.so
/lib/iptables/libipt_length.so
/lib/iptables/libipt_physdev.so
/lib/iptables/libipt_pkttype.so
/lib/iptables/libipt_rpc.so
/lib/iptables/libip6t_HL.so
/lib/iptables/libip6t_eui64.so
/lib/iptables/libip6t_hl.so
/lib/iptables/libip6t_length.so
/sbin/iptables-restore
/sbin/iptables
/sbin/iptables-save

0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12711530
/sbin/iptables -L
0
 

Author Comment

by:mn210
ID: 12717529
[root@vader root]# /sbin/iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ScanD      tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ScanD      tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
ACCEPT     all  --  anywhere             anywhere          

It seems that there is no description of the services (www,dns,smtp etc) and also ethernet interfaces .I think this is not the right location. Can you please help ?

0
 

Author Comment

by:mn210
ID: 12717942
I am sorry . Actually, the command /sbin/iptables -L took a little time before giving the output. Now, it is a very big file and I am just sending a snap of it .

target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere           state RELATED,ESTABLISHED
ScanD      tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ScanD      tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
ACCEPT     all  --  anywhere             anywhere          
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spt:ssh dpts:login:1023
ACCEPT     tcp  --  anywhere             vader              tcp spts:1024:65535 dpt:ssh
ACCEPT     tcp  --  anywhere             vader              tcp spts:login:1023 dpt:ssh
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spt:ftp dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              tcp spt:ftp-data dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spts:1024:65535 dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              tcp spts:1024:65535 dpt:ftp
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spts:1024:65535 dpt:ftp-data
ACCEPT     tcp  --  anywhere             vader              tcp spts:1024:65535 dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spt:http dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              tcp spts:1024:65535 dpt:http
ACCEPT     tcp  --  anywhere             vader              tcp spts:1024:65535 dpt:webcache
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spt:https dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              tcp spts:1024:65535 dpt:https
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spt:finger dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spt:nicname dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spt:gopher dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              state RELATED,ESTABLISHED tcp spt:z39.50 dpts:1024:65535
ACCEPT     tcp  --  anywhere             vader              tcp spt:rtsp
ACCEPT     tcp  --  anywhere             vader              tcp spt:1723 dpts:1024:65535 state RELATED,ESTABLISHED
ACCEPT     gre  --  anywhere             anywhere          
ACCEPT     gre  --  anywhere             anywhere          
ACCEPT     udp  --  anywhere             vader              udp spts:32769:65535 dpts:traceroute:33523
ACCEPT     udp  --  anywhere             vader              udp spt:ntp dpts:1024:65535
ACCEPT     udp  --  anywhere             vader              udp spt:ntp dpt:ntp
ACCEPT     udp  --  anywhere             vader              udp spt:4000 dpts:1024:65535
LnD        all  --  vader                anywhere          
LnD        all  --  10.0.0.0/8           anywhere          
LnD        all  --  anywhere             10.0.0.0/8        
LnD        all  --  172.16.0.0/12        anywhere          
LnD        all  --  anywhere             172.16.0.0/12      
LnD        all  --  intranet/16          anywhere          
LnD        all  --  anywhere             intranet/16        
LnD        all  --  127.0.0.0/8          anywhere          
LnD        all  --  255.255.255.255      anywhere          
LnD        all  --  anywhere             0.0.0.0            
LnD        all  --  BASE-ADDRESS.MCAST.NET/4  anywhere          
LnD        all  --  240.0.0.0/5          anywhere          
LnD        tcp  --  anywhere             anywhere          
LnD        udp  --  anywhere             anywhere          
LnD        icmp --  anywhere             anywhere          

Chain FORWARD (policy DROP)
target     prot opt source               destination        
ScanD      tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/FIN,SYN,RST,PSH,ACK,URG
ScanD      tcp  --  anywhere             anywhere           tcp flags:FIN,SYN,RST,PSH,ACK,URG/NONE
DROP       all  --  12.154.142.0/24      anywhere          
DROP       all  --  anywhere             12.154.142.0/24    
DROP       all  --  12-235-89-0.client.attbi.com/24  anywhere          
DROP       all  --  anywhere             12-235-89-0.client.attbi.com/24
DROP       all  --  24.29.99.0/24        anywhere          
DROP       all  --  anywhere             24.29.99.0/24      
DROP       all  --  24.132.20.0/24       anywhere          
DROP       all  --  anywhere             24.132.20.0/24    
DROP       all  --  61.55.134.0/24       anywhere          
DROP       all  --  anywhere             61.55.134.0/24    
DROP       all  --  61.77.59.0/24        anywhere          
DROP       all  --  anywhere             61.77.59.0/24      
DROP       all  --  61.186.250.0/24      anywhere          
DROP       all  --  anywhere             61.186.250.0/24    
DROP       all  --  63.218.225.0/24      anywhere          
DROP       all  --  anywhere             63.218.225.0/24    
DROP       all  --  63.219.177.0/24      anywhere          
DROP       all  --  anywhere             63.219.177.0/24    
DROP       all  --  64.200.139.0/24      anywhere          
DROP       all  --  anywhere             64.200.139.0/24    
DROP       all  --  64.200.194.0/24      anywhere          
DROP       all  --  anywhere             64.200.194.0/24    
DROP       all  --  66.197.99.0/24       anywhere          
DROP       all  --  anywhere             66.197.99.0/24    
DROP       all  --  pcp09060095pcs.rocsth01.mi.comcast.net/24  anywhere          
DROP       all  --  anywhere             pcp09060095pcs.rocsth01.mi.comcast.net/24
DROP       all  --  h0.150.102.166.ip.alltel.net/24  anywhere          
DROP       all  --  anywhere             h0.150.102.166.ip.alltel.net/24
DROP       all  --  195.244.141.0/24     anywhere          
DROP       all  --  anywhere             195.244.141.0/24  
DROP       all  --  200.106.86.0/24      anywhere          
DROP       all  --  anywhere             200.106.86.0/24    
DROP       all  --  200-206-157-0.dsl.telesp.net.br/24  anywhere          
DROP       all  --  anywhere             200-206-157-0.dsl.telesp.net.br/24
DROP       all  --  202.154.161.0/24     anywhere          
DROP       all  --  anywhere             202.154.161.0/24  
DROP       all  --  207.139.47.0/24      anywhere          
DROP       all  --  anywhere             207.139.47.0/24    
DROP       all  --  207.228.219.0/24     anywhere          
DROP       all  --  anywhere             207.228.219.0/24  
DROP       all  --  209.150.72.0/24      anywhere          
DROP       all  --  anywhere             209.150.72.0/24    
DROP       all  --  211-74-86-0.adsl.dynamic.seed.net.tw/24  anywhere          
DROP       all  --  anywhere             211-74-86-0.adsl.dynamic.seed.net.tw/24
DROP       all  --  216.87.56.0/24       anywhere          
DROP       all  --  anywhere             216.87.56.0/24    
DROP       all  --  216.255.223.0/24     anywhere          
DROP       all  --  anywhere             216.255.223.0/24  
DROP       all  --  207.139.47.0/24      anywhere          
DROP       all  --  anywhere             207.139.47.0/24    
DROP       all  --  217.146.15.0/24      anywhere          
DROP       all  --  anywhere             217.146.15.0/24    
DROP       all  --  218.39.117.0/24      anywhere          
DROP       all  --  anywhere             218.39.117.0/24    
ACCEPT     icmp --  anywhere             anywhere           icmp source-quench
ACCEPT     icmp --  anywhere             anywhere           icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere           icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere           icmp fragmentation-needed
ACCEPT     icmp --  anywhere             anywhere           icmp time-exceeded
ACCEPT     icmp --  intranet/23          anywhere           icmp echo-request
ACCEPT     icmp --  anywhere             intranet/23        icmp echo-reply
ACCEPT     tcp  --  anywhere             vader              tcp dpt:ftp-data state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  vader                anywhere           tcp spt:ftp-data state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             vader              tcp dpt:ftp state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  vader                anywhere           tcp spt:ftp state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             vader              tcp dpt:ssh state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  vader                anywhere           tcp spt:ssh state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             vader              tcp dpt:http state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  vader                anywhere           tcp spt:http state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             vader              tcp dpt:https state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  vader                anywhere           tcp spt:https state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             vader              tcp dpt:8000 state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  vader                anywhere           tcp spt:8000 state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             sebulba            tcp dpt:webcache state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  sebulba              anywhere           tcp spt:webcache state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             sebulba            tcp dpt:ssh state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  sebulba              anywhere           tcp spt:ssh state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             sebulba            tcp dpt:smtp state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  sebulba              anywhere           tcp spt:smtp state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             sebulba            tcp dpt:pop3 state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  sebulba              anywhere           tcp spt:pop3 state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             sebulba            tcp dpt:imap state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  sebulba              anywhere           tcp spt:imap state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             enterprise.mksi.comtcp dpt:ssh state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  enterprise.mksi.com  anywhere           tcp spt:ssh state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             enterprise.mksi.comtcp dpt:1972 state NEW,RELATED,ESTABLISHED
ACCEPT     tcp  --  enterprise.mksi.com  anywhere           tcp spt:1972 state NEW,RELATED,ESTABLISHED
ACCEPT     udp  --  intranet/23          anywhere           udp spts:1024:65535 dpt:domain
ACCEPT     udp  --  anywhere             intranet/23        udp spt:domain dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:domain
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:domain dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:auth
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:auth dpts:1024:65535
ACCEPT     udp  --  intranet/23          anywhere           udp spt:isakmp dpt:isakmp
ACCEPT     udp  --  anywhere             intranet/23        udp spt:isakmp dpt:isakmp
ACCEPT     udp  --  intranet/23          anywhere           udp dpt:10000
ACCEPT     udp  --  anywhere             intranet/23        udp dpt:10000
ACCEPT     ipv6-crypt--  intranet/23          anywhere          
ACCEPT     ipv6-crypt--  anywhere             intranet/23        
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:nntp
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:nntp dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:nntps
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:nntps dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:telnet
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:telnet dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:ssh
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:ssh dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:login:1023 dpt:ssh
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:ssh dpts:login:1023
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpts:ftp-data:ftp
ACCEPT     tcp  --  anywhere             intranet/23        tcp spts:ftp-data:ftp dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpts:1024:65535
ACCEPT     tcp  --  anywhere             intranet/23        tcp spts:1024:65535 dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:http
ACCEPT     tcp  --  anywhere             intranet/23        tcp spt:http dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:https
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:https dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:finger
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:finger dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:nicname
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:nicname dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:gopher
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:gopher dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:z39.50
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:z39.50 dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:rtsp
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:rtsp dpts:1024:65535
ACCEPT     tcp  --  intranet/23          anywhere           tcp spts:1024:65535 dpt:1723
ACCEPT     tcp  --  anywhere             intranet/23        state RELATED,ESTABLISHED tcp spt:1723 dpts:1024:65535
ACCEPT     gre  --  intranet/23          anywhere          
ACCEPT     gre  --  anywhere             intranet/23        
ACCEPT     udp  --  intranet/23          anywhere           udp spts:32769:65535 dpts:traceroute:33523
ACCEPT     udp  --  anywhere             intranet/23        udp spts:traceroute:33523 dpts:32769:65535
ACCEPT     udp  --  anywhere             intranet/23        udp spts:32769:65535 dpts:traceroute:33523
ACCEPT     udp  --  intranet/23          anywhere           udp spts:1024:65535 dpt:ntp
ACCEPT     udp  --  anywhere             intranet/23        udp spt:ntp dpts:1024:65535
ACCEPT     udp  --  intranet/23          anywhere           udp spt:ntp dpt:ntp
ACCEPT     udp  --  anywhere             intranet/23        udp spt:ntp dpt:ntp
ACCEPT     udp  --  intranet/23          anywhere           udp spts:1024:65535 dpt:4000
ACCEPT     udp  --  anywhere             intranet/23        udp spt:4000 dpts:1024:65535

Chain OUTPUT (policy DROP)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere          
DROP       all  --  12.154.142.0/24      anywhere          
DROP       all  --  anywhere             12.154.142.0/24    
 --------------------
Now, Here only destination host vader (Web Server) is used and there is no mention of eth0 (external ethernet interface ) and if I have to make changes in these rules , how can I do it ?


0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12721528
Hi,

  Your iptables looks ok since there is no "ACCEPT" on any IP address.

   However, you can backup your current iptables ( as root )
# /sbin/iptables-save -t /root/iptables.bak

Regards,

Wesly
0
 

Author Comment

by:mn210
ID: 12727705
While backing up , I got this message:
[root@vader sbin]# /sbin/iptables-save -t /root/iptables.bak
iptables-save v1.2.8: Can't initialize: Table does not exist (do you need to insmod?)

Secondly, as I am new to sysadmin, can you please carify as how is this file - iptables created ? Actually, from what I know, we normally write firewall rules in some text file and store in /etc/sysconfig/iptables and then run /etc/init.d/iptables . As I don't have this file in /etc/sysconfig/iptabkles and as this  file 'iptables' is very big , is there some script running behind the sceen ?  Can you plase clarify ?
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12732629
> how is this file - iptables created
The original configuration should be /etc/sysconfig/iptables-config.
And the rules file is /etc/sysconfig/iptables.
As root, you can use "/sbin/iptables" to add or remove the rules on current firewall.
So, perhaps, someone add those rule by issuing "/sbin/iptables" through command line.
(man iptables) for more details.

You can read /etc/init.d/iptables (shell script) for more clues.

Wesly
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month19 days, 3 hours left to enroll

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question