Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

RHEL5 kickstart iptables configuration

Posted on 2009-05-19
5
Medium Priority
?
1,265 Views
Last Modified: 2013-12-16
I am trying to deploy several workstations via kickstart.
The media is exported via nfs on a RHEL5.3 server
If I turn off iptables on the server my kickstart installation works, however when I enable iptables on the server the clients show an error Error downloading kickstart file message.

I have set nfs to static ports and enabled these in the iptables. I can mount directories manually without problem via another linux box with iptables enabled on the server, however it fails when kickstart does an nfs mount. Kickstart nfs mount only works when iptables is disabled on the server.

What changes and ports need to be enabled in iptables?
0
Comment
Question by:1Tsupp
3 Comments
 
LVL 29

Expert Comment

by:Michael Worsham
ID: 24430508
On the NFS server, do the following: 'rpcinfo -p <server IP address>'. See which ports are being assigned to the NFS modules.

Restart nfs, run rpcinfo again and see if the the ports change. If so, then portmapper is still being used to control the ports.
0
 
LVL 35

Expert Comment

by:Duncan Roe
ID: 24430534
Kickstart uses tftp in the early stages, so you need to allow that.
Otherwise I suggest you log the packets you drop (e.g. with a logdrop chain as per attachment). That way, you will quickly learn what else you may need to open.
# A chain to log & drop a packet, except don't log FIN pkts
iptables -N logdrop
iptables -A logdrop -p tcp -m tcp --tcp-flags FIN FIN -j DROP
iptables -A logdrop -j LOG --log-level debug
iptables -A logdrop -j DROP

Open in new window

0
 

Accepted Solution

by:
1Tsupp earned 0 total points
ID: 24430587
Thanks, i'll try the logs if there any more problems but i've been able to fix it with the following iptables rules:

-A RH-Firewall-1-INPUT  -p udp -m udp --dport 137 -j ACCEPT
-A RH-Firewall-1-INPUT  -p udp -m udp --dport 138 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p udp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p tcp --dport 111 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p tcp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p udp --dport 2049 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p tcp --dport 32769 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p udp --dport 32769 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p udp --dport 892 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p tcp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p udp --dport 875 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p tcp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT  -m state --state NEW -p udp --dport 662 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

1. Introduction As many people are interested in Linux but not as many are interested or knowledgeable (enough) to install Linux on their system, here is a safe way to try out Linux on your existing (Windows) system. The idea is that you insta…
The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
In this video, Percona Solutions Engineer Barrett Chambers discusses some of the basic syntax differences between MySQL and MongoDB. To learn more check out our webinar on MongoDB administration for MySQL DBA: https://www.percona.com/resources/we…
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question