Centos 5: Firewall# 2

tjie
tjie used Ask the Experts™
on
Hi,

1) I have enterprise network (consisting of LAN 1 and LAN 2)
- LAN 1: 172.17.17.0/24
- LAN 2: 192.168.51.0/24
2) DC1
- It is a domain controller (Windows 2003, DNS server, DHCP servers, Wins server)
- Located at LAN 1
- Its IP is 172.17.17.10
- The domain is boba.com

3) DC2
-It is a replica domain controller [Windows 2003, Backup of DNS server, Backup of DHCP server, Wins server (replication partner with DC1)]
-Its IP is 172.17.17.11

4) XP1
- It is a client machine (Windows XP)
- It gets the IP address from DHCP servers
- It is at LAN 1

5) Centos_5
- It is a linux Machine (OS is Centos 5.3)
- It is at LAN 1
- The assigned IP address is 172.17.17.30
- Its DNS servers (or name servers are DC1 and DC2)
- I put the  DNS record at the DNS server of DC1 for this Centos_5

6) RRAS
- It is a Routing and Remote Access Server
- It is a stand alone machine (Workgroup; it is not in the domain)

7) XP2
-It is a client machine
-It is at LAN 2

8) The Status
- From any machine, I can ping Centos_5 by its IP address (172.17.17.30)
- From Centos_5, I can ping DC1 (by its name "DC1"), Dc2, XP1, etc

9) The Goal: To check the Firewall status of this Centos_5

10) Action:
- I am at [root@CENTOS_5 ~]#
- I go to " cd /etc/sysconfig "; so i will be at [root@CENTOS_5 sysconfig]#
- Then, I type in " ./iptables --list "
- The message: "bash: ./iptables : permission denied (and i am logging in as "root" already)

11) Any help?

thanks,
tjie
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Artysystem administrator
Top Expert 2007
Commented:
You should type /sbin/iptables, say:

/sbin/iptables
/sbin/iptables -nvL 
/sbin/iptables -nL INPUT
/sbin/iptables -nL FORWARD
/sbin/iptables -nL OUTPUT

Open in new window



Regards,
Arty
Artysystem administrator
Top Expert 2007
Commented:
Also (more readable output):

/sbin/iptables-save

Open in new window

Author

Commented:
Hi Arty,

Do you know the answer for the above question ?

" - The message: "bash: ./iptables : permission denied (and i am logging in as "root" already) "

thanks
tjie
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
Hi Arty,

1) Would you explain the FUNCTION of

- /sbin/iptables -nvL

- /sbin/iptables -nL INPUT

-/sbin/iptables -nL FORWARD

- /sbin/iptables -nL OUTPUT

- /sbin/iptables-save

2) thanks

tjie
Artysystem administrator
Top Expert 2007

Commented:
man iptables - this should show you expaination

-n - don't resolve to names (say show IP as IP, not as hostname)
-v - be verbose, show packets count, that matched that rule
-L - list all rules

-L INPUT - list only INPUT chain
-L FORWARD - .. FORWARD
-L OUTPUT - .. OUTPUT

Without any chain you should get list of all chains -nvL. For more explanation of chains read 'man iptables'

Regards,
Arty
system administrator
Top Expert 2007
Commented:
> Do you know the answer for the above question ?
> " - The message: "bash: ./iptables : permission denied (and i am logging in as "root" already) "

Sure.

/etc/sysconfig/iptables is a text file, it can't be executed directly, but you may view it with:
less /etc/sysconfig/iptables

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial