CentOS 6.6 Port opening question

I have two CentOS 6.6 guests running on Vmware both on Vmnet8 - NAT. They are configured to have a static IP addresses - 192.168.150.175 (ipa) and 192.168.150.176 (ipa2).

I am able to telnet into these machines from by Windows host (port 22 of guest forwarded)
I am able to ping these machines from one another (see results below)
However i am not able to reach specific ports even after opening them via IPTables.

[localuser1@ipa2 ~]$ ping 192.168.150.175
PING 192.168.150.175 (192.168.150.175) 56(84) bytes of data.
64 bytes from 192.168.150.175: icmp_seq=1 ttl=64 time=0.216 ms
^C
--- 192.168.150.175 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 458ms
rtt min/avg/max/mdev = 0.216/0.216/0.216/0.000 ms

[localuser1@ipa ipa]$ ping 192.168.150.176
PING 192.168.150.176 (192.168.150.176) 56(84) bytes of data.
64 bytes from 192.168.150.176: icmp_seq=1 ttl=64 time=0.439 ms
64 bytes from 192.168.150.176: icmp_seq=2 ttl=64 time=0.250 ms
^C
--- 192.168.150.176 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1341ms
rtt min/avg/max/mdev = 0.250/0.344/0.439/0.096 ms

Open in new window


Here is the telnet results between the two machines

[localuser1@ipa2 ~]$ telnet 192.168.150.175 80
Trying 192.168.150.175...
telnet: connect to address 192.168.150.175: No route to host
[localuser1@ipa2 ~]$ telnet 192.168.150.175 22 (Succeeds)
Trying 192.168.150.175...
Connected to 192.168.150.175.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
^C
Connection closed by foreign host.
[localuser1@ipa2 ~]$

Open in new window



If i turn off IPtables then i am able to access them fine. But i dont want to do that.

Here is the state of IPtables from the 192.168.150.175 (ipa) machine.

[localuser1@ipa ipa]$ sudo iptables -L -n --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain IPA (0 references)
num  target     prot opt source               destination
1    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:7389
2    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:443
3    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:636
4    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:389
5    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:464
6    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:123
7    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:53
8    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:80
9    ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:88
10   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:7389
11   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
12   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:636
13   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:389
14   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:464
15   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:123
16   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:53
17   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
18   ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:88

Open in new window

chavi1011Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MazdajaiCommented:
In ipa Try:

iptables-save > /tmp/ipt.org
iptables -I INPUT 5 -p tcp --dport 80 -j ACCEPT
iptables-save > /tmp/ipt.new
iptables-restore < /tmp/ipt.new

Open in new window


If that didn't work, add the following and check for logs:
iptables -A INPUT -j LOG --log-prefix "INPUT:DROP:" --log-level 6
iptables -A INPUT -j DROP

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.