amir damirov
asked on
IPBTALES problem.
Hi, All.
I have an issue with IPTABLES rules. Here is below image shows my iptables rules. But i can not "telnet" port 2196. I've edited directly "/etc/sysconfig/selinux". And restarted iptables. Selinux disabled.
What am i doing wrong ?
I have an issue with IPTABLES rules. Here is below image shows my iptables rules. But i can not "telnet" port 2196. I've edited directly "/etc/sysconfig/selinux". And restarted iptables. Selinux disabled.
What am i doing wrong ?
iptables -t filter -L --line-numbers
iptables -t nat -L --line-numbers
it is better to post text as opposed to images.
What is the setup?
try connecting localy to the port, does it answer?
lsof -i:2196 what is bound to it?
telnet localhost 2196
netstat -an | grep ":2196"
iptables -t nat -L --line-numbers
it is better to post text as opposed to images.
What is the setup?
try connecting localy to the port, does it answer?
lsof -i:2196 what is bound to it?
telnet localhost 2196
netstat -an | grep ":2196"
ASKER
Hi Arnold. This is result of the commands.
iptables -t filter -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:2196
2 ACCEPT tcp -- anywhere anywhere tcp dpt:2195
3 ACCEPT tcp -- anywhere anywhere tcp dpt:hpvirtgrp
4 ACCEPT udp -- anywhere anywhere udp dpt:websm
5 ACCEPT tcp -- anywhere anywhere tcp dpt:websm flags:FIN,SYN,RST,ACK/SYN
6 ACCEPT tcp -- anywhere anywhere tcp dpt:websm flags:FIN,SYN,RST,ACK/SYN
7 ACCEPT tcp -- anywhere anywhere tcp dpt:5858 flags:FIN,SYN,RST,ACK/SYN
8 ACCEPT tcp -- anywhere anywhere tcp dpt:5858 flags:FIN,SYN,RST,ACK/SYN
9 ACCEPT udp -- anywhere anywhere udp dpt:8091
10 ACCEPT udp -- anywhere anywhere udp dpt:us-cli
11 ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli flags:FIN,SYN,RST,ACK/SYN
12 ACCEPT tcp -- anywhere anywhere tcp dpt:jamlink flags:FIN,SYN,RST,ACK/SYN
13 ACCEPT tcp -- anywhere anywhere tcp dpt:websm
14 ACCEPT tcp -- anywhere anywhere tcp dpt:5858
15 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
16 ACCEPT icmp -- anywhere anywhere
17 ACCEPT all -- anywhere anywhere
18 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
19 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
20 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:appserv-http
21 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
22 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5858
23 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:websm
24 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
25 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
iptables -t nat -L --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Nope, can not telnet that port. Lsof and netstat also shows nothing.
iptables -t filter -L --line-numbers
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:2196
2 ACCEPT tcp -- anywhere anywhere tcp dpt:2195
3 ACCEPT tcp -- anywhere anywhere tcp dpt:hpvirtgrp
4 ACCEPT udp -- anywhere anywhere udp dpt:websm
5 ACCEPT tcp -- anywhere anywhere tcp dpt:websm flags:FIN,SYN,RST,ACK/SYN
6 ACCEPT tcp -- anywhere anywhere tcp dpt:websm flags:FIN,SYN,RST,ACK/SYN
7 ACCEPT tcp -- anywhere anywhere tcp dpt:5858 flags:FIN,SYN,RST,ACK/SYN
8 ACCEPT tcp -- anywhere anywhere tcp dpt:5858 flags:FIN,SYN,RST,ACK/SYN
9 ACCEPT udp -- anywhere anywhere udp dpt:8091
10 ACCEPT udp -- anywhere anywhere udp dpt:us-cli
11 ACCEPT tcp -- anywhere anywhere tcp dpt:us-cli flags:FIN,SYN,RST,ACK/SYN
12 ACCEPT tcp -- anywhere anywhere tcp dpt:jamlink flags:FIN,SYN,RST,ACK/SYN
13 ACCEPT tcp -- anywhere anywhere tcp dpt:websm
14 ACCEPT tcp -- anywhere anywhere tcp dpt:5858
15 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
16 ACCEPT icmp -- anywhere anywhere
17 ACCEPT all -- anywhere anywhere
18 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
19 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
20 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:appserv-http
21 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:webcache
22 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5858
23 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:websm
24 ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
25 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:https
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
iptables -t nat -L --line-numbers
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Nope, can not telnet that port. Lsof and netstat also shows nothing.
This means you have nothing on the system listening on this port.
What service was configured to listen on port 2196?
Compared the results you received with 2196 with the other ports....
i.e. lsof -i:443
iptables are not the issue based on your last comment, you do not have anything on this port to connect to.
What service was configured to listen on port 2196?
Compared the results you received with 2196 with the other ports....
i.e. lsof -i:443
iptables are not the issue based on your last comment, you do not have anything on this port to connect to.
ASKER
I've task just, to open these ports in server. So it means when i'll apply this port to some services it will work ?
yes it should work in the same way as the other entries.
do 2195,8091, 5858 work now?
Presumably iptables are used in this case to shield the system from .....
do 2195,8091, 5858 work now?
Presumably iptables are used in this case to shield the system from .....
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
if port open, i can telnet it from other server. But i can not. As you see from list of iptable, i've allowed to open those spesific ports.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for detalied information.
iptables -A INPUT -i eth0 -p tcp --dport 2196 -j ACCEPT
If your interface is called something other that eth0 then change it in the above command.