Can not open ports in iptables on CentOS 5?
Solution 1
Assuming that you don't have any REJECT/DROP statements above, all you need to do for an internal network (let's say that you're on 10.1.1.x and want all hosts in that range) is a statement such as:
-A RH-Firewall-1-INPUT -s 10.1.1.0/24 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
and follow this for each additional port. Check the top of the file and make sure that
:RH-Firewall-1-INPUT - [0:0]
is present or use the standard -A INPUT
instead.
! Keep in mind that iptables is processed top to bottom. !
If this doesn't work, post your whole conf or move your DROP or REJECT line to the end of the file (but above COMMIT).
Make sure to do a /sbin/service iptables reload
after.
Solution 2
cHao was on the right track with asking for more of the iptables. In my ignorance I was not aware that the position of an entry in the iptables mattered (although since they are chains I should of picked up on that.) Anyway the issue was that all of my lines were falling after this line:
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
Once I moved them before the above line everything worked fine.
Related videos on Youtube
jiggergargle
Updated on September 17, 2022Comments
-
jiggergargle almost 2 years
I am trying to open up ports in CentOS's firewall and am having a terrible go at it. I have followed the "HowTo" here: http://wiki.centos.org/HowTos/Network/IPTables as well as a few other places on the Net but I still can't get the bloody thing to work.
Basically I wanted to get two things working: VNC and Apache over the internal network. The problem is that the firewall is blocking all attempts to connect to these services. Now if I issue
service iptables stop
and then try to access the server via VNC or hit the webserver everything works as expected. However the moment I turn iptables back on all of my access is blocked. Below is a truncated version of my iptables file as it appears in vi
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5801 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5901 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 6001 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 5900 -j ACCEPT -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
Really I would just be happy if I could get port 80 opened up for Apache since I can do most stuff via putty but if I could figure out VNC as well that would be cool. As far as VNC goes there is just a single/user desktop that I am trying to connect to via: [ipaddress]:1
Any help would be greatly appreciated!
-
Admin about 14 yearsHi cHao, thanks for the quick response but that does not alter the behavior of the Cent box =\
-
Admin about 14 yearsI'm going by the info i have. If you could pastebin the whole iptables setup and post a link, or add it to your post if it's not too big, i could maybe help more.