IPtables - opening ports not working

linux networking iptables redhat
5,994

You have several problems with your commands.

First of, DELETE all your "filter table" rules and start from scratch: iptables --flush

Then focus only on what you want and do not copy/paste commands from google without knowing what they do:

You want to open port 18819 for incomming connections, the protocol is tcp and the source can be anything, the interface is probably eth0:

iptables -A INPUT -i eth0 -p tcp --dport 18819 -j ACCEPT

Also, don't lock yourself out of the system:

iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT

Finally close all other ports (run as the last command, anything added after this will be useless).

iptables -A INPUT -j DROP

If you want to go further then read some docs: start here then here then here and off course, read the man page for iptables: man iptables

NOTE: In the first command you were opening the port only for NEW connections, keeping out STABLISHED connections. For the second it shows you are way over your head ;) start simple.

EDIT:

You actually need to especify the state of the connection (NEW, ESTABLISHED and RELATED).

/sbin/iptables -A INPUT -i eth0 -p tcp --dport $PORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

/sbin/iptables -A INPUT -i eth0 -p tcp --sport $PORT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Share:
5,994

Related videos on Youtube

kjbradley
Author by

kjbradley

Updated on September 18, 2022

Comments

  • kjbradley
    kjbradley over 1 year

    I am writing a script to open ports based on a textfile, and am having problems opening these ports. For instance, I have tried opening port 18819 by entering the command

    /sbin/iptables -A INPUT -m state --state NEW -p tcp --dport 18819 -j ACCEPT

    or

    /sbin/iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d [myIP] --dport 18819 -m state --state NEW,ESTABLISHED -j ACCEPT

    If i enter : iptables --list --numeric Result:

    ... 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:18819 
...

    If i enter: vi /etc/sysconfig/iptables

    109 -A INPUT -p tcp -m state --state NEW -m tcp --dport 18819 -j ACCEPT-
110 -A INPUT -p tcp -m state --state NEW -m tcp --dport 7667 -j ACCEPT-
111 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-
112 -A INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT-
113 -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT-
114 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT-
115 -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT-
116 -A INPUT -p tcp -m state --state NEW -m tcp --dport 10781 -j ACCEPT-
117 -A INPUT -p tcp -m state --state NEW -m tcp --dport 18819 -j ACCEPT-
118 -A INPUT -p tcp -m state --state NEW -m tcp --dport 7667 -j ACCEPT-
119 -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-
120 -A INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT-
121 -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT-
122 -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT-
123 -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT-
124 -A INPUT -p tcp -m state --state NEW -m tcp --dport 10781 -j ACCEPT-
125 -A INPUT -p tcp -m state --state NEW -m tcp --dport 18819 -j ACCEPT-

    You can see I have entered it numerous times. No matter what, after I do a "service iptables restart" or save, the ports are still appearing to be closed via telnet (from other machines on same network) and closed via port scanning software. Any thoughts?

    • Michael Hampton
      Michael Hampton over 10 years
      Is there really a - at the end of each of those lines?
    • kjbradley
      kjbradley over 10 years
      Sorry- vi shows spaces as a "-"
    • kjbradley
      kjbradley over 10 years
      (or it could just be my vim.rc)
    • user9517
      user9517 over 10 years
      You're using -A you probably should use -I.
  • kjbradley
    kjbradley over 10 years
    interesting, I am using 6.4 as well
  • kjbradley
    kjbradley over 10 years
    Tried this solution and it does work (kind of) - DROPing all incoming connections makes any connection to port 18819 unnreachable. I tried opening ranges of for loops and keeping the DROP command without success (1-16000).. Any Ideas why closing all incoming ports makes this fail?
  • kjbradley
    kjbradley over 10 years
    my flow is now: flush open ports close remaining ports save restart

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to make all outgoing RST drop
Allow ssh incoming/outgoing and blocking all outgoing besides specific ports
tc on bridge port
Why are incoming packets on a TAP interface seen with tcpdump but not with iptables?
TCP connect: No route to host
Mirror all traffic from one port to another on localhost using iptables
iptables - how to keep source IP after forwarding?
How to forward http request to a proxy server?
iptables rule for loopback interface lo
How to use iptables to allow traffic only through ONE SPECIFIC VPN