iptables advice needed: Open port 10050

Support for security such as Firewalls and securing linux
Post Reply
superkikim
Posts: 3
Joined: 2012/10/25 12:16:05

iptables advice needed: Open port 10050

Post by superkikim » 2012/10/25 12:22:20

Hi,

I've installed zabbix agent on a CentOS server, and I need to open port 10050.

I've run the following command:

[code]
sudo iptables -A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
[/code]

But I can't even access port 10050 from a remote server with telnet. However telneting port 22 works.

iptables -L gives

[code]
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1002 82233 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
8 480 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3 160 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 292 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10050

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 153 packets, 20168 bytes)
pkts bytes target prot opt in out source destination
[/code]

zabbix-agentd is running and is listening on port 10050:

[code]
# netstat -apnt | grep 10050
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 12617/zabbix_agentd
[/code]

Is there any rule that cancel my added rule for port 10050 ? do I have to reorder the rules ? if yes, how do I proceed ?

Is there any other reason why it shouldn't work ?

Note that I have other Debian servers currently monitored, and it works.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

iptables advice needed: Open port 10050

Post by TrevorH » 2012/10/25 17:59:05

You've added the rule at the end of the chain, after the existing REJECT rule so it is never reached. Move it to before the REJECT rule.

superkikim
Posts: 3
Joined: 2012/10/25 12:16:05

Re: iptables advice needed: Open port 10050

Post by superkikim » 2012/10/25 18:25:41

as asked in my post... how do I do that ? :-)

Is it possible to change the order in the command line ? or do I have to edit the master iptables config file ?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: iptables advice needed: Open port 10050

Post by TrevorH » 2012/10/25 23:21:16

So first remove the one you added in the wrong place by running

[code]
iptables -D INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
[/code]

then add it back in again in the right place by Inserting it rather than Appending it

[code]
iptables -I INPUT 5 -p tcp -m tcp --dport 10050 -j ACCEPT
[/code]

(5 is the line number to insert the new rule)

tigalch
QA Team
Posts: 522
Joined: 2012/06/23 17:28:41
Location: Austria

Re: iptables advice needed: Open port 10050

Post by tigalch » 2012/10/28 20:58:20

You can also edit the firewall configuration in /etc/sysconfig/iptables and add a line with the port you need to open.
i.e. below the rule for SSH:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10050 -j ACCEPT
This will add the port to the firewall whenever you reboot the host or restart the firewall.

Post Reply