Hi,
I've installed zabbix agent on a CentOS server, and I need to open port 10050.
I've run the following command:
[code]
sudo iptables -A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
[/code]
But I can't even access port 10050 from a remote server with telnet. However telneting port 22 works.
iptables -L gives
[code]
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
1002 82233 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
8 480 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
3 160 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 292 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10050
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 153 packets, 20168 bytes)
pkts bytes target prot opt in out source destination
[/code]
zabbix-agentd is running and is listening on port 10050:
[code]
# netstat -apnt | grep 10050
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 12617/zabbix_agentd
[/code]
Is there any rule that cancel my added rule for port 10050 ? do I have to reorder the rules ? if yes, how do I proceed ?
Is there any other reason why it shouldn't work ?
Note that I have other Debian servers currently monitored, and it works.
iptables advice needed: Open port 10050
iptables advice needed: Open port 10050
You've added the rule at the end of the chain, after the existing REJECT rule so it is never reached. Move it to before the REJECT rule.
-
- Posts: 3
- Joined: 2012/10/25 12:16:05
Re: iptables advice needed: Open port 10050
as asked in my post... how do I do that ? :-)
Is it possible to change the order in the command line ? or do I have to edit the master iptables config file ?
Is it possible to change the order in the command line ? or do I have to edit the master iptables config file ?
Re: iptables advice needed: Open port 10050
So first remove the one you added in the wrong place by running
[code]
iptables -D INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
[/code]
then add it back in again in the right place by Inserting it rather than Appending it
[code]
iptables -I INPUT 5 -p tcp -m tcp --dport 10050 -j ACCEPT
[/code]
(5 is the line number to insert the new rule)
[code]
iptables -D INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
[/code]
then add it back in again in the right place by Inserting it rather than Appending it
[code]
iptables -I INPUT 5 -p tcp -m tcp --dport 10050 -j ACCEPT
[/code]
(5 is the line number to insert the new rule)
Re: iptables advice needed: Open port 10050
You can also edit the firewall configuration in /etc/sysconfig/iptables and add a line with the port you need to open.
i.e. below the rule for SSH:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10050 -j ACCEPT
This will add the port to the firewall whenever you reboot the host or restart the firewall.
i.e. below the rule for SSH:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 10050 -j ACCEPT
This will add the port to the firewall whenever you reboot the host or restart the firewall.