Opening and Closing ports iptables, I am newbie

Support for security such as Firewalls and securing linux

Opening and Closing ports iptables, I am newbie

Postby zero477 » 2011/12/08 23:15:13

Hello Everyone,

I am new to Linux and to this Forum. So sorry if my question is to dump. I read the asking section part, I hope I make my question correctly.

I had just bought a Virtual Private Server, which runs with CentOS 5. I connect to the VPS using Putty from my house.

I am trying to open Ports 8080 and 8888 to establish comunication with one of our providers on the server.

This is what I am doing (I followed one of the help articles: http://wiki.centos.org/HowTos/Network/IPTables):

1. I log in and get access route
2. I type the following lines of code:

# /sbin/iptables -P INPUT ACCEPT
# /sbin/iptables -F
# /sbin/iptables -A INPUT -i lo -j ACCEPT
# /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# /sbin/iptables -A INPUT -p tcp --dport 8888 -j ACCEPT
# /sbin/iptables -P INPUT ACCEPT
# /sbin/iptables -P FORWARD DROP
# /sbin/iptables -P OUTPUT ACCEPT
# /sbin/iptables -L -v
# /sbin/service iptables save

After that, I am trying to see if the port is open in: http://www.yougetsignal.com/tools/open-ports/

I type in my log in and the port number but it doesen't work. How can I know if the port is realy opened.

Furthermore, I do not understand the differences between INPUT, FORWARD and OUTPUT.
zero477
 
Posts: 1
Joined: 2011/12/08 22:57:03

Opening and Closing ports iptables, I am newbie

Postby TrevorH » 2011/12/08 23:33:38

# /sbin/iptables -P INPUT ACCEPT


This sets the input policy default to accept all packets. Unless the last rule in the INPUT chain rejects or drops all packets that haven't already been accepted then all your ports are open. Your current rules do not do this!

Furthermore, I do not understand the differences between INPUT, FORWARD and OUTPUT.


Three separate chains of rules controlling 1) packets from outside your machine destined for it 2) packets being forwarded by your machine to other places and 3) packets originating on your machine destined for other places. Each chain has its own ruleset and policy. The policy for the chain controls what happens to packets that do not match any rule in that chain - so -P INPUT ACCEPT tells it that any packets input to your machine that haven't been handled by the rules by the time it reaches the end of the chain should be accepted.
User avatar
TrevorH
Forum Moderator
 
Posts: 9075
Joined: 2009/09/24 10:40:56
Location: Brighton, UK


Return to CentOS 6 - Security Support

Who is online

Users browsing this forum: No registered users and 1 guest