Please can somebody help me. I'm trying to open ports 999, 1982 and 1983 but am not having much luck. I used
iptables -A INPUT -i eth0 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
to open the ports but haven't been successful. I was told to make sure that your server TCP ports: 999, 1982, 1983 are fully open inbound and outbound and that destination IP address for those ports is 72.232.181.106.
I've been trying for ages to get these ports open, but haven't had any luck.
This is the first time I've ever used a dedicated server and I am very new to all of this so I in advance for lack of knowledge:confused:
Thanks
There is difference b/w -A (Append) option and -I (Insert). Probably you may have DROP/REJECT policy and you APPENDING ACCEPT policy so that ACCEPT will not considered if any DROP/REJECT will match before. Best you can do is to replace -A with -I in our posted iptables commands.
I changed A to I, but it still doesn't seem to work. This is what I get:
Last login: Wed Apr 30 09:53:57 on console
Macintosh-2:~ lucyohara$ ssh root@213.171.206.28
root@213.171.206.28's password:
Last login: Tue Apr 29 19:42:49 2008 from 78.146.65.6
[root@localhost ~]# iptables -I INPUT -i eth1 -p tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables -I INPUT -i eth1 -p tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables -I INPUT -i eth1 -p tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
[root@localhost ~]# iptables-save
# Generated by iptables-save v1.3.5 on Wed Apr 30 10:16:05 2008
*filter
:INPUT ACCEPT [112715:32372866]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [129770:72226245]
-A INPUT -i eth1 -p tcp -m tcp --sport 1983 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --sport 1982 -m state --state NEW,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -p tcp -m tcp --sport 999 -m state --state NEW,ESTABLISHED -j ACCEPT
COMMIT
# Completed on Wed Apr 30 10:16:05 2008
[root@localhost ~]#
I'm trying to open the ports so that video can be streamed on the site, but the video still isn't showing at all
Please join that list from link http://www.netfilter.org/mailinglists.html\#ml-user
Possibly your video application/protocol requires a netfilter helper. That protocl might NOT support NAT traversal. Usually it requires a complete network as well protocol understanding to setup a firewall.
Thanks, I'll have a look at that
I've been able to access the filewall file and the results by going to vi /etc/sysconfig/firewall
This will make the rules persistent across reboots. You can see the general commands to open ports up if you search for the appropriately commented areas.are:
#!/bin/sh
#fix for passive ftp connection tracking
/sbin/modprobe ip_conntrack_ftp
# Drop ICMP echo request messages sent to multicast or broadcast addresses
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
# Drop source routed packets
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route
# Enable TCP SYS cookie (DoS) protection
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
# Don't accept ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects
# Don't send ICMP redirect messages
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
# Enable source address spoofing protection
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
"/etc/sysconfig/firewall" 88L, 3244C
does that mean anything?