Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?) Let me thank you in advance
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
Thank you for your reply . But it is returned "No such file" for /etc/sysconfig/iptables . Can you please correct me ? Thank you in advance
On Sat, Oct 31, 2009 at 8:10 AM, Tony Molloy tony.molloy@ul.ie wrote:
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can
be
done from the command line (if my CentOS is text-mode installed) ?
(perhaps
via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
Dept. of Comp. Sci. University of Limerick. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
hadi motamedi wrote:
Thank you for your reply . But it is returned "No such file" for /etc/sysconfig/iptables . Can you please correct me ?
if fthat file doesn't exist, you're probably not running the dfeault centos firewall scripts, you may well have some other firewall script on there, or none at all.
On Saturday 31 October 2009 08:27:49 hadi motamedi wrote:
Thank you for your reply . But it is returned "No such file" for /etc/sysconfig/iptables . Can you please correct me ? Thank you in advance
Is iptables installed
rpm -qa | grep iptables
Tony
On Sat, Oct 31, 2009 at 8:10 AM, Tony Molloy tony.molloy@ul.ie wrote:
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can
be
done from the command line (if my CentOS is text-mode installed) ?
(perhaps
via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
Dept. of Comp. Sci. University of Limerick. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks for your message . Please be informed that iptables is being installed : #rpm -qa|grep iptables iptables-1.3.5-1.2.1 iptables-ipv6-1.3.5-1.2.1 Please be informed that on the System -> Administration -> Security Level and Firewall , I can try to add the port but there is no /etc/sysconfig/iptables on my CentOS server . Can you please let me know what is wrong my case ? Thank you in advance
On Sat, Oct 31, 2009 at 8:34 AM, Tony Molloy tony.molloy@ul.ie wrote:
On Saturday 31 October 2009 08:27:49 hadi motamedi wrote:
Thank you for your reply . But it is returned "No such file" for /etc/sysconfig/iptables . Can you please correct me ? Thank you in advance
Is iptables installed
rpm -qa | grep iptables
Tony
On Sat, Oct 31, 2009 at 8:10 AM, Tony Molloy tony.molloy@ul.ie wrote:
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System ->
Administration
-> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me
know
how it can
be
done from the command line (if my CentOS is text-mode installed) ?
(perhaps
via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
Dept. of Comp. Sci. University of Limerick. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
--
Dept. of Comp. Sci. University of Limerick. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
hadi motamedi wrote:
Thanks for your message . Please be informed that iptables is being installed : #rpm -qa|grep iptables iptables-1.3.5-1.2.1 iptables-ipv6-1.3.5-1.2.1 Please be informed that on the System -> Administration -> Security Level and Firewall , I can try to add the port but there is no /etc/sysconfig/iptables on my CentOS server . Can you please let me know what is wrong my case ?
Get out of the gui. Open a shell window. Edit the file in your favorite text editor.
mark
On 10/31/2009 04:10 AM Tony Molloy wrote:
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
My /etc/sysconfig/iptables states at the top that editing of it is not recommended. Yeah, I don't always follow such recommendations myself, but is there perhaps another way more in keeping with the sense of the application?
ken wrote:
On 10/31/2009 04:10 AM Tony Molloy wrote:
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
My /etc/sysconfig/iptables states at the top that editing of it is not recommended. Yeah, I don't always follow such recommendations myself, but is there perhaps another way more in keeping with the sense of the application?
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Yeah, editing directly can be risky, nothing worse than making a change only to find that access to your server just disappeared and you need to get in front of it to reset via the console.... I use webmin for most of my edits, only make it accessible from the LAN and not the WAN. You can always tunnel the :10000 port via ssh and access securely from a remote location. The webmin console is left open while I test, thus I have not yet tripped up on this though I can imagine it is not fool proof. HTH Rob
On 11/02/2009 09:36 AM Rob Kampen wrote:
ken wrote:
On 10/31/2009 04:10 AM Tony Molloy wrote:
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
My /etc/sysconfig/iptables states at the top that editing of it is not recommended. Yeah, I don't always follow such recommendations myself, but is there perhaps another way more in keeping with the sense of the application?
Yeah, editing directly can be risky, nothing worse than making a change only to find that access to your server just disappeared and you need to get in front of it to reset via the console.... I use webmin for most of my edits, only make it accessible from the LAN and not the WAN. You can always tunnel the :10000 port via ssh and access securely from a remote location. The webmin console is left open while I test, thus I have not yet tripped up on this though I can imagine it is not fool proof. HTH Rob
Rob,
Sounds like you've thought through the process and have a well-planned strategy for failure-prevention. Cool.
I checked my port 10000 (ssh -p 10000 ...) and found it not available ("Connection refused"). So in what sense, or how, can I always tunnel it?
tnx.
On Mon, Nov 2, 2009 at 10:57 AM, ken gebser@mousecar.com wrote:
On 11/02/2009 09:36 AM Rob Kampen wrote:
ken wrote:
On 10/31/2009 04:10 AM Tony Molloy wrote:
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
My /etc/sysconfig/iptables states at the top that editing of it is not recommended. Yeah, I don't always follow such recommendations myself, but is there perhaps another way more in keeping with the sense of the application?
Yeah, editing directly can be risky, nothing worse than making a change only to find that access to your server just disappeared and you need to get in front of it to reset via the console.... I use webmin for most of my edits, only make it accessible from the LAN and not the WAN. You can always tunnel the :10000 port via ssh and access securely from a remote location. The webmin console is left open while I test, thus I have not yet tripped up on this though I can imagine it is not fool proof. HTH Rob
Rob,
Sounds like you've thought through the process and have a well-planned strategy for failure-prevention. Cool.
I checked my port 10000 (ssh -p 10000 ...) and found it not available ("Connection refused"). So in what sense, or how, can I always tunnel it?
tnx.
You can use iptables to insert and delete rules in the running instance, and after testing you can save the new set up.
The syntax is:
iptables -I $TABLE_NAME $POS -s $SRC_IPS -m state --state NEW -p tcp --dport 5901 -j ACCEPT
The default TABLE_NAME is "RH-Firewall-1-INPUT" for CentOS
You can figure out the POS you want by running
iptables -L which dumps the rules on the screen
The SRC_IPS are the machine(s) you want to grant access to.
If you mess up, you can just restart iptables and you'll be back to where you were. These changes are not permanent. If you're working remotely, you can set up a cron job to restart iptables at some sensible interval so you won't be locked out until you have physical access to the machine.
Once you're satisfied the new rules are working right, you can use the iptables script in /etc/init.d to save the new config. And don't forget to get rid of the cron job above.
Take a look at iptables-restore and iptables-save, too.
Barry
ken wrote:
On 11/02/2009 09:36 AM Rob Kampen wrote:
ken wrote:
On 10/31/2009 04:10 AM Tony Molloy wrote:
On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?) Let me thank you in advance
Edit /etc/sysconfig/iptables
Restart iptables with service iptables restart
Tony
My /etc/sysconfig/iptables states at the top that editing of it is not recommended. Yeah, I don't always follow such recommendations myself, but is there perhaps another way more in keeping with the sense of the application?
Yeah, editing directly can be risky, nothing worse than making a change only to find that access to your server just disappeared and you need to get in front of it to reset via the console.... I use webmin for most of my edits, only make it accessible from the LAN and not the WAN. You can always tunnel the :10000 port via ssh and access securely from a remote location. The webmin console is left open while I test, thus I have not yet tripped up on this though I can imagine it is not fool proof. HTH Rob
Rob,
Sounds like you've thought through the process and have a well-planned strategy for failure-prevention. Cool.
I checked my port 10000 (ssh -p 10000 ...) and found it not available ("Connection refused"). So in what sense, or how, can I always tunnel it?
tnx. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Ken, I first setup webmin on the server - this listens on port 10000 by default (https). Then from a remote location I can ssh servername -L 8081:localhost:10000 This will capture local port 8081 and tunnel to the remote server port 10000. Then with firefox I enter https://localhost:8081/ and I get the remote server's webmin. HTH Rob
hadi motamedi wrote:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?)
older versions of RHEL had a lokkit text menu based util for setting basic firewall ports. I dunno but it may still be available in current versions. all it actually does is edit that sysconfig/iptables file and restart the iptables service that tony mentions, same as the GUI program does.
also, you could make a backup of that file on a GUI system, add a port, then diff the backup and the current iptables file to see exactly what the GUI does
Am Samstag, den 31.10.2009, 08:48 +0100 schrieb hadi motamedi:
Dear All To open a port , I know that I need to go to "System -> Administration -> Security Level and Firewall" -> Other ports and then I can open port-5901 as tcp protocol . Can you please do me favor and let me know how it can be done from the command line (if my CentOS is text-mode installed) ? (perhaps via iptables?) Let me thank you in advance
system-config-securitylevel-tui -q -p $port:$proto
eg for HTTP
system-config-securitylevel-tui -q -p 80:tcp
financial.com AG
Munich head office/Hauptsitz München: Maria-Probst-Str. 19 | 80939 München | Germany Frankfurt branch office/Niederlassung Frankfurt: Messeturm | Friedrich-Ebert-Anlage 49 | 60327 Frankfurt | Germany Management board/Vorstand: Dr. Steffen Boehnert | Dr. Alexis Eisenhofer | Dr. Yann Samson | Matthias Wiederwach Supervisory board/Aufsichtsrat: Dr. Dr. Ernst zur Linden (chairman/Vorsitzender) Register court/Handelsregister: Munich – HRB 128 972 | Sales tax ID number/St.Nr.: DE205 370 553
-
Christoph Maser -
hadi motamedi -
John R Pierce -
ken -
mark -
Negative -
Rob Kampen -
Tony Molloy