[Centos] Open/Closed Ports

Tue Jan 11 08:26:10 UTC 2005
Johnny Hughes <mailing-lists at hughesjr.com>

On Tue, 2005-01-11 at 15:22 +1100, Wayne Bastow wrote:
> Hi,
> 
> Just installed CentOS 3.3. I said to allow only http and ssh when I
> did the install. I can ssh to the machine and until I compiled apache
> 2 and installed it seperately I could connect to the default web
> server. I am running oracle on the box and have found that I can't
> connect remotely to oracle from another linux box (sql*net works fine
> on the CentOS box itself). I think it is because the port (oracle is
> on 1521) is blocked. Can anyone give me an idea of where to start?
> I've looked at hosts.deny/allow  and they both contain no entries and
> I can't find anything in /etc that seems to be involved in the
> problem.
> 

Do you want all machines or just specific machines to be able to
connect?

You current /etc/sysconfig/iptables should contain 2 lines like this
(and other lines as well ... but these 2 are the remote connection
allowed lines):

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Add a line like this (just below the -dport 80 line) to allow all
machines to make a NEW connection to the oracle machine:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 1521 -j ACCEPT

If you would like only one one subnet to make NEW connections to the
Oracle machine, make it like this instead (I'll assume you want the
local class C network of 192.168.1.0/24 to connect ... that is IPs
192.168.1.1 to 192.168.1.254):

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp -s 192.168.1.0/24 --dport 1521 -j ACCEPT

All the lines beginning with -A are single lines (in case the wrap).

-- 
Johnny Hughes
<http://www.HughesJR.com/>