[CentOS] centos firewall?

Sat Apr 25 13:21:45 UTC 2009
Robert Spangler <mlists at zoominternet.net>

On Friday 24 April 2009 18:51, Jason Todd Slack-Moehrle wrote:

>  How do I add 5900 to the centos firewall? How do I edit the conf file?

I don't know your knowledge so....
Lets go through this step by step.
Commands will be between [].
Examples will be between ''.

You are looking to see why  port 5900 is blocked.
Are you sure something is listening on this port?

Check to see if port 5900 is listening with the following:
[lsof -i]

If that port is not listed or if the service is listening on another port you 
should see this now.  If not then start the service and try to connect again.

Still having issues connecting then we should check the firewall.

First lets see if the firewall is up:
[service iptables status]

If the firewall is up this should give you a list of all the rules present.
If the firewall is not running it will state firewall is not running.

If the firewall is not running, vcn is running and you still cannot connect 
the problem is outside your control and you will have to talke with your 
service provider.  Even if the firewall is running the service provider can 
still be blocking the port so after ensureing/configuring the below and you 
are still unable to connect you need to contact the service provider and 
question them.

If the firewall is running you now have to figure out how it is being started.  
Some people use the default method (myself included) and some use scripts 
(which I believe is because they do not know how or understand how to 
configure the default setup).

First let us check in what run level the system is started.
[grep id: /etc/inittab]

You should see something like

This is run level 3 and all my startup scripts are going to start from 

Look in this directory for anything that might be iptables or firewall 
related.  As stated above some time a script other then the default is used 
to start the firewall.  Do you see anything other then iptables?

Scripts starting with a 'K' are not run and those with an 'S' are.

We should also check rc.local to ensure there is nothing being started there 
that might over ride firewall if it is started in 'rc3.d'.

If you have determined that the firewall is being started the default way and 
it is up and running then /etc/sysconfig/iptables is the file you have to 
look at and edit.  If the firewall is being started using another method then 
you are going to have to look at that script to determine how to 
correct/update that script.

You can edit the file with 'vim' or 'vi', depending on what is installed on 
your system, from the command line.

Here is a link to a very good IPTABLES Tutorial.



Linux User #296285