[CentOS] Inquiry:iptables ?

Mon Nov 2 14:57:15 UTC 2009
ken <gebser at mousecar.com>

On 11/02/2009 09:36 AM Rob Kampen wrote:
> ken wrote:
>> On 10/31/2009 04:10 AM Tony Molloy wrote:
>>  
>>> On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
>>>    
>>>> Dear All
>>>> To open a port , I know that I need to go to "System ->
>>>> Administration ->
>>>> Security Level and Firewall" -> Other ports and then I can open
>>>> port-5901
>>>> as tcp protocol . Can you please do me favor and let me know how it
>>>> can be
>>>> done from the command line (if my CentOS is text-mode installed) ?
>>>> (perhaps
>>>> via iptables?)
>>>> Let me thank you in advance
>>>>       
>>> Edit /etc/sysconfig/iptables
>>>
>>> Restart iptables with service iptables restart
>>>
>>> Tony
>>>     
>>
>> My /etc/sysconfig/iptables states at the top that editing of it is not
>> recommended.  Yeah, I don't always follow such recommendations myself,
>> but is there perhaps another way more in keeping with the sense of the
>> application?
>>
> Yeah, editing directly can be risky, nothing worse than making a change
> only to find that access to your server just disappeared and you need to
> get in front of it to reset via the console....
> I use webmin for most of my edits, only make it accessible from the LAN
> and not the WAN. You can always tunnel the :10000 port via ssh and
> access securely from a remote location.
> The webmin console is left open while I test, thus I have not yet
> tripped up on this though I can imagine it is not fool proof.
> HTH
> Rob

Rob,

Sounds like you've thought through the process and have a well-planned
strategy for failure-prevention.  Cool.

I checked my port 10000 (ssh -p 10000 ...) and found it not available
("Connection refused").  So in what sense, or how, can I always tunnel it?

tnx.