[CentOS] Inquiry:iptables ?

Mon Nov 2 18:51:53 UTC 2009
Rob Kampen <rkampen at kampensonline.com>

ken wrote:
> On 11/02/2009 09:36 AM Rob Kampen wrote:
>   
>> ken wrote:
>>     
>>> On 10/31/2009 04:10 AM Tony Molloy wrote:
>>>  
>>>       
>>>> On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
>>>>    
>>>>         
>>>>> Dear All
>>>>> To open a port , I know that I need to go to "System ->
>>>>> Administration ->
>>>>> Security Level and Firewall" -> Other ports and then I can open
>>>>> port-5901
>>>>> as tcp protocol . Can you please do me favor and let me know how it
>>>>> can be
>>>>> done from the command line (if my CentOS is text-mode installed) ?
>>>>> (perhaps
>>>>> via iptables?)
>>>>> Let me thank you in advance
>>>>>       
>>>>>           
>>>> Edit /etc/sysconfig/iptables
>>>>
>>>> Restart iptables with service iptables restart
>>>>
>>>> Tony
>>>>     
>>>>         
>>> My /etc/sysconfig/iptables states at the top that editing of it is not
>>> recommended.  Yeah, I don't always follow such recommendations myself,
>>> but is there perhaps another way more in keeping with the sense of the
>>> application?
>>>
>>>       
>> Yeah, editing directly can be risky, nothing worse than making a change
>> only to find that access to your server just disappeared and you need to
>> get in front of it to reset via the console....
>> I use webmin for most of my edits, only make it accessible from the LAN
>> and not the WAN. You can always tunnel the :10000 port via ssh and
>> access securely from a remote location.
>> The webmin console is left open while I test, thus I have not yet
>> tripped up on this though I can imagine it is not fool proof.
>> HTH
>> Rob
>>     
>
> Rob,
>
> Sounds like you've thought through the process and have a well-planned
> strategy for failure-prevention.  Cool.
>
> I checked my port 10000 (ssh -p 10000 ...) and found it not available
> ("Connection refused").  So in what sense, or how, can I always tunnel it?
>
> tnx.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>   
Ken, I first setup webmin on the server - this listens on port 10000 by 
default (https).
Then from a remote location I can
ssh servername -L 8081:localhost:10000
This will capture local port 8081 and tunnel to the remote server port 
10000.
Then with firefox I enter https://localhost:8081/
and I get the remote server's webmin.
HTH
Rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: rkampen.vcf
Type: text/x-vcard
Size: 121 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20091102/0975fc69/attachment-0005.vcf>