[TriLUG] iptables and opening a port
Joseph Tate
jtate at dragonstrider.com
Wed Sep 17 12:09:44 EDT 2003
Christopher L Merrill wrote:
> <background>
> We have a server that is behind a firewall and is (was) our CVS server.
> The machine is an older RedHat machine recently upgraded to 9.0.
> During a recent maintenance task we installed all of the latest
> RH security patches. We can no longer access the CVS server on that
> machine...the port (2401) is now blocked.
> <background>
>
> So the question is: How do we open the port?
>
> On my home server, which has a fresh RH9 installation, the 'lokkit'
> program
> allowed me to easily open a port...it appears to edit the
> /etc/sysconfig/iptables
> config file. I tried that on this server and it appeared to edit the
> iptables config file (AFAICT), but now other ports are blocked as well
> (80)...so this apparently did not work.
>
> We also tried disabling iptables completely (using chkconfig) and even
> after rebooting, the ports are still blocked. Ironically, since this
> machine is firewalled in our LAN, we don't really need any ports blocked.
>
> TIA,
> Chris
>
In RHL 9, the lokkit program was rewritten and renamed
redhat-config-securitylevel.
I'd recommend always blocking unused ports even when behind a firewall.
All it takes is one compromised laptop brought in from home to get into
your "crunchy on the outside, soft and chewy in the middle" network.
More information about the TriLUG
mailing list