Find the answer to your Linux question:
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 11 to 20 of 21
Could you post the contents of /etc/sysconfig/ipchains instead?...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578

    Could you post the contents of /etc/sysconfig/ipchains instead?

  2. #12
    Just Joined!
    Join Date
    Jun 2002
    Location
    Lindenhurst, NY
    Posts
    35
    I don't know if it's the same in 7.3 as it is in 8.0, but there is GUI program that might help you. It is similar as to what is displayed when you choose a custom install. It'll let you open up whatever ports you want!!!

    Code:
    /usr/bin/redhat-config-securitylevel
    If it doesn't work, I'm sorry to have wasted everyone's time.

    Tithefug

  3. #13
    Linux User
    Join Date
    Jul 2002
    Location
    Daytona Beach, FL
    Posts
    487
    anthony

    that would indicate that you do have a firewall, post Dolda's file and we will try to modify it to stop blocking everything...

    see this line:

    REJECT tcp -y---- anywhere anywhere any -> 0:1023
    it is saying reject any tcp packet(common internet protocol) between ports 0 and 1023 - since telnet is 23 and ftp is 21 they both get blocked. (Incidentally most everything would get blocked with this rule)
    majorwoo

    Quiet brain, or I\'ll stab you with a Q-tip.

  4. #14
    Just Joined!
    Join Date
    Jan 2003
    Location
    East Coast USA
    Posts
    15

    contents of /etc/sysconfig/ipchains

    sorry about the confusion, I must have read the wrong box when posting that last message.

    the /etc/sysconfig/ipchains file contains:

    # Firewall configuration written by lokkit
    # Manual customization of this file is not recommended.
    # Note: ifup-post will punch the current nameservers through the
    # firewall; such entries will *not* be listed here.
    :input ACCEPT
    :forward ACCEPT
    :output ACCEPT
    -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
    -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
    -A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
    -A input -p udp -s 0/0 -d 0/0 0:1023 -j REJECT
    -A input -p udp -s 0/0 -d 0/0 2049 -j REJECT
    -A input -p tcp -s 0/0 -d 0/0 6000:6009 -y -j REJECT
    -A input -p tcp -s 0/0 -d 0/0 7100 -y -j REJECT

    If anyone lives in the South Jersey area, let me know, I'll take us all out to pizza to show my appreciation. Thanks for everyone's patience and wisdom

  5. #15
    Linux User
    Join Date
    Jul 2002
    Location
    Daytona Beach, FL
    Posts
    487
    -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
    -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
    -A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
    etc

    you have that, change it to this:

    -A input -s 0/0 -d 0/0 -i lo -j ACCEPT
    -A input -p tcp -s 0/0 -d 0/0 21 -y -j ACCEPT
    -A input -p tcp -s 0/0 -d 0/0 23 -y -j ACCEPT
    -A input -p tcp -s 0/0 -d 0/0 0:1023 -y -j REJECT
    -A input -p tcp -s 0/0 -d 0/0 2049 -y -j REJECT
    etc

    That should enable you to get a connection on port 21 and 23 ..
    NOTE: Order is important, that's why i pasted some of the lines you already had...

    after you change the file you will have to to

    service ipchains restart

    and if after all of that you do

    /sbin/iptables -L

    you should see something that says to accept anything on port 21 and another line for 23

    (anyone else, is there a save option in here? i seem to recall this, or did we bypass that by editing the file?)

    I think i could have done 21,23 but i wasn't sure so...

    when i mentioned ftp and passive and ssh it was because you may need something like this to get ftp to work the way you want it to, plus some more tweaking with your ftp server:
    ipchains -A input -p tcp -j ACCEPT -s 0/0 ftp-data -d 0/0 56000:65096 -y
    majorwoo

    Quiet brain, or I\'ll stab you with a Q-tip.

  6. #16
    Just Joined!
    Join Date
    Jan 2003
    Location
    East Coast USA
    Posts
    15

    Many thanks

    Thank you very much to Dolda2000 and Major Woo!

    Thanks for your patience and wisdom. It all works now!

    -Anthony

    LOL, a side note, I first accidently misplaced the 2 new lines and it still wasn't working, then I discovered my mistake. Also, I learned why the commands 'service' and 'ipchains' were not working. I SUed to root and forgot that $PATH was not set up properly. Now all is well though! I love learning

  7. #17
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Try "su -" instead, and the PATH will be correctly set.

    As they say in Japan: Benkyou benkyou =)

  8. #18
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Try "su -" instead, and the PATH will be correctly set.

    As they say in Japan: Benkyou benkyou =)

  9. #19
    Linux User
    Join Date
    Jul 2002
    Location
    Daytona Beach, FL
    Posts
    487
    there goes Dolda again, listening to himself talk...
    majorwoo

    Quiet brain, or I\'ll stab you with a Q-tip.

  10. #20
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Did I do that?! I didn't even notice... No, really, honest! =)

Page 2 of 3 FirstFirst 1 2 3 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •