Find the answer to your Linux question:
Results 1 to 6 of 6
So I bought myself a VPS for hosting game server, it went fine I installed the server succesfully. But then I tried to open/forward ports for it and I simply ...
  1. 01-24-2011 #1
    Kubko
    Kubko is offline
    Just Joined!
    Join Date
    Jan 2011
    Posts
    1

    Need help with ports

    So I bought myself a VPS for hosting game server, it went fine I installed the server succesfully. But then I tried to open/forward ports for it and I simply couldn't...

    I did this:
    nano /etc/sysconfig/iptables
    added after all the other stuff:
    iptables -A INPUT -p tcp --dport 27015 -j ACCEPT


    then typed
    /etc/sysconfig/iptables restart

    but i got this error:

    Flushing firewall rules: [ OK ]
    Setting chains to policy ACCEPT: mangle filter nat [ OK ]
    Unloading iptables modules: [ OK ]
    Applying iptables firewall rules: iptables-restore: line 24 failed [FAILED]

    my iptables file:
    Code:
    # Generated by iptables-save v1.3.5 on Mon Jan 24 20:14:50 2011
*mangle
:PREROUTING ACCEPT [1148:54713]
:INPUT ACCEPT [1148:54713]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1010:251147]
:POSTROUTING ACCEPT [1010:251147]
COMMIT
# Completed on Mon Jan 24 20:14:50 2011
# Generated by iptables-save v1.3.5 on Mon Jan 24 20:14:50 2011
*filter
:INPUT ACCEPT [1148:54713]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1010:251147]
-A INPUT -p tcp -m tcp --dport 27015 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 27000:27015 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 1200 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --sport 27000:27015 -j ACCEPT 
COMMIT
# Completed on Mon Jan 24 20:14:50 2011
# Generated by iptables-save v1.3.5 on Mon Jan 24 20:14:50 2011
*nat
:PREROUTING ACCEPT [2:124]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Mon Jan 24 20:14:50 2011
    using centos 5

    edit: ok so i just went mad and opened all ports tcp and udp by typing

    iptables -A INPUT -p udp -m udp --dport 1:65000 -j ACCEPT
    iptables -A INPUT -p tcp -m tcp --dport 1:65000 -j ACCEPT

    but still doenst work.. canyouseeme.org says 0 ports are opened
    Last edited by Kubko; 01-24-2011 at 04:27 PM.
    Reply With Quote Reply With Quote
  2. 01-24-2011 #2
    Lazydog
    Lazydog is offline
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,281
    If you are simply going to open all the ports then you just need to stop the firewall to do this.
    I would strongly suggest you not do this as it opens your system up for attack.

    I can help you with your rules but I need to know what posts you need open as everything else should be closed.

    Best way to setup a firewall is to Block everything and then only open what you need open.

    The following will only allow ports 1200 and 27000-27015 only. Everything else will be dropped.
    I am assuming that your network interface is eth0.

    Code:
    # Completed on Mon Jan 24 20:14:50 2011
# Generated by iptables-save v1.3.5 on Mon Jan 24 20:14:50 2011
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A OUTPUT -o eth0 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 27000:27015 -m state --state NEW -j ACCEPT 
-A INPUT -i eth0 -p tcp -m tcp --dport 1200 -m state --state NEW -j ACCEPT 
-A INPUT -i eth0 -j DROP
COMMIT
# Completed on Mon Jan 24 20:14:50 2011
    This can be locked down some more by not allowing any new connection out.

    Do the following:

    mv /etc/sysconfig/iptables /etc/sysconfig/iptables.org
    vim /etc/sysconfig/iptables

    Then cut and paste the above rules into the editor and save them.
    Stop the firewall and then Start it. Use the sevice iptables stop/start to stop and start the firewall.
    Let me know if there were any errors when the firewall was started.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted
    Reply With Quote Reply With Quote
  3. 01-25-2011 #3
    ni_boy
    ni_boy is offline
    Just Joined!
    Join Date
    Sep 2006
    Location
    Norfolk Island
    Posts
    31
    Based on your action of opening everything (very heart of darkness that) but getting a 0 port open response I'd guess there's also something upstream from your system which is currently blocking inbound to your IP. Maybe your provider needs to be told you are ready to go online.

    But before you investigate that, work with Lazydog to get yr IPTables correct & locked down as the rules there are bang on.
    Reply With Quote Reply With Quote
  4. 01-25-2011 #4
    comport3
    comport3 is offline
    Just Joined!
    Join Date
    Nov 2006
    Posts
    5
    VPS are a bit different to normal Linux servers.

    They should have already assigned you a Public IP, meaning the port forwarding is not required, but you should work on a good iptables firewall config.

    Please post your ifconfig here..
    Reply With Quote Reply With Quote
  5. 01-25-2011 #5
    comport3
    comport3 is offline
    Just Joined!
    Join Date
    Nov 2006
    Posts
    5
    This is the output of an 'ifconfig' for my Debian 5 VPS that functions as a mail server:

    venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
    inet addr:27.50.94.228 P-t-P:27.50.94.228 Bcast:0.0.0.0 Mask:255.255.255.25
    5
    UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
    Reply With Quote Reply With Quote
  6. 03-16-2011 #6
    steveLinux
    steveLinux is offline
    Just Joined!
    Join Date
    Mar 2011
    Posts
    1
    On a Debian box with shorewall and a virtual network interface (venet0) I get the same error. Maybe somebody can help with that:
    iptables-restore: line 24 failed
    ERROR: iptables-restore Failed. Input is in /var/lib/shorewall/.iptables-restore-input
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...