Find the answer to your Linux question:
Results 1 to 5 of 5
I'm trying to send my router syslog messages to my Fedora 7 box. So I'm want to open udp port 514. I typed - iptables -A INPUT -i eth0 -p ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2006
    Posts
    16

    Are my iptables working


    I'm trying to send my router syslog messages to my Fedora 7 box. So I'm want to open udp port 514.


    I typed - iptables -A INPUT -i eth0 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT

    I restarted iptables - service iptables restart

    However when I run iptables -L I do not see my open port. see below -
    ================================================== =============
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT 0 -- anywhere anywhere

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain RH-Firewall-1-INPUT (1 references)
    target prot opt source destination
    ACCEPT 0 -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp any
    ACCEPT esp -- anywhere anywhere
    ACCEPT ah -- anywhere anywhere
    ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
    ACCEPT udp -- anywhere anywhere udp dpt:ipp
    ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
    ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
    ================================================== ===========

    Also I cannot see my new entry in the /etc/sysconfig/iptables file -

    ==============================================
    # Firewall configuration written by system-config-securitylevel
    # Manual customization of this file is not recommended.
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [0:0]
    :RH-Firewall-1-INPUT - [0:0]
    -A INPUT -j RH-Firewall-1-INPUT
    -A RH-Firewall-1-INPUT -i lo -j ACCEPT
    -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
    -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
    -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
    -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
    -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
    -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
    -A FORWARD -j REJECT --reject-with icmp-host-prohibited
    COMMIT
    ================================================== ==

    I've also run a nmap scan and cannot see port 514 open.

    Am I doing something wrong here?

    Thanks

    PJ

  2. #2
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Quote Originally Posted by Criller
    I typed - iptables -A INPUT -i eth0 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT

    I restarted iptables - service iptables restart
    After adding the iptables rule, you need to save it.

    # service iptables save
    # service iptables restart

    In that order. (And the restart is not really necessary.)

  3. #3
    Just Joined!
    Join Date
    Dec 2006
    Posts
    16
    I did a service iptables save which made no difference.

    Just to be sure I've doen it again but I still see no reference to udp port 514 in the iptables file?

    =================================================
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT 0 -- anywhere anywhere
    ACCEPT udp -- anywhere anywhere udp spt:syslog state ESTABLISHED

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain RH-Firewall-1-INPUT (1 references)
    target prot opt source destination
    ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
    ACCEPT 0 -- anywhere anywhere
    ACCEPT icmp -- anywhere anywhere icmp any
    ACCEPT esp -- anywhere anywhere
    ACCEPT ah -- anywhere anywhere
    ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
    ACCEPT udp -- anywhere anywhere udp dpt:ipp
    ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
    ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
    ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
    ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
    REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
    ================================================== ===

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru anomie's Avatar
    Join Date
    Mar 2005
    Location
    Texas
    Posts
    1,692
    Quote Originally Posted by Criller View Post
    Just to be sure I've doen it again but I still see no reference to udp port 514 in the iptables file?

    ...
    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    RH-Firewall-1-INPUT 0 -- anywhere anywhere
    ACCEPT udp -- anywhere anywhere udp spt:syslog state ESTABLISHED
    ...
    Sure, it is there. You just may not see it yet.

    Try the command:
    grep '514\/udp' /etc/services

    Got it? If not, then view iptables chains a different way:
    # iptables -nvL

    (and read about what the -n option does for iptables.)

  6. #5
    Just Joined!
    Join Date
    Dec 2006
    Posts
    16

    Got it!

    Hi Anomie,

    Got it working now. I ran a UDP port scanner called "portqueryui" which gave more information than the other scanners I tried. It told me that port 514 was open but not LISTENING. After a bit of Googling I realised that the instructions I followed for setting up syslog were different. I had added '-r -x' to the /etc/rc.d/init.d/syslog file and not the /etc/sysconfig/syslog. Made the changes and my router syslog messages started flowing.

    Thanks for taking the time in helping me with this.

    Cheers

    PJ

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •