Are my iptables working

[Criller]

I'm trying to send my router syslog messages to my Fedora 7 box. So I'm want to open udp port 514.


I typed - iptables -A INPUT -i eth0 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT

I restarted iptables - service iptables restart

However when I run iptables -L I do not see my open port. see below -
================================================== =============
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
================================================== ===========

Also I cannot see my new entry in the /etc/sysconfig/iptables file -

==============================================
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
================================================== ==

I've also run a nmap scan and cannot see port 514 open.

Am I doing something wrong here?

Thanks

PJ

[anomie]

I typed - iptables -A INPUT -i eth0 -p udp --sport 514 -m state --state ESTABLISHED -j ACCEPT

I restarted iptables - service iptables restart

After adding the iptables rule, you need to save it.

# service iptables save
# service iptables restart

In that order. (And the restart is not really necessary.)

[Criller]

I did a service iptables save which made no difference.

Just to be sure I've doen it again but I still see no reference to udp port 514 in the iptables file?

=================================================
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:syslog state ESTABLISHED

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
ACCEPT 0 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT 0 -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW udp dpt:syslog
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT 0 -- anywhere anywhere reject-with icmp-host-prohibited
================================================== ===

[anomie]

Just to be sure I've doen it again but I still see no reference to udp port 514 in the iptables file?

...
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT 0 -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:syslog state ESTABLISHED
...

Sure, it is there. You just may not see it yet.

Try the command:
grep '514\/udp' /etc/services

Got it? If not, then view iptables chains a different way:
# iptables -nvL

(and read about what the -n option does for iptables.)

[Criller]

Hi Anomie,

Got it working now. I ran a UDP port scanner called "portqueryui" which gave more information than the other scanners I tried. It told me that port 514 was open but not LISTENING. After a bit of Googling I realised that the instructions I followed for setting up syslog were different. I had added '-r -x' to the /etc/rc.d/init.d/syslog file and not the /etc/sysconfig/syslog. Made the changes and my router syslog messages started flowing.

Thanks for taking the time in helping me with this.

Cheers

PJ