Firewall Configuration in Linux in Centos 6.2
-
CentOS does have a tool for adding ports, but other than pointing you to the tool, it doesn't really let us help you. It's not terribly hard to use, but doing an IPTables edit allows us to completely make the change for you. One of the beauties of text configuration files is that we can completely do the fix, not just tell you where to look.
But if you want to try the TUI, here is the link...
system-config-firewall-tui
-
@scottalanmiller Ok Scott.I have not noted the things properly so only the confusion came here.Sorry to one and all
-
@thanksajdotcom said:
@Lakshmana said:
@thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open
Ok, I'm not angry, but I'm frustrated. What you just gave us was useful. However, we asked several times for the info and you kept not giving it to us. If it's a language barrier, I'm sorry but I was being as simple and plain as possible.
SNMP = 161
SMTP = 25 (unsecured), 465 (secured), 587 (secured)
POP3, = 110 (unsecured), 995 (secured)
IMAP = 143 (unsecured), 993 (secured)Unless you've blocked them in IPTables already, they should be open.
They are all blocked by default. Only SSH and ICMP are open by default on CentOS. RHEL / CentOS is secure by default.
-
If you're SSHing into the box, run
cat /etc/sysconfig/iptables
Highlight the output in whatever client you're using to SSH, likely PuTTY, and paste it here. Please. We can't help you without that info.
-
Here is the only thing that I could find for a firewall block diagram. Definitely not useful for anyone working with firewalls.
-
@scottalanmiller said:
@thanksajdotcom said:
@Lakshmana said:
@thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open
Ok, I'm not angry, but I'm frustrated. What you just gave us was useful. However, we asked several times for the info and you kept not giving it to us. If it's a language barrier, I'm sorry but I was being as simple and plain as possible.
SNMP = 161
SMTP = 25 (unsecured), 465 (secured), 587 (secured)
POP3, = 110 (unsecured), 995 (secured)
IMAP = 143 (unsecured), 993 (secured)Unless you've blocked them in IPTables already, they should be open.
They are all blocked by default. Only SSH and ICMP are open by default on CentOS. RHEL / CentOS is secure by default.
Ok, my mistake. Well, those are the ports. Given the info, I'd doubt they are using TLS or SSL, so probably 25 and 143. No reason to use POP3. Avoid it like the plague.
-
@thanksajdotcom OK AJ.Thank u.I will configure the things tommorow at my office,
-
Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.
-
@thecreativeone91 said:
Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.
Ditto this.
-
@thecreativeone91 said:
Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.
Yes, don't edit the IPTables file without us. Just provide it and let us edit it for you.
-
@thecreativeone91 said:
ject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.
Ok If I have any i will contact you
-
@scottalanmiller Whether a firewall can have IP address of Gateway.Whether it is possible to have?
-
@Lakshmana said:
@scottalanmiller Whether a firewall can have IP address of Gateway.Whether it is possible to have?
What are you asking? I'm not sure.
-
@Lakshmana said:
@scottalanmiller Whether a firewall can have IP address of Gateway.Whether it is possible to have?
No, firewalls are like filters. They have no concept of gateways or routes.
-
@scottalanmiller Ok I am having the WAN network as 192.168.1.0/24 and firewall in betwwen the LAN connection.What is the IP needs to be given to Firewall?
-
I don't understand. The firewall on Linux has no IP address or anything like that. Have you switched from talking about Linux to something completely different?
-
@scottalanmiller No I am talking about only in linux firewall
-
@Lakshmana said:
@scottalanmiller No I am talking about only in linux firewall
Then there is no need to talk IP addresses. Ports are all that you need to know.
-
@scottalanmiller
I have to assign IP for the VM machines I going to install.The requirements are 512 MB RAM,10 GB Hard disk and Centos minimal desktop.I have to use 3 NIC.That is One NIC for allowing WAN,one NIC for LAN and other for my VMmachine -
@Lakshmana said:
@scottalanmiller
I have to assign IP for the VM machines I going to install.The requirements are 512 MB RAM,10 GB Hard disk and Centos minimal desktop.I have to use 3 NIC.That is One NIC for allowing WAN,one NIC for LAN and other for my VMmachineYes, but the IP has nothing to do with the firewall. The firewall in Linux works off ports as a rule. You can restrict access to the machine from certain IP ranges, but the default is to either allow all IPs to a port or deny all.