ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Firewall Configuration in Linux in Centos 6.2

    IT Discussion
    centos iptables linux unix netstat centos 6
    7
    81
    19.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Then to make it take effect...

      /etc/init.d/iptables restart
      
      1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller
        last edited by

        To be clear, this is the default. You would only need to do this if you've altered IPTables already. SSH (22) and ICMP (Ping) are open by default as soon as you install. So someone has broken your system if you need to do this.

        LakshmanaL 1 Reply Last reply Reply Quote 1
        • thanksajdotcomT
          thanksajdotcom @StrongBad
          last edited by

          @StrongBad said:

          @Lakshmana said:

          @StrongBad It is the diagram to show how the components(firewall) will be connected in a network

          What is the purpose, though? You just open or close ports. Why would you use a diagram? I think that you are making something very easy into something very complicated.

          Exactly. What is a block diagram? What is it's purpose? How does it prove to be useful to you or someone else? You want to "configure" a firewall, but every business is different. Their needs are different. You need to tell us what ports you need open, what you don't, even what is the purpose of the server, such as a web server or a jump server, etc. You've given us nothing in terms of info but want us to simply tell you how to do something that is not simple when you have no information.

          LakshmanaL 1 Reply Last reply Reply Quote 0
          • StrongBadS
            StrongBad
            last edited by

            There you go, SAM provided a complete configuration. If you apply that, it will completely overwrite anything that you have already. If you want to have us help you keep the server working as it does now but also do what you want, you have to work with us and not ask for block diagrams or other unrelated items. Only your IPTables listing matters. I have no idea what you are imagining that you will accomplish with diagrams, but they don't have a place here.

            1 Reply Last reply Reply Quote 0
            • LakshmanaL
              Lakshmana @thanksajdotcom
              last edited by

              @thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open

              scottalanmillerS thanksajdotcomT 2 Replies Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @Lakshmana
                last edited by

                @Lakshmana said:

                @thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open

                Whoa, that's very different than what you asked for. If you follow my directions you will blow away your ports and lose all of those services!!

                1 Reply Last reply Reply Quote 1
                • LakshmanaL
                  Lakshmana @scottalanmiller
                  last edited by

                  @scottalanmiller Thank you Scott.I will try this tommorrow and say about this in detail.Do you have explanation for the above mentioned commands because I understood in less

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    This is why it is important to listen. @strongbad asked you for a copy of your existing configuration so that we could help you. Lacking that, providing what you asked for was the next best thing. But what you asked for would have completely broken the server.

                    Everyone is trying to help you. When they say that providing your existing IPTables file is necessary for us to help, they are not kidding. It's imperative. Anything else is very dangerous. IPTables is not hard to do, but it is very hard to do blindly.

                    LakshmanaL 1 Reply Last reply Reply Quote 1
                    • thanksajdotcomT
                      thanksajdotcom @Lakshmana
                      last edited by

                      @Lakshmana said:

                      @thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open

                      Ok, I'm not angry, but I'm frustrated. What you just gave us was useful. However, we asked several times for the info and you kept not giving it to us. If it's a language barrier, I'm sorry but I was being as simple and plain as possible.

                      SNMP = 161
                      SMTP = 25 (unsecured), 465 (secured), 587 (secured)
                      POP3, = 110 (unsecured), 995 (secured)
                      IMAP = 143 (unsecured), 993 (secured)

                      Unless you've blocked them in IPTables already, they should be open.

                      scottalanmillerS 1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        CentOS does have a tool for adding ports, but other than pointing you to the tool, it doesn't really let us help you. It's not terribly hard to use, but doing an IPTables edit allows us to completely make the change for you. One of the beauties of text configuration files is that we can completely do the fix, not just tell you where to look.

                        But if you want to try the TUI, here is the link...

                        system-config-firewall-tui
                        
                        1 Reply Last reply Reply Quote 0
                        • LakshmanaL
                          Lakshmana @scottalanmiller
                          last edited by

                          @scottalanmiller Ok Scott.I have not noted the things properly so only the confusion came here.Sorry to one and all

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @thanksajdotcom
                            last edited by

                            @thanksajdotcom said:

                            @Lakshmana said:

                            @thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open

                            Ok, I'm not angry, but I'm frustrated. What you just gave us was useful. However, we asked several times for the info and you kept not giving it to us. If it's a language barrier, I'm sorry but I was being as simple and plain as possible.

                            SNMP = 161
                            SMTP = 25 (unsecured), 465 (secured), 587 (secured)
                            POP3, = 110 (unsecured), 995 (secured)
                            IMAP = 143 (unsecured), 993 (secured)

                            Unless you've blocked them in IPTables already, they should be open.

                            They are all blocked by default. Only SSH and ICMP are open by default on CentOS. RHEL / CentOS is secure by default.

                            thanksajdotcomT 1 Reply Last reply Reply Quote 0
                            • thanksajdotcomT
                              thanksajdotcom
                              last edited by

                              If you're SSHing into the box, run

                              cat /etc/sysconfig/iptables
                              

                              Highlight the output in whatever client you're using to SSH, likely PuTTY, and paste it here. Please. We can't help you without that info.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller
                                last edited by

                                Here is the only thing that I could find for a firewall block diagram. Definitely not useful for anyone working with firewalls.

                                http://creately.com/diagram/example/hb7hjlii3/firewall

                                LakshmanaL 1 Reply Last reply Reply Quote 0
                                • thanksajdotcomT
                                  thanksajdotcom @scottalanmiller
                                  last edited by

                                  @scottalanmiller said:

                                  @thanksajdotcom said:

                                  @Lakshmana said:

                                  @thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open

                                  Ok, I'm not angry, but I'm frustrated. What you just gave us was useful. However, we asked several times for the info and you kept not giving it to us. If it's a language barrier, I'm sorry but I was being as simple and plain as possible.

                                  SNMP = 161
                                  SMTP = 25 (unsecured), 465 (secured), 587 (secured)
                                  POP3, = 110 (unsecured), 995 (secured)
                                  IMAP = 143 (unsecured), 993 (secured)

                                  Unless you've blocked them in IPTables already, they should be open.

                                  They are all blocked by default. Only SSH and ICMP are open by default on CentOS. RHEL / CentOS is secure by default.

                                  Ok, my mistake. Well, those are the ports. Given the info, I'd doubt they are using TLS or SSL, so probably 25 and 143. No reason to use POP3. Avoid it like the plague.

                                  LakshmanaL 1 Reply Last reply Reply Quote 0
                                  • LakshmanaL
                                    Lakshmana @thanksajdotcom
                                    last edited by

                                    @thanksajdotcom OK AJ.Thank u.I will configure the things tommorow at my office,

                                    1 Reply Last reply Reply Quote 0
                                    • ?
                                      A Former User
                                      last edited by

                                      Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.

                                      thanksajdotcomT scottalanmillerS LakshmanaL 3 Replies Last reply Reply Quote 1
                                      • thanksajdotcomT
                                        thanksajdotcom @A Former User
                                        last edited by

                                        @thecreativeone91 said:

                                        Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.

                                        Ditto this.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller @A Former User
                                          last edited by

                                          @thecreativeone91 said:

                                          Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.

                                          Yes, don't edit the IPTables file without us. Just provide it and let us edit it for you.

                                          1 Reply Last reply Reply Quote 0
                                          • LakshmanaL
                                            Lakshmana @A Former User
                                            last edited by

                                            @thecreativeone91 said:

                                            ject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.

                                            Ok If I have any i will contact you

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 3 / 5
                                            • First post
                                              Last post