On Tue, 2005-11-29 at 15:59 +0000, Andy Green wrote:
> D. D. Brierton wrote:
>
> >>Does anyone know how I go about confirming whether ports 6881-6889
> >>really are open, and whether the router really is forwarding those
> >>ports?
>
> iptables -L
>
> should show up your ports on the INPUT chain
Aha! They don't:
$ sudo /sbin/iptables -L
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
I used the system-config-securitylevel tool to set the ports 6881-6889
to be open by adding in the other ports section this:
6881:tcp, 6882:tcp, 6883:tcp, 6884:tcp, 6885:tcp, 6886:tcp, 6887:tcp, 6888:tcp, 6889:tcp
and this is saved here:
$ cat /etc/sysconfig/system-config-securitylevel
# Configuration file for system-config-securitylevel
--enabled
--port=6881:tcp
--port=6882:tcp
--port=6883:tcp
--port=6884:tcp
--port=6885:tcp
--port=6886:tcp
--port=6887:tcp
--port=6888:tcp
--port=6889:tcp
So, is system-config-securitylevel busted?
Best, Darren
--
=====================================================================
D. D. Brierton darren@xxxxxxxxxxx www.dzr-web.com
Trying is the first step towards failure (Homer Simpson)
=====================================================================
