Openning a port in my CentOS server

Question

I'm trying to open a port in my CentOS server... I tried using iptables, adding the "-A INPUT -p udp -m udp --dport portnum -j ACCEPT" and didn't work. I tried installing CSF, adding the ports and disabling the test mode. Also didn't work...

Any ideia what I may be doing wrong?

My current iptables config:

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [11:1608]
:acctboth - [0:0]
-A INPUT -j acctboth
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A INPUT -p udp -m udp --dport 43 -j ACCEPT
-I INPUT -p tcp -m tcp --dport 43 -j ACCEPT
-A OUTPUT -j acctboth
-A acctboth -s myIP ! -i lo -p tcp -m tcp --dport 80
-A acctboth -d myIP ! -i lo -p tcp -m tcp --sport 80
-A acctboth -s myIP ! -i lo -p tcp -m tcp --dport 25
-A acctboth -d myIP ! -i lo -p tcp -m tcp --sport 25
-A acctboth -s myIP ! -i lo -p tcp -m tcp --dport 110
-A acctboth -d myIP ! -i lo -p tcp -m tcp --sport 110
-A acctboth -s myIP ! -i lo -p icmp
-A acctboth -d myIP ! -i lo -p icmp
-A acctboth -s myIP ! -i lo -p tcp
-A acctboth -d myIP ! -i lo -p tcp
-A acctboth -s myIP ! -i lo -p udp
-A acctboth -d myIP ! -i lo -p udp
-A acctboth -s myIP ! -i lo
-A acctboth -d myIP ! -i lo
-A acctboth ! -i lo
-A acctboth -d myIP ! -i lo -p tcp -m tcp --sport 43
COMMIT

But I installed CSF meanwhile to try and see if it was me being dumb and not being able to work with iptables (easir to understand cfg file), so... probably not here that I need to change things now.

::: EDIT

After messing about a bit more, seems the problem is extensive to any new port I try to open... any ideias?

Doesn't change anything... still doesn't open the port I need. — Francisco Xavier, Jun 16 '14 at 22:16
But still I can't get services to communicate with port 43. :( I even tried stopping iptables and CSF with no success. — Francisco Xavier, Jun 16 '14 at 23:55

score 1 · Accepted Answer · answered Jun 16 '14 at 22:36

First, get a list of what your current rules are:

iptables -L -v

E.g

    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  38M   26G ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
  489 47582 ACCEPT     icmp --  any    any     anywhere             anywhere            
 147K 8842K ACCEPT     all  --  lo     any     anywhere             anywhere            
  884 50328 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh 
 108K 6441K ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:http 
40094 2382K ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:https 
 110K   27M REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 36M packets, 20G bytes)
 pkts bytes target     prot opt in     out     source               destination

You'll notice the REJECT rule at the end of the INPUT chain. You will need to put the rule you want to allow traffic in from before that rule, otherwise it will be rejected, as rules are processed in order. You can insert a rule before the REJECT rule using -I INPUT 7, where 7 is the line number you want to insert the rule on.

E.g.

iptables -I INPUT 7 -m state --state NEW -m tcp -p tcp --dport 43 -j ACCEPT

Run iptables -L -v again, and you should see that rule in there now.

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
  38M   26G ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED 
  489 47582 ACCEPT     icmp --  any    any     anywhere             anywhere            
 147K 8843K ACCEPT     all  --  lo     any     anywhere             anywhere            
  884 50328 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh 
 108K 6443K ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:http 
40099 2382K ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:https 
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:nicname
 110K   27M REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited 

Chain OUTPUT (policy ACCEPT 184 packets, 19752 bytes)
 pkts bytes target     prot opt in     out     source               destination

Now you need to save the rules, so that, after a reboot, the same rules are applied.

Run /sbin/service iptables save, which will save your current rules to /etc/sysconfig/iptables.

score -1 · Answer 2 · answered Jun 16 '14 at 21:59

-1

-A INPUT -p udp -m udp --dport portno -j ACCEPT should work. Can you try netstat -tpln |grep portno and paste the output?

answered Jun 16 '14 at 21:59

Alex.M

11
1

tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 5656/dovecot tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 1648/httpd tcp 0 0 :::443 :::* LISTEN 1648/httpd – Francisco Xavier Jun 16 '14 at 22:13
still doesn't show port 43 as open :S And btw... the iptables line, I entered it both in tcp and udp, just to make sure it's would allow connections – Francisco Xavier Jun 16 '14 at 22:14

Openning a port in my CentOS server

2 Answers2