This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Corectly config the iptables to open ports (Centos 6.x)
#1
Corectly config the iptables to open ports (Centos 6.x)
This is a guide for newbies, as most of you as seen that in the documentation there is no information on how to open corectly the ports needed for sentora.

After you install sentora, type:
Code:
iptables --list

you will see something like this :

Code:
# Generated by iptables-save v1.4.7 on Sun May 15 16:44:19 2016
*nat
:PREROUTING ACCEPT [4:1532]
:POSTROUTING ACCEPT [4:335]
:OUTPUT ACCEPT [4:335]
COMMIT
# Completed on Sun May 15 16:44:19 2016
# Generated by iptables-save v1.4.7 on Sun May 15 16:44:19 2016
*mangle
:PREROUTING ACCEPT [210:29628]
:INPUT ACCEPT [210:29628]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [142:18726]
:POSTROUTING ACCEPT [142:18726]
COMMIT
# Completed on Sun May 15 16:44:19 2016
# Generated by iptables-save v1.4.7 on Sun May 15 16:44:19 2016
*filter
:INPUT ACCEPT [210:29628]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [142:18726]
COMMIT
# Completed on Sun May 15 16:44:19 2016


Make a backup first to the default iptables with the folowing command:

Code:
iptables-save > /etc/sysconfig/iptables_sentora.backup
(you can set any name to the file)

Now from ssh client (i use Bitvise SSH Client) , type the folowing lines:

Code:
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p udp -m state --state NEW,ESTABLISHED -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 25 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 110 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 143 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW,ESTABLISHED -m tcp --dport 3306 -j ACCEPT


Final step type :

Code:
service iptables save
....to save the modifications and do a reboot on server.

You can do another backup for the new rules in case you will mess the iptables, and use the folowing command to restore it:

Code:
iptables-restore < /etc/sysconfig/iptables_sentora_2.backup

Now you have opened the tcp and udp ports, typing again iptables --list , will give you the new rules.

*Note: Iptables are found in /etc/sysconfig , you have 2 files iptables and ip6tables.
In the ip6tables file you will find only one rule listening and that is the the default one with the port 22 opened, don't modify anything on it.

***************************************************************************

If you want to delete a rule by chain an number in case you have typed wrong, you can enter this:
Code:
sudo iptables -L --line-numbers
and will give you the rules from iptables.

Now type this :
Code:
sudo iptables -D INPUT 1
where 1 is the line number that you want to delete.

Type again:
Code:
service iptables save
to save the iptables.
Reply
Thanks given by: bbspike


Messages In This Thread
Corectly config the iptables to open ports (Centos 6.x) - by Mykael - 05-16-2016, 12:17 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
Fail2ban for Sentora (Centos 7) bbspike 14 48 ,685 01-14-2020, 07:32 AM
Last Post: Vedran B
[How To] Update from PHP v5.4.16 to v5.6.31 (Includes suhosin patch) [CentOS] betatester3.0 5 19 ,363 03-18-2019, 01:23 AM
Last Post: BigBang
[How-To] Install the perfect Sentora server using CentOS 7 betatester3.0 0 6 ,657 10-18-2017, 12:55 AM
Last Post: betatester3.0

Forum Jump:


Users browsing this thread: 1 Guest(s)