can't transfer files between networked YDL boxes

Jonas Stricker yellowdog-newbie@lists.terrasoftsolutions.com
Fri, 23 May 2003 16:53:42 +0200 

David Purdy schrieb:
> Hi Jonas:

Hi David!

> Lokkit?  What is that?  I understand the concept of

Lokkit is a graphical interface to configure the "iptables" 
packet-filter of the linux kernel in a redhat or redhat-based linux 
distribution.
> ports... but only in a very basic way... I understand
> that they are numbered...

You can get basical info about which port is used for what service when 
looking at the file /etc/services on your linux system:

[jonas@vademecum jonas]$ cat /etc/services | grep ftp
ftp-data        20/tcp
ftp-data        20/udp
# 21 is registered to ftp, but also used by fsp
ftp             21/tcp
ftp             21/udp          fsp fspd
tftp            69/tcp
tftp            69/udp
sftp            115/tcp
sftp            115/udp
tftp-mcast      1758/tcp
tftp-mcast      1758/udp
venus-se        2431/udp                        # udp sftp side effect
codasrv-se      2433/udp                        # udp sftp side effectQ

Here you see, what ports are used by FTP: 21 and 20

It uses two ports because itīs got - well - a data channel and a control 
channel.

> How do I determine whether it is open or closed?

To see what iptables configuration is in use at the moment on your 
system, do something like this (as root!):

# iptables -L

Youīll get a lot of lines telling you the firewall policies and rules 
active on your machine, quite confusing if seen the first time... :)

> And how do I go about opening it if it closed?

Edit your /etc/sysconfig/iptables file. Mine looks like this (ATTENTION, 
I havenīt enabled FTP):

[root@vademecum root]# cat /etc/sysconfig/iptables
# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 139 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT


In my file you can see that the ports 22 (ssh), 80 (http/web server) and 
139 (samba) are opened for TCP connections. You probably donīt need all 
of them except ssh.

You should insert (as root!) two more lines after the line containing 
"-A INPUT -j RH-Lokkit-0-50-INPUT":

-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 20 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT

Then save the file and do:

[root@vademecum root]# /etc/init.d/iptables restart

to reload the changed firewall config.

Now everything should work fine!

Best reference in terms of firewalls and packet-filtering:

http://www.netfilter.org


Hope that helps,

Jonas