can't transfer files between networked YDL boxes
David Purdy
yellowdog-newbie@lists.terrasoftsolutions.com
Fri, 23 May 2003 08:02:28 -0700 (PDT)
Hi Jonas:
Thanks, I'll try it out when I get home. Much
appreciated.
Regards,
Dave Purdy
--- Jonas Stricker <jonas@br-online.de> wrote:
> David Purdy schrieb:
> > Hi Jonas:
>
> Hi David!
>
> > Lokkit? What is that? I understand the concept
> of
>
> Lokkit is a graphical interface to configure the
> "iptables"
> packet-filter of the linux kernel in a redhat or
> redhat-based linux
> distribution.
> > ports... but only in a very basic way... I
> understand
> > that they are numbered...
>
> You can get basical info about which port is used
> for what service when
> looking at the file /etc/services on your linux
> system:
>
> [jonas@vademecum jonas]$ cat /etc/services | grep
> ftp
> ftp-data 20/tcp
> ftp-data 20/udp
> # 21 is registered to ftp, but also used by fsp
> ftp 21/tcp
> ftp 21/udp fsp fspd
> tftp 69/tcp
> tftp 69/udp
> sftp 115/tcp
> sftp 115/udp
> tftp-mcast 1758/tcp
> tftp-mcast 1758/udp
> venus-se 2431/udp #
> udp sftp side effect
> codasrv-se 2433/udp #
> udp sftp side effectQ
>
> Here you see, what ports are used by FTP: 21 and 20
>
> It uses two ports because itīs got - well - a data
> channel and a control
> channel.
>
> > How do I determine whether it is open or closed?
>
> To see what iptables configuration is in use at the
> moment on your
> system, do something like this (as root!):
>
> # iptables -L
>
> Youīll get a lot of lines telling you the firewall
> policies and rules
> active on your machine, quite confusing if seen the
> first time... :)
>
> > And how do I go about opening it if it closed?
>
> Edit your /etc/sysconfig/iptables file. Mine looks
> like this (ATTENTION,
> I havenīt enabled FTP):
>
> [root@vademecum root]# cat /etc/sysconfig/iptables
> # Firewall configuration written by lokkit
> # Manual customization of this file is not
> recommended.
> # Note: ifup-post will punch the current nameservers
> through the
> # firewall; such entries will *not* be listed
> here.
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [0:0]
> :RH-Lokkit-0-50-INPUT - [0:0]
> -A INPUT -j RH-Lokkit-0-50-INPUT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80
> --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22
> --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 139
> --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023
> --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049
> --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023
> -j REJECT
> -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049
> -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport
> 6000:6009 --syn -j REJECT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100
> --syn -j REJECT
> COMMIT
>
>
> In my file you can see that the ports 22 (ssh), 80
> (http/web server) and
> 139 (samba) are opened for TCP connections. You
> probably donīt need all
> of them except ssh.
>
> You should insert (as root!) two more lines after
> the line containing
> "-A INPUT -j RH-Lokkit-0-50-INPUT":
>
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 20
> --syn -j ACCEPT
> -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21
> --syn -j ACCEPT
>
> Then save the file and do:
>
> [root@vademecum root]# /etc/init.d/iptables restart
>
> to reload the changed firewall config.
>
> Now everything should work fine!
>
> Best reference in terms of firewalls and
> packet-filtering:
>
> http://www.netfilter.org
>
>
> Hope that helps,
>
> Jonas
>
> _______________________________________________
> yellowdog-newbie mailing list
> yellowdog-newbie@lists.terrasoftsolutions.com
>
http://lists.terrasoftsolutions.com/mailman/listinfo/yellowdog-newbie
__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com