Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Unable to open firewall port for external traffic.
Top Forums Shell Programming and Scripting Unable to open firewall port for external traffic. Post 303027412 by mohtashims on Saturday 15th of December 2018 06:35:44 AM
Old 12-15-2018
Code:
[root@vultr ~]# firewall-cmd --list-all-zones
block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


dmz
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


drop
  target: DROP
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


external
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


home
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh mdns samba-client dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh mdns samba-client dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh http https
  ports: 27017/tcp 80/tcp 27012/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:


work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

 

10 More Discussions You Might Find Interesting

1. Solaris

How to open SSH port on firewall?

Hi, So that potential responders will have an idea of what they're dealing with let me say that while I am a UNIX newbie I have been in IT for over 10 years. We have several SUN boxes running ver 5 of the OS that have been sitting dormant for some time as they were part of a now defunct... (3 Replies)
Discussion started by: pjewett
3 Replies

2. Linux

using firewall to block port

Hi, I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this? (8 Replies)
Discussion started by: shantanuo
8 Replies

3. Solaris

Unable to open 3966 port in solaris

Unable to open 3966 port for buildforge in Solaris 10, anyone pls help me how to open the 3966 port in solaris. Thanks in Advance (1 Reply)
Discussion started by: durgaprasadr13
1 Replies

4. IP Networking

blocking traffic to destination network by port

I am trying to block ALL traffic except when from ports 9100,22,23 to destination network 192.0.0.0 (my WAN): 2 networks 192.0.3.0 with static route to 192.0.0.0 Shouldn't this work?: iptables -A INPUT -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT iptables -A INPUT -p tcp -d 192.0.0.0/24... (3 Replies)
Discussion started by: herot
3 Replies

5. IP Networking

Tcp ip port open but no such process (merged: Release A Port)

i want to kill a tcp connection by killing its pid with netstat -an i got the tcp ip connection on port 5914 but when i type ps -a or ps-e there is not such process running on port 5914 is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies

6. UNIX for Advanced & Expert Users

Linux bridged firewall - monitor traffic & block IP

Hi All, I successfully configured a DEBIAN Lenny bridged firewall using ebtables. The bridged interface is br0. The ethernet interface are eth0 & eth1 respectively. All the traffic are transparently passing my firewall but i need to find & block temporarily the bandwidth abusers. Can... (1 Reply)
Discussion started by: coolatt
1 Replies

7. UNIX for Dummies Questions & Answers

Rsync port and firewall

hi guys I doing some collocation for a customer, customer requested to use other port for ssh not the default one. OK no problem and customer will be using rsync to sync backups among other things I know we have to open port let's say port 5999 for ssh since we are using that one now but I... (1 Reply)
Discussion started by: karlochacon
1 Replies

8. Red Hat

Unable to Open port 8080

Hi Experts, I am receiving below error while trying to connect port 8080. Could not open connection to the host, on port 8080 : connection refused. iptables configuration /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of... (1 Reply)
Discussion started by: sai_2507
1 Replies

9. Infrastructure Monitoring

How do I know what traffic is in network port?

If I would like to know what connection , data , traffic in a network port ( eth0 ) , what can I do ? ps. because I always found the network is very slow , so I would like what the network port is doing . Thanks Login ID ust3 is currently in read-only mode for multiple infractions. Creating... (0 Replies)
Discussion started by: ust03
0 Replies

10. AIX

How to re-route traffic from one port to another?

Hi Friends, How to do port forwarding in AIX? We would like to re route traffic from port A to port B on AIX LPAR. for example: my application is using 8080 port on LPAR and would like to use the 8081 instead of 8080. By default application was configured with 8080. But instead of changing... (2 Replies)
Discussion started by: System Admin 77
2 Replies

LEARN ABOUT DEBIAN

nstreams

nstreams(1)							   Users Manuals						       nstreams(1)

NAME

       network streams - a tcpdump output analyzer

SYNOPSIS

       nstreams [ -v ] [ -c nstreams-services ] [ -n nstreams-networks_file ] [ -N [ -i ] [ -I ]] [ -r ] [ -O output [ -D iface ] [ -Y ]] [ -u ] [
       -U ] [ -B ] [ -f tcpdump_file ] [ -l <iface> ] [ tcpdump output ]

DESCRIPTION

       nstreams is a utility designed to identify the IP streams that are occuring on a network from a non-user friendly tcpdump output of several
       megabytes.

       This  is  especially  useful  when you plan to install a firewall but if you do not know the nstreams that the network users are generating
       (http, real audio, and more...).  nstreams can read the tcpdump output directly from stdin, or from a file. It can even generate  the  con-
       figuration file of your firewall, using the  -O option.

OPTIONS

       -c <nstreams-services-file>
	      The  path to an alternate nstreams service file. This file is used to identify each protocol. See the services file section later in
	      this manual page.

       -n <nstreams-networks-file>
	      The path to an alternate nstreams network file. This file is used to identify which hosts belong to which network. See the  networks
	      file section later in this manual page.

       -f <tcpdump output file>
	      The path to the file to read data from. This file must have been generated using 'tcpdump -w filename'.

       -l <iface>
	      Listen directly on interface <iface>. This avoids the use of tcpdump.

       -N     print  the  networks  names instead of the hosts IP addresses. The intra-network traffic will not be shown. Use this option twice to
	      show the networks IP address instead of their names.

       -i     Also show the intra-network traffic (must be used with -N)

       -I     Only show the intra-network traffic (must be used with -N)

       -r     be redundant. That is, the same streams will be printed each time they appear in the dump.

       -v     print version number and exit.

       -O <type>
	      output type. You can use this option to generate your firewall startup script.  Do nstreams -h to see the supported output types.

       -D <iface>
	      interface to apply to output onto. Must be used with -O.

       -Y     The firewall rules that will be generated will deny all packets coming from the outside  trying  to  establish  connections  to  the
	      inside. If you system is not serving anything, then it's safe to turn on this option.

       -u     Do not print the unknown streams

       -U     Only print the unknown streams

       -B     Show broadcasts and networks

USAGE

       Let tcpdump(1) run some time on your network (like one week), and save its output in a file, by doing :
       tcpdump -l -n > output
       or
       tcpdump -w filename

       Then,  feed nstreams with this output file, and it will turn it into a easily-readable file which will help you to write efficient firewall
       filters.  You may also do :
       tcpdump -l -n | nstreams
       or
       nstreams -f filename (if you used tcpdump -w)

THE SERVICES FILE

       The service file contains the description of each protocol, as well as their name. Its syntax is :
       protocol_name:server_port(s)/{udp,tcp}:client_ports(s)
       or :
       protocol_name:type(s)/icmp:code(s)

       Whereas :

       protocol_name
	      is the name of the protocol described. This name may contain any character, including space, except ':'.

       server_port(s)
	      is the range of ports used by the server. Usually, you will want to define one server port only, but you may  enter  any	range  you
	      want.

       ip_protocol
	      is the IP protocol that this protocol is lying onto. Acceptable values are tcp and udp

       client_port(s)

	      is  the  range  of  ports  that  the  client  may  use. You can set this to any or, for more accurate results, to ports ranges, like
	      '1-1024,2048-4096'.
	      The rules are : 'first match, first taken'.

SERVICE FILE EXAMPLE

       Using this syntax, you would declare the ssh protocol by :
       ssh-unix:22/tcp:1000-1023
       Because the Unix version of the ssh client uses a privileged port to connect onto the ssh server which listens on port 22.

THE NETWORKS FILE

       The networks file is used to define sets and subsets of hosts (also known as networks). This avoids redundancy in the output file. The syn-
       tax format for this file is :
       network name:ip/mask
       Whereas	the network name is whatever you want, the IP is the ip of the network, and the mask is the CIDR netmask of the network.  The rule
       is 'first match, first taken'.

NETWORKS FILE EXAMPLE

       admin:192.168.19.0/29
       whole_subnet:192.168.0.0/16
       internet:0.0.0.0/0

LIMITS

       o nstreams can only parse the output of 'tcpdump -n'

       o Even though the output of nstreams is easier to read than the one of tcpdump, it is still not easily readable. Use sort(1) on the nstream
       output to get a more readable file.

       o This program could have been written in perl

FILES

       /etc/nstreams-services
       /etc/nstreams-networks

SEE ALSO

       tcpdump(1)

AUTHORS

       Concept : Herve Schauer Consultants - http://www.hsc.fr
       Coding : Renaud Deraison <deraison@cvs.nessus.org>

BUG REPORTS

       Please send all your bug reports with the detail of your configuration to Renaud Deraison <deraison@cvs.nessus.org>

nstreams							     July 1999							       nstreams(1)
All times are GMT -4. The time now is 02:05 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy