iptables issue on plesk
Posted
by
Fred Rufin
on Server Fault
See other posts from Server Fault
or by Fred Rufin
Published on 2010-10-10T16:29:00Z
Indexed on
2011/11/20
18:01 UTC
Read the original article
Hit count: 1148
i don't know how to open a specific port (rtmp=1935) on my CentOS server using Plesk or itables.
I created new rules for port 1935 i/o using Plesk/Modules/Firewall but this doesn't work. Nmap scanning tells me this :
1935/tcp filtered rtmp
. So i decided to have look at my iptable using SSH (iptables -L), and iptables seems to contain my rules (tcp spt:macromedia-fcs):
Chain INPUT (policy DROP)
target prot opt source destination
VZ_INPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
VZ_FORWARD all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
VZ_OUTPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
REJECT tcp -- anywhere anywhere tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere
Chain VZ_FORWARD (1 references)
target prot opt source destination
Chain VZ_INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere tcp dpt:pop3
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpts:filenet-tms:65535
ACCEPT udp -- anywhere anywhere udp dpts:filenet-tms:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:cddbp-alt
ACCEPT tcp -- anywhere anywhere tcp dpt:pcsync-https
ACCEPT tcp -- localhost.localdomain localhost.localdomain
ACCEPT tcp -- anywhere anywhere tcp dpt:macromedia-fcs
ACCEPT udp -- localhost.localdomain localhost.localdomain
Chain VZ_OUTPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp spt:http
ACCEPT tcp -- anywhere anywhere tcp spt:ssh
ACCEPT tcp -- anywhere anywhere tcp spt:smtp
ACCEPT tcp -- anywhere anywhere tcp spt:pop3
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
ACCEPT tcp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp spt:cddbp-alt
ACCEPT tcp -- anywhere anywhere tcp spt:pcsync-https
ACCEPT tcp -- localhost.localdomain localhost.localdomain
ACCEPT tcp -- anywhere anywhere tcp spt:macromedia-fcs
ACCEPT udp -- localhost.localdomain localhost.localdomain
My rules seems to be OK but there is no connection to 1935 port using a browser. I can connect to this port with SSH (typing "wget myServerIP:1935") but maybe this is because it is an SSH tunelling ?
I don't know how to do.
© Server Fault or respective owner