iptables issue on plesk

Posted by Fred Rufin on Server Fault See other posts from Server Fault or by Fred Rufin
Published on 2010-10-10T16:29:00Z Indexed on 2011/11/20 18:01 UTC
Read the original article Hit count: 1148

Filed under:
|

i don't know how to open a specific port (rtmp=1935) on my CentOS server using Plesk or itables.

I created new rules for port 1935 i/o using Plesk/Modules/Firewall but this doesn't work. Nmap scanning tells me this :

1935/tcp filtered rtmp

. So i decided to have look at my iptable using SSH (iptables -L), and iptables seems to contain my rules (tcp spt:macromedia-fcs):

Chain INPUT (policy DROP)
target     prot opt source               destination         
VZ_INPUT   all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset 
DROP       all  --  anywhere             anywhere            state INVALID 
ACCEPT     all  --  anywhere             anywhere            

Chain FORWARD (policy DROP)
target     prot opt source               destination         
VZ_FORWARD  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset 
DROP       all  --  anywhere             anywhere            state INVALID 
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
VZ_OUTPUT  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED 
REJECT     tcp  --  anywhere             anywhere            tcp flags:!FIN,SYN,RST,ACK/SYN reject-with tcp-reset 
DROP       all  --  anywhere             anywhere            state INVALID 
ACCEPT     all  --  anywhere             anywhere            

Chain VZ_FORWARD (1 references)
target     prot opt source               destination         

Chain VZ_INPUT (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpts:filenet-tms:65535 
ACCEPT     udp  --  anywhere             anywhere            udp dpts:filenet-tms:65535 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:cddbp-alt 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pcsync-https 
ACCEPT     tcp  --  localhost.localdomain  localhost.localdomain 
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:macromedia-fcs 
ACCEPT     udp  --  localhost.localdomain  localhost.localdomain 

Chain VZ_OUTPUT (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:http 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:ssh 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:smtp 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:pop3 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:domain 
ACCEPT     udp  --  anywhere             anywhere            udp spt:domain 
ACCEPT     tcp  --  anywhere             anywhere            
ACCEPT     udp  --  anywhere             anywhere            
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:cddbp-alt 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:pcsync-https 
ACCEPT     tcp  --  localhost.localdomain  localhost.localdomain 
ACCEPT     tcp  --  anywhere             anywhere            tcp spt:macromedia-fcs 
ACCEPT     udp  --  localhost.localdomain  localhost.localdomain 

My rules seems to be OK but there is no connection to 1935 port using a browser. I can connect to this port with SSH (typing "wget myServerIP:1935") but maybe this is because it is an SSH tunelling ?

I don't know how to do.

© Server Fault or respective owner

Related posts about iptables

Related posts about plesk-9.5