Firewall Configuration in Linux in Centos 6.2

scottalanmiller

This is why it is important to listen. @strongbad asked you for a copy of your existing configuration so that we could help you. Lacking that, providing what you asked for was the next best thing. But what you asked for would have completely broken the server.

Everyone is trying to help you. When they say that providing your existing IPTables file is necessary for us to help, they are not kidding. It's imperative. Anything else is very dangerous. IPTables is not hard to do, but it is very hard to do blindly.

thanksajdotcom

@Lakshmana said:

@thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open

Ok, I'm not angry, but I'm frustrated. What you just gave us was useful. However, we asked several times for the info and you kept not giving it to us. If it's a language barrier, I'm sorry but I was being as simple and plain as possible.

SNMP = 161
SMTP = 25 (unsecured), 465 (secured), 587 (secured)
POP3, = 110 (unsecured), 995 (secured)
IMAP = 143 (unsecured), 993 (secured)

Unless you've blocked them in IPTables already, they should be open.

scottalanmiller

CentOS does have a tool for adding ports, but other than pointing you to the tool, it doesn't really let us help you. It's not terribly hard to use, but doing an IPTables edit allows us to completely make the change for you. One of the beauties of text configuration files is that we can completely do the fix, not just tell you where to look.

But if you want to try the TUI, here is the link...

system-config-firewall-tui

Lakshmana

@scottalanmiller Ok Scott.I have not noted the things properly so only the confusion came here.Sorry to one and all

scottalanmiller

@thanksajdotcom said:

@Lakshmana said:

@thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open

Ok, I'm not angry, but I'm frustrated. What you just gave us was useful. However, we asked several times for the info and you kept not giving it to us. If it's a language barrier, I'm sorry but I was being as simple and plain as possible.

SNMP = 161
SMTP = 25 (unsecured), 465 (secured), 587 (secured)
POP3, = 110 (unsecured), 995 (secured)
IMAP = 143 (unsecured), 993 (secured)

Unless you've blocked them in IPTables already, they should be open.

They are all blocked by default. Only SSH and ICMP are open by default on CentOS. RHEL / CentOS is secure by default.

thanksajdotcom

If you're SSHing into the box, run

cat /etc/sysconfig/iptables

Highlight the output in whatever client you're using to SSH, likely PuTTY, and paste it here. Please. We can't help you without that info.

scottalanmiller

Here is the only thing that I could find for a firewall block diagram. Definitely not useful for anyone working with firewalls.

http://creately.com/diagram/example/hb7hjlii3/firewall

thanksajdotcom

@scottalanmiller said:

@thanksajdotcom said:

@Lakshmana said:

@thanksajdotcom Sorry dont get angry.The server is web server.SMTP,SNMP,POP3,IMAP needs tp be open

Ok, I'm not angry, but I'm frustrated. What you just gave us was useful. However, we asked several times for the info and you kept not giving it to us. If it's a language barrier, I'm sorry but I was being as simple and plain as possible.

SNMP = 161
SMTP = 25 (unsecured), 465 (secured), 587 (secured)
POP3, = 110 (unsecured), 995 (secured)
IMAP = 143 (unsecured), 993 (secured)

Unless you've blocked them in IPTables already, they should be open.

They are all blocked by default. Only SSH and ICMP are open by default on CentOS. RHEL / CentOS is secure by default.

Ok, my mistake. Well, those are the ports. Given the info, I'd doubt they are using TLS or SSL, so probably 25 and 143. No reason to use POP3. Avoid it like the plague.

Lakshmana

@thanksajdotcom OK AJ.Thank u.I will configure the things tommorow at my office,

A Former User

Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.

thanksajdotcom

@thecreativeone91 said:

Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.

Ditto this.

scottalanmiller

@thecreativeone91 said:

Keep in mind order of the rules matters. a Reject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.

Yes, don't edit the IPTables file without us. Just provide it and let us edit it for you.

Lakshmana

@thecreativeone91 said:

ject before a Accept may render the Accept useless. However in some cases a reject before a accept can be needed.

Ok If I have any i will contact you

Lakshmana

@scottalanmiller Whether a firewall can have IP address of Gateway.Whether it is possible to have?

A Former User

@Lakshmana said:

@scottalanmiller Whether a firewall can have IP address of Gateway.Whether it is possible to have?

What are you asking? I'm not sure.

scottalanmiller

@Lakshmana said:

@scottalanmiller Whether a firewall can have IP address of Gateway.Whether it is possible to have?

No, firewalls are like filters. They have no concept of gateways or routes.

Lakshmana

@scottalanmiller Ok I am having the WAN network as 192.168.1.0/24 and firewall in betwwen the LAN connection.What is the IP needs to be given to Firewall?

scottalanmiller

I don't understand. The firewall on Linux has no IP address or anything like that. Have you switched from talking about Linux to something completely different?

Lakshmana

@scottalanmiller No I am talking about only in linux firewall

scottalanmiller

@Lakshmana said:

@scottalanmiller No I am talking about only in linux firewall

Then there is no need to talk IP addresses. Ports are all that you need to know.