PDA

View Full Version : [ubuntu] ufw,iptables, firestarter...



g0nzal01
December 4th, 2008, 07:40 PM
hi all,
According to the literature and many of the posts, all incoming/listening ports are blocked/firewalled out of box in Ubuntu. I would like to open a specific port for a service I'm running.
Chances have been made using the
ufc allow <port> and windows nmap show the port but it says closed. nmap from another linux box says that all ports are closed when I run nmap -sV xxx.xxx.xxx.xxx -P0 it shows the same thing. how can i open this port for both tcp/udp.
2. I also used firestarter to see if i can allow it through there but the port does not come up at all when I add the rule to it.
3. IPTABLES. I have seen many suggestions to add it to the iptables using " iptables -A INPUT -p 0 -d 0/0 -s 0/0 --destination-port XX -j ACCEPT" but it gives me an error describing "--destinations-port" is an unknown argument. I also tried "--dport" but it gave me the same result.

Thanks in advance.

kevdog
December 4th, 2008, 07:58 PM
can you list

iptables -L

g0nzal01
December 4th, 2008, 08:44 PM
I'm trying to open port 53 domain.xxx.xxx.xxx.xxx denotes my interior network. thanks again

Chain INPUT (policy DROP)
target prot opt source destination
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
tcp -- anywhere anywhere

Chain FORWARD (policy DROP)
target prot opt source destination
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere

Chain ufw-after-forward (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK FORWARD]: '
RETURN all -- anywhere anywhere

Chain ufw-after-input (1 references)
target prot opt source destination
RETURN udp -- anywhere anywhere udp dpt:netbios-ns
RETURN udp -- anywhere anywhere udp dpt:netbios-dgm
RETURN tcp -- anywhere anywhere tcp dpt:netbios-ssn
RETURN tcp -- anywhere anywhere tcp dpt:microsoft-ds
RETURN udp -- anywhere anywhere udp dpt:bootps
RETURN udp -- anywhere anywhere udp dpt:bootpc
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK INPUT]: '
RETURN all -- anywhere anywhere

Chain ufw-after-output (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain ufw-before-forward (1 references)
target prot opt source destination
ufw-user-forward all -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ufw-not-local all -- anywhere anywhere
ACCEPT all -- BASE-ADDRESS.MCAST.NET/4 anywhere
ACCEPT all -- anywhere BASE-ADDRESS.MCAST.NET/4
ufw-user-input all -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ACCEPT udp -- anywhere anywhere state NEW,RELATED,ESTABLISHED
ufw-user-output all -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix `[UFW BLOCK NOT-TO-ME]: '
DROP all -- anywhere anywhere

Chain ufw-user-forward (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- xxx.xxx.xxx.xxx/16 anywhere tcp dpt:domain
ACCEPT udp -- xxx.xxx.xxx.xxx/16 anywhere udp dpt:domain
RETURN all -- anywhere anywhere

Chain ufw-user-output (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere