On 01/05/06 10:17, Brandon Spruth wrote:
Has anyone had any experience opening up non-standard applications on ports below 1024? I have a situation now that I need to open up port 502
No different than opening any priviledged port. I assume you are not using SuSEfirewall2, or you could have done all this in YaST.
<snip>
For some reason I am not able to access this port regardless that the firewall is open on the port. Am I missing anything here?
Your firewall is *not* open on port 502, it is only open for new connections, but not for existing ones. The way your commands read makes me think you are still thinking in the ipchains way. Your commands try to mix stateful and stateless firewalling concepts in each command, which will not work well at all.
iptables -A INPUT -i eth0 -p tcp --sport $unprivports -d $ext_ip --dport 502 -m state --state NEW -j ACCEPT
^^^^ NEW, RELATED, ESTABLISHED Also, I think that "-A INPUT .... -d $ext_ip" is redundant; anything arriving for "this" machine automatically goes to the INPUT chain, anything arriving for any other IP automatically goes to the FORWARD chain. (At least, that is my take on what the netfilter howto says.)
iptables -A OUTPUT -o eth0 -p tcp ! --syn -s $ext_ip --sport 502 --dport $unprivports -j ACCEPT
! --syn is equivalent to "-m state --state ESTABLISHED, RELATED". In both commands, --sport/dport $unprivports is really unnecessary.