Most Linux distributions will default to running a host-based firewall, iptables. If you want your hosts to communicate with each other, you have two options: turn off iptables or configure iptables to allow communication. I prefer to leave iptables turned on and configure access. Keeping iptables is just another layer of your defense across the network. The post describes how to open or enable some port in CentOS/RHEL using.
Configuring iptables properly is a complicated task, which requires deep knowledge of networking. The example presented here is a simplification.
1. Check status of service tables and start if it is stopped
# service iptables status # service iptables start
# chkconfig --list iptables iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# chkconfig iptables on
2. To check current iptables rules (below output shows currently no iptables rules set).
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
3. Add firewall (iptable) rule to allow incoming tcp port (for example, 22):
# iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
4. List iptables to verify newly added rule.
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Repeat step 3 to continue adding ports to the Linux firewall (iptables)
Procedure to load rules after every reboot
1. Make sure iptables rules added using above procedure.
# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:ssh Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
2. Save iptables to a file. File name in below command can be anything.
# iptables-save > /root/iptable_rules
3. Edit ‘/etc/rc.local‘ file add following entry to restore iptable rules after every reboot.
# iptables-restore < /root/iptable_rules
4. Save and close the file.