Nagios Support Forum

Posted: **Wed Dec 05, 2012 12:20 pm**

Hello,

I want to know what is the command to open the firewall
I found this command in the doc but for fedora:

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT

I use ubuntu

Posted: **Wed Dec 05, 2012 12:30 pm**

What are you trying to open firewall ports for? This would be the port for nrpe, and yes it should work for any system using iptables. The rule here is doing the following:

Code: Select all

Inserting the rule into the top of RH-Firewall-1-INPUT chain      -I RH-Firewall-1-INPUT
using TCP ports                                                   -p tcp
match TCP protocol                                                -m tcp
setting the destination port as 5666                              –dport 5666
telling IPtables to accept not reject the packet                  -j ACCEPT

If you are looking to connect to this host from another using nrpe, this is just what you want, with the exception of changing the chain rule to your named input chain.

Posted: **Thu Dec 06, 2012 3:16 am**

When I type this command:

Code: Select all

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp –dport 5666 -j ACCEPT

it returns me :

Code: Select all

Bad argument `5666' 
Try `iptables -h' or `iptables --help' for more information.

Posted: **Thu Dec 06, 2012 12:27 pm**

I believe you will need to change -dport to --dport. That should resolve the 5666 error.

Posted: **Fri Dec 07, 2012 3:27 am**

sreinhardt wrote:I believe you will need to change -dport to --dport. That should resolve the 5666 error.

I have tested with this command :

Code: Select all

iptables -I RH-Firewall-1-INPUT -p tcp -m tcp --dport 5666 -j ACCEPT

its returns :

Code: Select all

iptables: No chain/target/match by that name.

Posted: **Fri Dec 07, 2012 11:04 am**

Is this command something that you directly copied from the internet? By default the IPTables chains are labeled fairly generic as INPUT, FORWARD, and OUTPUT. Unless you have created custom chains the input chain is not going to be named RH-Firewall-1 per how the command is written. When I list my current rules, you can see the results that I get.

Code: Select all

[root@CentOS-x86-64 nagiosxi]# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTAB
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:s
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:h
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
REJECT     all  --  anywhere             anywhere            reject-with icmp-ho

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Notice at the top of each separated group the Chain [NAME] (policy ACCEPT). If I were to run the IPTables command that you are trying, I would alter it to:

Code: Select all

iptables -I INPUT -p tcp -m tcp --dport 5666 -j ACCEPT

Please run the iptables -L command and compare your chain names and alter the command accordingly if needed.

Nagios Support Forum

Open firewall rules

Open firewall rules

Re: Open firewall rules

Re: Open firewall rules

Re: Open firewall rules

Re: Open firewall rules

Re: Open firewall rules