Topic: location of iptables config file

[rr_k]

the iptables config file does not appear to be in the
/etc/sysconfig  dir could someone tell me where it is
and how it is started for sme 5.6 -- i need to open
a couple of udp ports also where can i find the mutli-port module for iptables on sme 5.6 -- does it
exist? i'm trying to get a sip phone working
5004 and 5060 -5070
thank you
rrk

[briank]

Hi - there is a port opening contrib for 5.6 that might save you some bother.
http://mirror.contribs.org/smeserver/contribs/dmay/mitel/contrib/portopening/
Good luck
Regards
Brian Kirk

[rr_k]

it was nice idea thanks -- it did insert the rules
however they were inserted right AFTER the deny all
except my isp's dhcp server rule -- so close but no
cigar -- so i'm still looking for the iptable config
file -- do you know if these rpm's are part of 6?
thanks
rob

[bobk]

-- so i'm still looking for the iptable config file --

The template fragments that control Iptables are located at /etec/e-smith/templates/etc/rc.d/init.d/masq/. You might want to check in /etec/e-smith/templates-custom/etc/rc.d/init.d/masq/.  to see if there are any custom fragments.

To make changes copy the fragments you need to change to /etec/e-smith/templates-custom/etc/rc.d/init.d/masq/ and make all your changes there so they will survive any future updates.

[Anonymous]

ok i have been rolling thru the scripts in
/etc/e-smith/templates/etc/rc.d/init.d/masq/ but have yet just to find the rules -- where and under what file
name are the rules for iptables stored they have to be
someplace?

[Anonymous]

sorry for being so ignorant-- it just dawned on me what
i was looking at--each one of those scripts is a piece of the firewall -- some how was thinking there was a nice consise config file with all the rules one after another that isn't so is it? since the open port rpm does work i should be able to change the run order number to get it in the right place -- verified by looking at a iptables -L -- yes/no/maybe ?

[bobk]

sorry for being so ignorant-- it just dawned on me what
i was looking at--each one of those scripts is a piece of the firewall -- some how was thinking there was a nice consise config file with all the rules one after another that isn't so is it? since the open port rpm does work i should be able to change the run order number to get it in the right place -- verified by looking at a iptables -L -- yes/no/maybe ?

Take a look at the file masq located in the directory /etc/rc.d/init.d/. That is the file generated by the template fragments you have been looking at. You will note that each fragment builds a part of the final file. The order in which the file is built, therefore the order in which the rules appear, is controlled by the fragment file names. The numbers at the beginning of each file name provide the relative position in final file for the information generated by that fragment. The exceptions being template-begin which is always generated first and template-end which is always generated last.

To rearrange the order is simply a matter of changing the fragment file names so that they sort in the order you want. Any changes should always be done in the templates-custom directory structure to allow you to easily revert back to the original configuration and allow your changes to survive any system updates.

Some additional information on custom templates is available in the documentation area

[Anonymous]

yes thats what i was looking at(masq) in addtion to
iptables -L.  I did so testing from another machine
and the results were strange --it appears that with
one port opened that all udp ports get opened and no
matter which one i open the one that i really need does
not i.e. if i open 5004 from the server-manager and
run nmap -sU -p 5000-5100 xxx.xxx.xxx.xxx then all ports
are open except 5004, if i close the port then all udps
from 5000-5100 show closed, if i open 5060 then again
all ports except 5004 are open. this is a stock 5.6
install with no changes other than the install of
the open port rpms. I'm way more comfortable with debian so the redhat is a little strange to me.
the two ports i am after are 5004 and 5060 upd for a sip phone, i can call out but can not rx inbound
rob