[ts-gen] iptables patch for CentOS (RHEL)
R P Herrold
herrold at owlriver.com
Mon Nov 24 12:44:05 EST 2008
Bill mentioned over the weekend that he was using a new 64 bit
client. He does not generally test on the Debian platform
unless there is an error report.
He runs a TWS instance for testing on his 'localhost', that he
is accustomed to testing by connection to.
We are all familiar with the primitive 'wrappers' of allowed
IP's in the TWS client and the need to configure the same.
I try to administer as close to a stock deployment as
possible, and he had not attempted a connection from a remote
host in the local subnet, and so the 'stock' iptables'
protections which are on by default in CentOS 5 were in place,
preventing a connection on TCP/7496
The following patch permitted such connections again for him.
-- Russ herrold
[root at pippin sysconfig]# diff -u iptables~ iptables
--- iptables~ 2008-11-24 12:37:22.000000000 -0500
+++ iptables 2008-11-24 12:37:22.000000000 -0500
@@ -16,6 +16,8 @@
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4326 -d 127.0.0.1 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4326 -d 10.16.1.0/24 -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7496 -d 127.0.0.1 -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7496 -d 10.16.1.0/24 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5564 -j ACCEPT
[root at pippin sysconfig]#
More information about the ts-general
mailing list