need help w/RH9 firewall setup

I'm using Linux RH9, and used the default firewall setup upon OS install. I
assume it's Lokkit.

I want to open up port 4242, so I added the line in /etc/sysconfig/iptables:
-A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j
ACCEPT

And I /etc/rc.d/init.d/iptables restart
yet I still can't access port 4242

What did I do wrong?

Thanks for nay help!!
Liam

> I'm using Linux RH9, and used the default firewall setup upon OS install.
> I assume it's Lokkit.
>
> I want to open up port 4242, so I added the line in
> /etc/sysconfig/iptables: -A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp
> --sport 67:68 --dport 67:68 -j ACCEPT
>
> And I /etc/rc.d/init.d/iptables restart
> yet I still can't access port 4242
>
> What did I do wrong?

Er... you opened up ports 67 and 68, not port 4242.

If you did even that. The -m udp looks wrong, so if that's what you put
into the file, the command may have been silently ignored.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

Andrew Schulman <(E-Mail Removed)> wrote in message news:<bkbehc$r8cad$(E-Mail Removed)>...
> > I'm using Linux RH9, and used the default firewall setup upon OS install.
> > I assume it's Lokkit.
> >
> > I want to open up port 4242, so I added the line in
> > /etc/sysconfig/iptables: -A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp
> > --sport 67:68 --dport 67:68 -j ACCEPT
> >
> > And I /etc/rc.d/init.d/iptables restart
> > yet I still can't access port 4242
> >
> > What did I do wrong?
>
> Er... you opened up ports 67 and 68, not port 4242.
>
> If you did even that. The -m udp looks wrong, so if that's what you put
> into the file, the command may have been silently ignored.

Er, whoa! I uh, must have copied and pasted the wrong line, somehow,
without realizing it. And, actually, I don't recall that line with
67:68 in my IPTABLES.
I have one for port 22 and one for 4242 and then a couple lines for
DHCP...weird.
I wish I was at the machine right now to take a look.
Anyway, when I made the line for 4242 I copy-in-pasted the line for 22
(which was created by the Lokkit GUI so I'm pretty sure it's formatted
properly) and just changed the 22 to 4242.
I tried the iptables MAN, and to be honest, most of it went over my
head. =/
Would you know of a slightly more newbie (idiot) friendly source to
help explain IPTABLES? As it is I wouldn't know a wrong -m upd from
chicken tetrizini.

Thanks!!
Liam

> Would you know of a slightly more newbie (idiot) friendly source to
> help explain IPTABLES? As it is I wouldn't know a wrong -m upd from
> chicken tetrizini.

Yes, it's hard to digest the man pages. A newbie needs a tutorial.

A good place to start is probably http://netfilter.org/. They have FAQs,
tutorials, and so on. Another likely source would be to install one of the
GUI firewall builders, such as fwbuilder, and read their docs. Most
include tutorials.

When you're building a firewall, the more you know the better off you'll be.
If you're ready to plunge in, I highly recommend "Linux Firewalls", 2nd
ed., by Robert Zeigler (from New Riders). I started reading this book with
only a basic knowledge of IP. I came out the other side having built a
fairly sophisticated firewall for our home LAN, by hand. Most of the book
is quite clear, and even most of the rough spots yielded on 2nd or 3rd
reading.

Not everyone wants to build their firewall by hand. But you've already
started to do it. If you follow it through from start to finish, you'll
learn a huge amount, and have a better result. And then if you do decide
to use a GUI firewall tool, you'll have a much clearer understanding of
what it's doing for you. Personally, after reading Zeigler, I decided that
I didn't need fwbuilder-- I could do what it does by hand, more efficiently
and with more flexibility.

Good luck,
Andrew.

--
To reply by email, change "deadspam.com" to "alumni.utexas.net"

Andrew Schulman <(E-Mail Removed)> wrote in message news:<bkcpdi$8e7j$(E-Mail Removed)>...

> A good place to start is probably http://netfilter.org/. They have FAQs,
> tutorials, and so on. Another likely source would be to install one of the
> GUI firewall builders, such as fwbuilder, and read their docs. Most
> include tutorials.
>
> When you're building a firewall, the more you know the better off you'll be.
> If you're ready to plunge in, I highly recommend "Linux Firewalls", 2nd
> ed., by Robert Zeigler (from New Riders). I started reading this book with

Thanks greatly! I can already tell that site's going to help a
lot...and I'm checking out the book on Amazon.
I really appreciate the pointers!
Thanks,
Liam