We are forced to use a university firewall service that disables almost
all port below 1024 but supposedly has higher ports, e.g., 5308, open.
As a test of this, I installed telnet and did the usual:
telnet 127.0.0.1 5308
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
as a quick test with a clear failure. Although I have disabled our
local firewall on the SL6x machine, I found a recommendation for
(obviously, as root):
iptables -A INPUT -m state --state NEW -p tcp --dport 5308 -j ACCEPT
followed by
[root@ahprc4 ykarant]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
[root@ahprc4 ykarant]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:cfengine
Chain FORWARD (policy ACCEPT)[root@ahprc4 ykarant]# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:cfengine
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
but had the same telnet problem.
Port 5308 is the default for the version of CFEngine we are attempting
to use.
Note that by using local host (127.0.0.1) (loopback), I should be
avoiding any external firewall issues that apply to the 802.3 connection.
Obviously, something is misconfigured. Suggestions?
Yasha Karant
