[ts-gen] iptables patch for CentOS (RHEL)

R P Herrold herrold at owlriver.com
Mon Nov 24 12:44:05 EST 2008


Bill mentioned over the weekend that he was using a new 64 bit 
client.  He does not generally test on the Debian platform 
unless there is an error report.

He runs a TWS instance for testing on his 'localhost', that he 
is accustomed to testing by connection to.

We are all familiar with the primitive 'wrappers' of allowed 
IP's in the TWS client and the need to configure the same.

I try to administer as close to a stock deployment as 
possible, and he had not attempted a connection from a remote 
host in the local subnet, and so the 'stock' iptables' 
protections which are on by default in CentOS 5 were in place, 
preventing a connection on TCP/7496

The following patch permitted such connections again for him.

-- Russ herrold

[root at pippin sysconfig]# diff -u iptables~ iptables
--- iptables~   2008-11-24 12:37:22.000000000 -0500
+++ iptables    2008-11-24 12:37:22.000000000 -0500
@@ -16,6 +16,8 @@
  -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
  -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4326 -d 127.0.0.1    -j ACCEPT
  -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 4326 -d 10.16.1.0/24 -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7496 -d 127.0.0.1    -j ACCEPT
+-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 7496 -d 10.16.1.0/24 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
  -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 5564 -j ACCEPT
[root at pippin sysconfig]#


More information about the ts-general mailing list