Appendix B: Frequently Asked Questions

Q: How do I disable firewall settings?

A: By default, SLES has a firewall enabled. This prevents external systems from accessing ports below 1024. Enter the following to disable the firewall:

#/sbin/SuSEfirewall2 stop

CAUTION: Disabling the firewall is not advisable. If any external applications need to communicate with the system, open only those specific ports for outside access rather than fully disabling the firewall.

Q: How do I open specific ports without disabling the firewall?

A: SLES by default prevents external systems from connecting to any of the reserved port numbers (0 to 1023). To open a specific port, use one of the following three methods:

Configure with YaST:

To open a specified port using the YaST GUI, perform the following steps:

1.From the YaST Control Center, access the YaST GUI.

2.Select Security and Users Firewall.

From the YaST GUI, you can perform some of the following tasks:

Configure firewall boot scripts

Stop the firewall, if it's running

Save settings to the script /etc/sysconfig/SuSEfirewall2

Start the firewall with new settings

Configure manually:

To manually open a specified port, perform the following steps:

1.Use the YaST module System Services (runlevel) to enable SuSEfirewall2 in your runlevel (the setting will most likely be 3 or 5). This sets the symlinks for the SuSEfirewall2_* scripts to the /etc/init.d/rc?.d/ directories.

2.Modify the /etc/sysconfig/SuSEfirewall2 file. A number of example scenarios can be found in /usr/share/doc/packages/SuSEfirewall2/EXAMPLES.

For the easiest configuration, you only need to add the TCP ports to FW_SERVICES_EXT_TCP.

For example, the following configuration enables HTTP, SSH and Tomcat services when the firewall is up:

FW_SERVICE_EXT_TCP="±80 443 22 8080 8443 8009"

3.Test and start the firewall using one of the following SuSEfirewall2_* scripts:

/sbin/SuSEfirewall2 test /sbin/SuSEfirewall2 start

Configure using the iptables command:

To open a specified port using the iptables command, enter the following::

#iptables -I INPUT -s 0/0 -d 0/0 -p tcp \ --dport <port number> --syn -j ACCEPT

#iptables -save /sbin/SuSEfirewall2 restart

For example:

#iptables -I INPUT -s 0/0 -d 0/0 \-p tcp --dport 80 --syn -j ACCEPT

#iptables-save /sbin/SuSEfirewall2 restart

Appendix B: Frequently Asked Questions 53

Page 52 Page 54
Page 53
Image 53
HP 5991-5565 manual Appendix B Frequently Asked Questions, # /sbin/SuSEfirewall2 stop
Page 52 Page 54
Top Page Image Contents