Support User Manuals

HP (Hewlett-Packard) 5991-5565 Network Card User Manual

Open as PDF

of 57

Appendix B: Frequently Asked Questions

Q: How do I disable firewall settings?

A: By default, SLES has a firewall enabled. This prevents external systems from accessing ports

below 1024. Enter the following to disable the firewall:

# /sbin/SuSEfirewall2 stop

CAUTION: Disabling the firewall is not advisable. If any external applications need to

communicate with the system, open only those specific ports for outside access rather than fully

disabling the firewall.

Q: How do I open specific ports without disabling the firewall?

A: SLES by default prevents external systems from connecting to any of the reserved port numbers

(0 to 1023). To open a specific port, use one of the following three methods:

Configure with YaST:

To open a specified port using the YaST GUI, perform the following steps:

1. From the YaST Control Center, access the YaST GUI.

2. Select Security and Users Firewall.

From the YaST GUI, you can perform some of the following tasks:

• Configure firewall boot scripts

• Stop the firewall, if it's running

• Save settings to the script /etc/sysconfig/SuSEfirewall2

• Start the firewall with new settings

Configure manually:

To manually open a specified port, perform the following steps:

1. Use the YaST module System Services (runlevel) to enable SuSEfirewall2 in your runlevel

(the setting will most likely be 3 or 5). This sets the symlinks for the SuSEfirewall2_*

scripts to the /etc/init.d/rc?.d/ directories.

2. Modify the /etc/sysconfig/SuSEfirewall2 file. A number of example scenarios can

be found in /usr/share/doc/packages/SuSEfirewall2/EXAMPLES.

For the easiest configuration, you only need to add the TCP ports to FW_SERVICES_EXT_TCP.

For example, the following configuration enables HTTP, SSH and Tomcat services when

the firewall is up:

FW_SERVICE_EXT_TCP="±80 443 22 8080 8443 8009"

3. Test and start the firewall using one of the following SuSEfirewall2_* scripts:

/sbin/SuSEfirewall2 test

/sbin/SuSEfirewall2 start

Configure using the iptables command:

To open a specified port using the iptables command, enter the following::

# iptables -I INPUT -s 0/0 -d 0/0 -p tcp \

--dport <port number> --syn -j ACCEPT

# iptables -save /sbin/SuSEfirewall2 restart

For example:

# iptables -I INPUT -s 0/0 -d 0/0 \-p tcp

--dport 80 --syn -j ACCEPT

# iptables-save /sbin/SuSEfirewall2 restart

Appendix B: Frequently Asked Questions 53

previous next