≡ Menu

tcp port

Linux iptables: Port Redirection Example

How do I redirect 80 port to 8123 using iptables?
[click to continue…]

MySQL: Change Default Port Under Linux / UNIX

Q.I'm using MySQL 5 under Red Hat Enterprise Linux 5. How do I change default mysql server port (tcp port 3306) under Linux or UNIX operating systems?
[click to continue…]

How do I open a network port range in the firewall under OpenSuse / Suse Enterprise Linux server? How do open a port range in my firewall, such as the TCP ports 30000 to 35000?
[click to continue…]

Q. How do I find out which service is listening on a specific port? How do I find out what program is listening on a specific TCP Port?
[click to continue…]

Q. Can you example how can I install telnet service or server under Linux or FreeBSD operating system?

A. TELNET (TELetype NETwork) is a network protocol used on the Internet or local area network LAN connections.

The telnetd program (telnet server) is a server which supports the DARPA telnet interactive communication protocol. Telnetd is normally invoked by the internet server inetd or xinetd for requests to connect to the telnet port as indicated by the /etc/services file. Usaually telnet listen on port TCP port 23.

Telnet in is insecure protocol and it is recommended that you use ssh server. But some time you really need telnet then first install telnet server as according to version of Linux distribution.

Telnet server installation

WARNING! Installing telnet open your computer to unencrypted network communication, which is a bad idea. If possible avoid telnet; and use secure shell called ssh.

Debain/Ubuntu Linux user type the following command:
# apt-get install telnetd
OR
$ sudo apt-get install telnetdFedora Linux user the following command:
# yum install telnet-server telnetRed Hat enterprise Linux user type the following command:
up2date telnet-server telnetFreeBSD user type the following command:
No need to install new (telnet server) package, it is installed by default (/usr/libexec/telnetd)

Configure telnet server (turn on telnet server)

Again each distribution has its own method to turn on or off telnet service; same applies to telnet UNIX/Linux server.

If you are using Red Hat / Fedora Linux
The configuration file for telnet is /etc/xinetd.d/telnet. To enable telnet server you need to open this file and make sure disable = no read as disable = yes.
Alternately,
# chkconfig telnet onTo start telnet server type command:
# /etc/init.d/xinetd restartIf you are using Debian Linux
The configuration file for telnet is /etc/inetd.conf. By default it is enabled when you install telnet server. To start telnet server type command:
# /etc/init.d/inetd restartIf you are using FreeBSD
The configuration file for telnet is /etc/inetd.conf. Open file using vi text editor and uncomment line:
# vi /etc/inetd.conf
Make sure commented line:
#telnet stream tcp nowait root /usr/libexec/telnetd telnetdRead as follows:
telnet stream tcp nowait root /usr/libexec/telnetd telnetdSave and close the file. Start telnet service:

Enable inetd service so that telnet get loaded:
# vi /etc/rc.confAppend/add following line to configuration file:
inetd_enable="YES"Save and close the file, Rsstart telnet via inetd service:
# /etc/rc.d/inetd restart

Telnet to server (How do I use telnet client?)

You should now be able to telnet to the server from Windows or Linux desktop system. Type the following command to connect to Telnet server:telnet server-ip-address
telnet 192.168.1.5

Restrict ssh access using Iptable

Q. How do I stop or restrict access to my OpenSSH (SSHD) server using Linux iptables based firewall?

A. Linux iptables firewall can be use to block or restrict access to ssh server. Iptables command is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. However, you can also use tcpd, access control facility for internet services.

Use iptables to Restrict ssh access

Following is simple rule that block all incoming ssh access at port 22
iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP

However in real life you need to use something as follows. Let us assume that your ssh server IP address is 195.55.55.78, remember ssh server use TCP port 22 for all incoming connection. With iptables you can block all incoming connection at port 22 with following two rules:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -j DROP

If you just want to deny access to group of IPS then you need to add following rules to your script:
IPS="202.54.1.20 64.66.44.22 64.66.44.25"
for i in $IPS
do
iptables -A INPUT -p tcp -s 0/0 -s $i --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d $i --dport 513:65535 -m state --state ESTABLISHED -j DROP
done

Add all of above rules to your iptables firewall shell script (do not type @ shell prompt)

See also: