Re: Inquiry:iptables ?

[Rob Kampen <rkampen@xxxxxxxxxxxxxxxxx>]

ken wrote:
> On 11/02/2009 09:36 AM Rob Kampen wrote:
>   
> > ken wrote:
> >     
> > > On 10/31/2009 04:10 AM Tony Molloy wrote:
> > >  
> > >       
> > > > On Saturday 31 October 2009 07:48:05 hadi motamedi wrote:
> > > >    
> > > >         
> > > > > Dear All
> > > > > To open a port , I know that I need to go to "System ->
> > > > > Administration ->
> > > > > Security Level and Firewall" -> Other ports and then I can open
> > > > > port-5901
> > > > > as tcp protocol . Can you please do me favor and let me know how it
> > > > > can be
> > > > > done from the command line (if my CentOS is text-mode installed) ?
> > > > > (perhaps
> > > > > via iptables?)
> > > > > Let me thank you in advance
> > > > >       
> > > > >           
> > > > Edit /etc/sysconfig/iptables
> > > >
> > > > Restart iptables with service iptables restart
> > > >
> > > > Tony
> > > >     
> > > >         
> > > My /etc/sysconfig/iptables states at the top that editing of it is not
> > > recommended.  Yeah, I don't always follow such recommendations myself,
> > > but is there perhaps another way more in keeping with the sense of the
> > > application?
> > >
> > >       
> > Yeah, editing directly can be risky, nothing worse than making a change
> > only to find that access to your server just disappeared and you need to
> > get in front of it to reset via the console....
> > I use webmin for most of my edits, only make it accessible from the LAN
> > and not the WAN. You can always tunnel the :10000 port via ssh and
> > access securely from a remote location.
> > The webmin console is left open while I test, thus I have not yet
> > tripped up on this though I can imagine it is not fool proof.
> > HTH
> > Rob
> >     
>
> Rob,
>
> Sounds like you've thought through the process and have a well-planned
> strategy for failure-prevention.  Cool.
>
> I checked my port 10000 (ssh -p 10000 ...) and found it not available
> ("Connection refused").  So in what sense, or how, can I always tunnel it?
>
> tnx.
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>   
Ken, I first setup webmin on the server - this listens on port 10000 by 
default (https).
Then from a remote location I can
ssh servername -L 8081:localhost:10000
This will capture local port 8081 and tunnel to the remote server port 
10000.
Then with firefox I enter https://localhost:8081/
and I get the remote server's webmin.
HTH
Rob

begin:vcard
fn:Rob Kampen
n:Kampen;Rob
email;internet:rob@xxxxxxxxxxxxxxxxx
tel;cell:407-341-3815
version:2.1
end:vcard

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos