When setting up new services on a clean Red Hat or CentOS install, many administrators face problems related to the default security settings. Red Hat is secured by default, including, but not limited to, iptables firewall and SElinux, which are both enabled after installation.
I will never recomend disabling iptables without trying to add required rules first, because OS security is just as important as the configuration of the service you set up.
The easiest way to debug iptables configuration is to log dropped packets.
Open
/etc/sysconfig/iptables
in a text editor. Find these two lines:
-A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited
And replace them with the following:
-N LOGGING -A INPUT -j LOGGING -A FORWARD -j LOGGING -A LOGGING -m limit --limit 3/min -j LOG --log-prefix "iptables dropped: " --log-level 7 -A LOGGING -j REJECT --reject-with icmp-host-prohibited
Logs will appear in
/var/log/messages
Feb 18 10:08:54 centos6 kernel: IPTables-Dropped: IN=eth0 OUT= MAC=00:0c:29:c8:14:11:64:70:02:04:db:06:08:00 SRC=192.168.0.45 DST=192.168.0.217 LEN=52 TOS=0x00 PREC=0x00 TTL=128 ID=3381 DF PROTO=TCP SPT=1516 DPT=63860 WINDOW=65535 RES=0x00 SYN URGP=0
Hurrah! After all I got a web site from where I know how to in fact get useful data concerning my study and knowledge.