I have a firewall running on my Linux host. How should I configure it to use Xmanager?

Owned by Support
May 02, 2018
2 min read

Nowadays most Linux distributions run a firewall by default and it results in blocking of the TCP/UDP ports required to be used for Xmanager.

Because the firewall programs used in Linux are various through out all distributions and versions, you might need to refer to user manuals or technical support service for your the Linux distribution you use. The following instruction is for ipchains and iptables, which are the most common firewall tools for Linux.


ipchains Configurations

Open /etc/sysconfig/ipchains file and add the following lines. 

(*The lines in gray color are comments for the firewall rules and not necessary to be added into the file.)

# If you want to use GNOME/KDE, add the following line.
-A input -p udp -s 0/0 -d 0/0 177 -j ACCEPT
# If you have set font server on Xconfig, add the following line.
-A input -p tcp -s 0/0 -d 0/0 7100 -j ACCEPT
# If you are to connect via xstart, add the following line(s).
-A input -p tcp -s 0/0 -d 0/0 telnet -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 ssh -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 login -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 exec -j ACCEPT
-A input -p tcp -s 0/0 -d 0/0 shell -j ACCEPT

To apply the new rules, restart ipchains by the following command.
#/etc/init.d/ipchains restart
To check if all added rules are running in the system, use the following command
#ipchains -L


iptables Configuration

Open/etc/sysconfig/iptablesfile and add the following lines.
(*The lines in gray color are comments for the firewall rules and not necessary to be added into the file.)

# If you want to use GNOME/KDE, add the following line.
-A INPUT -p udp --dport 177 -j ACCEPT
# If you have set font server on Xconfig, add the following line.
-A INPUT -p tcp --dport 7100 -j ACCEPT
# If you are to connect via xstart, add the following line(s).
-A INPUT -p tcp --dport telnet -j ACCEPT
-A INPUT -p tcp --dport ssh -j ACCEPT
-A INPUT -p tcp --dport login -j ACCEPT
-A INPUT -p tcp --dport exec -j ACCEPT
-A INPUT -p tcp --dport shell -j ACCEPT

To apply the new rules, restart iptables by the following command.
#/etc/init.d/iptables restart
To check if all added rules are running in the system, use the following command.
#iptables -L

lokkit Configuration for RedHat 8, 9

In RedHat 8 or 9, you can configure the firewall using lokkit program. When you runlokkit, /etc/sysconfig/iptablesile is created.
Add the following lines in the beginning of the file.

-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 177 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 512 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 513 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 514 --syn -j ACCEPT

To apply the new rules, restart iptables by the following command.
# /etc/init.d/iptables restart