- This topic has 1 reply, 2 voices, and was last updated Jul 27-1:31 pm by Dave.
-
Posts
-
jackson312
I am setting up some firewall rules, but am unable to use a simple point to point network when using iptables. On the Linux side eth0 has a static IP of 192.168.10.22. That port is directly hooked up to a simple appliance that has the IP of 192.168.20.120, just a point to point.
I can ping the device and the app on Linux can talk with it fine. Once I load iptable rules I am blocked. If I flush all the rules, the port is still unusable. Below are some of the iptable rules I tried:
sudo iptables -F
sudo iptables -P INPUT DROP
sudo iptables -A INPUT -i eth2 -p tcp –dport 22 -j ACCEPT
sudo iptables -A INPUT -i eth2 -p tcp –dport 9734 -j ACCEPT
sudo iptables -A INPUT -i eth2 -p tcp –dport 48005 -j ACCEPTsudo iptables -A INPUT -i eth0 -p tcp –dport 9800 -j ACCEPT
sudo iptables -A INPUT -i lo -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
Dave
Not 100% sure, I am quite rusty with manually setting ip tables.
I think you will need to specify the master INPUT DROP after all the other entries, otherwise it will be the first to match and always drop.
Also I am not sure what services you are using, but if I recall correctly for SSH (based on the port 22 rule) you will also need an OUTPUT –sport rule. Otherwise the server will receive the client request but not be able to reply. This is assuming you do not allow all output.- This reply was modified 1 year, 9 months ago by Dave.
Computers are like air conditioners. They work fine until you start opening Windows. ~Author Unknown
- You must be logged in to reply to this topic.
