HELP, Need quick iptables rules - Networking

This is a discussion on HELP, Need quick iptables rules - Networking ; I'm a newbie to iptables and need quick iptables rules that say any node can connect inbound to the linux server from subnets 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all other networks. Any help is greatly ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: HELP, Need quick iptables rules

  1. HELP, Need quick iptables rules


    I'm a newbie to iptables and need quick iptables rules that say any
    node can connect inbound to the linux server from subnets
    192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all
    other networks.

    Any help is greatly appreciated! Thanks...

    -akak

  2. Re: HELP, Need quick iptables rules

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    >>>>> On Tue, 15 Jan 2008 00:18:45 -0800 (PST), akak01000101@gmail.com said:


    akak01000101> I'm a newbie to iptables and need quick iptables rules that say any
    akak01000101> node can connect inbound to the linux server from subnets
    akak01000101> 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all
    akak01000101> other networks.

    /sbin/iptables -A INPUT --src-host 192.168.1.0/24 -p tcp --dport 8000 -j ACCEPT
    /sbin/iptables -A INPUT --src-host 192.168.2.0/24 -p tcp --dport 8000 -j ACCEPT

    HTH
    - --
    Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/
    ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFHjLoOHy+EEHYuXnQRAhTsAJ9+2Tp/KGOpYl/KNBTfBly68LcAQACglbAK
    lBQEpPD39f/OhQvnO/CL6ow=
    =H2gN
    -----END PGP SIGNATURE-----

  3. Re: HELP, Need quick iptables rules

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    >>>>> "आशीष" == Ashish Shukla आशीष शुक्ल writes:
    >>>>> On Tue, 15 Jan 2008 00:18:45 -0800 (PST), akak01000101@gmail.com said:


    akak01000101> I'm a newbie to iptables and need quick iptables rules that say any
    akak01000101> node can connect inbound to the linux server from subnets
    akak01000101> 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all
    akak01000101> other networks.

    Forgot to mention deny rule.

    आशीष> /sbin/iptables -A INPUT --src-host 192.168.1.0/24 -p tcp --dport 8000 -j ACCEPT
    आशीष> /sbin/iptables -A INPUT --src-host 192.168.2.0/24 -p tcp --dport 8000 -j ACCEPT

    /sbin/iptables -A INPUT -p tcp --dport 8000 -j DROP

    HTH
    - --
    Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/
    ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFHjNAqHy+EEHYuXnQRAiFuAJ49WXX7YIqiEVLKDhIk8V qVtJ1oIgCgupD5
    onFhmfXFu/gZIV//0MSGkEk=
    =tIk1
    -----END PGP SIGNATURE-----

  4. Re: HELP, Need quick iptables rules

    On Jan 15, 5:24 pm, wahj...@gmail.com (Ashish Shukla आशीष शुक्ल)
    wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > >>>>> "आशीष" == Ashish Shukla आशीष शुक्ल writes:
    > >>>>> On Tue, 15 Jan 2008 00:18:45 -0800 (PST), akak01000...@gmail.com said:

    >
    > akak01000101> I'm a newbie to iptables and need quick iptables rules that say any
    > akak01000101> node can connect inbound to the linux server from subnets
    > akak01000101> 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all
    > akak01000101> other networks.
    >
    > Forgot to mention deny rule.
    >
    > आशीष> /sbin/iptables -A INPUT --src-host 192.168.1.0/24 -p tcp --dport 8000 -j ACCEPT
    > आशीष> /sbin/iptables -A INPUT --src-host 192.168.2.0/24 -p tcp --dport 8000 -j ACCEPT
    >
    > /sbin/iptables -A INPUT -p tcp --dport 8000 -j DROP
    >
    > HTH
    > - --
    > Ashish Shukla आशीष शुक्ल http://wahjava.wordpress.com/
    > ·-- ·- ···· ·--- ·- ···- ·- ·--·-· --· -- ·- ·· ·-·· ·-·-·- -·-· --- --
    > -----BEGIN PGP SIGNATURE-----
    > Version: GnuPG v1.4.6 (GNU/Linux)
    >
    > iD8DBQFHjNAqHy+EEHYuXnQRAiFuAJ49WXX7YIqiEVLKDhIk8V qVtJ1oIgCgupD5
    > onFhmfXFu/gZIV//0MSGkEk=
    > =tIk1
    > -----END PGP SIGNATURE-----


    -But be careful where to put these rules. they may not work if there
    any other rules before them may block the traffic for example,so
    beware,and you may input them as first rules so no other earlier rule
    can affect them. So some times don't use -A and use -I with arule
    number like
    /sbin/iptables -I INPUT 1 -s 192.168.1.0/24 -p tcp --dport 8000 -j
    ACCEPT
    /sbin/iptables -I INPUT 2 -s 192.168.2.0/24 -p tcp --dport 8000 -j
    ACCEPT
    /sbin/iptables -I INPUT 3 -p tcp --dport 8000 -j DROP
    And then don't forget to store the new rules you added. So you don't
    lose them when you restart your system.
    wishes

  5. Re: HELP, Need quick iptables rules

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    akak01000101@gmail.com wrote:
    | I'm a newbie to iptables and need quick iptables rules that say any
    | node can connect inbound to the linux server from subnets
    | 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP, and deny all
    | other networks.
    |
    | Any help is greatly appreciated! Thanks...
    |
    | -akak

    Another word of advice, when you're configuring the firewall. Don't try
    to ssh to the firewall box you're trying to configure. As previously
    mentioned, you can lockdown the entire computer accidentally, which
    boots your ssh session in the process.

    a misplaced "iptables -P INPUT DROP" can really **** your day.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.7 (MingW32)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFHpIZx9v5kFOkJa9gRAm35AJ9Sb+32TpiuzSOJSEKje1 6YjKCMdACgiNi1
    y3PY4/BPufJL6FFjcIgcbXY=
    =g6Z+
    -----END PGP SIGNATURE-----


  6. Re: HELP, Need quick iptables rules

    "habibielwa7id" wrote in message
    news:b3e861dc-ef7e-4dfa-a94d-80e30423a293@v67g2000hse.googlegroups.com...
    On Jan 15, 5:24 pm, wahj...@gmail.com (Ashish Shukla ???? ?????)
    wrote:
    > -----BEGIN PGP SIGNED MESSAGE-----
    > Hash: SHA1
    >
    > >>>>> "????" == Ashish Shukla ???? ????? writes:
    > >>>>> On Tue, 15 Jan 2008 00:18:45 -0800 (PST), akak01000...@gmail.com

    said:
    >
    > akak01000101> I'm a newbie to iptables and need quick iptables rules

    that say any
    > akak01000101> node can connect inbound to the linux server from

    subnets
    > akak01000101> 192.168.1.0/24 and 192.168.2.0/24 to port 8000 via TCP,

    and deny all
    > akak01000101> other networks.
    >
    > Forgot to mention deny rule.
    >
    > ????> /sbin/iptables -A INPUT --src-host 192.168.1.0/24 -p tcp --dport

    8000 -j ACCEPT
    > ????> /sbin/iptables -A INPUT --src-host 192.168.2.0/24 -p tcp --dport

    8000 -j ACCEPT

    Athough the "-p tcp" selects the TCP protocol, don't you also need a "-m
    tcp" in order to be able to use the "--dport" option?

    > /sbin/iptables -A INPUT -p tcp --dport 8000 -j DROP
    >
    > HTH


    The same question goes for the reply below too:

    -But be careful where to put these rules. they may not work if there
    any other rules before them may block the traffic for example,so
    beware,and you may input them as first rules so no other earlier rule
    can affect them. So some times don't use -A and use -I with arule
    number like
    /sbin/iptables -I INPUT 1 -s 192.168.1.0/24 -p tcp --dport 8000 -j
    ACCEPT
    /sbin/iptables -I INPUT 2 -s 192.168.2.0/24 -p tcp --dport 8000 -j
    ACCEPT
    /sbin/iptables -I INPUT 3 -p tcp --dport 8000 -j DROP
    And then don't forget to store the new rules you added. So you don't
    lose them when you restart your system.
    wishes



+ Reply to Thread