iptables is not working - Security

This is a discussion on iptables is not working - Security ; Hi everyone.. I am using Redhat linux 9. I want to use iptables to monitor the bandwidth. So create the rues and i saved it ..but no response is there... ---->iptables -N vlan100 ---->iptables -N vlan120 ---->iptables -A FORWARD -d ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: iptables is not working

  1. iptables is not working

    Hi everyone..

    I am using Redhat linux 9.

    I want to use iptables to monitor the bandwidth.

    So create the rues and i saved it ..but no response is there...

    ---->iptables -N vlan100
    ---->iptables -N vlan120

    ---->iptables -A FORWARD -d 172.16.100.0/24 -j vlan100

    ---->iptables -A FORWARD -s 172.16.120.0/24 -j vlan120

    ---->service iptables save

    Saving current rules to /etc/sysconfig/iptables: [OK]
    ---> service iptables status

    Table: filter
    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination
    vlan100 all -- anywhere 172.16.140.0/24
    vlan120 all -- anywhere 172.16.2.0/24

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    Chain vlan100 (1 references)
    target prot opt source destination

    Chain vlan120 (1 references)
    target prot opt source destination

    --->iptables -L -v -n

    Chain INPUT (policy ACCEPT 5657K packets, 3766M bytes)
    pkts bytes target prot opt in out source
    destination

    Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source
    destination
    0 0 vlan100 all -- * * 0.0.0.0/0
    172.16.140.0/24
    0 0 vlan120 all -- * * 0.0.0.0/0
    172.16.2.0/24

    Chain OUTPUT (policy ACCEPT 6502K packets, 4150M bytes)
    pkts bytes target prot opt in out source
    destination

    Chain vlan100 (1 references)
    pkts bytes target prot opt in out source
    destination

    Chain vlan120 (1 references)
    pkts bytes target prot opt in out source
    destination


    ----so nothing has come in the output. What will be the reason. I dont
    know whether iptables has some problem or me.


    Tell me the procedure wise to correct this problem

    Thanks in advance


  2. Re: iptables is not working

    > So create the rues and i saved it ..but no response is there...
    >
    > ---->iptables -N vlan100
    > ---->iptables -N vlan120
    >
    > ---->iptables -A FORWARD -d 172.16.100.0/24 -j vlan100
    >
    > ---->iptables -A FORWARD -s 172.16.120.0/24 -j vlan120
    >
    > ---->service iptables save


    The -N creates a group.

    You need a -A to put the above rules in that group.

    Then you need to do a -A FORWARD -j to implement it.

    Where you have -j vlan100/120 you're not really telling iptables what to
    do with it, i.e. DROP, ACCEPT, REJECT.

    The save part is probably distro specific, but there's also iptables-save
    iirc. Or just put all of the above (with corrections) in a bash script
    and run it when you need it, or at boot. My script starts off with some
    -F and -X directives which let me start with a clean slate. That way I
    can rerun it at any time and as often as I want. And go back six months
    or several years later and see exactly what I did in the first place.

    Per the basic firewall from the documentation, here's an example of using
    a group.

    iptables -N block
    iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A block -m state --state NEW -i ! -j ACCEPT
    iptables -A block -j DROP
    iptables -A INPUT -j block
    iptables -A FORWARD -j block

    HTH

+ Reply to Thread