Iptables and the newb - Slackware

This is a discussion on Iptables and the newb - Slackware ; Hello yet again fellow Slackers. I am trying to open port 4662 for tcp access and port 4672 for udp access. I have my router set to allow them for this machine (Slackware 11 using the 2.4.33.3 kernel and iptables ...

+ Reply to Thread
Results 1 to 15 of 15

Thread: Iptables and the newb

  1. Iptables and the newb

    Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    access and port 4672 for udp access. I have my router set to allow
    them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    iptables as a firewall) but always get a low id from aMule. I have
    read the man for iptables, but all that managed to do was add to my
    confusion LOL. Any help for a complete networking newb would be great.

  2. Re: Iptables and the newb

    On 2007-11-15, vorkragresh@gmail.com wrote:
    > Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    > access and port 4672 for udp access. I have my router set to allow
    > them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    > iptables as a firewall) but always get a low id from aMule. I have
    > read the man for iptables, but all that managed to do was add to my
    > confusion LOL. Any help for a complete networking newb would be great.


    STFW
    JFGI
    GAFC


    --
    "Ubuntu" - an African word meaning "Slackware is too hard for me".


  3. Re: Iptables and the newb

    On Thu, 15 Nov 2007 04:56:50 -0800, vorkragresh wrote:

    > Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    > access and port 4672 for udp access. I have my router set to allow
    > them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    > iptables as a firewall) but always get a low id from aMule. I have
    > read the man for iptables, but all that managed to do was add to my
    > confusion LOL. Any help for a complete networking newb would be great.
    >

    I hate giving advice on iptables because there is a big downside to
    getting it wrong. I can't know everything about your setup, and the devil
    is in the details. I really advise you to read Rusty Russell's explanation
    of how to setup a basic iptables firewall. Also, I haven't looked up the
    ports you need to be open to offer any possible reason why you
    shouldn't, etc. With those disclaimers, and Russell's tutorial on hand,
    http://www.netfilter.org/documentati...ing-HOWTO.html

    then perhaps, adding rules similar to those presented below could work.

    If the chain begins with an "ESTABLISHED, RELATED", then perhaps appending
    to the existing user defined chain (as shown in Russell's example):

    KNOWN_HOST=10.0.0.2
    D_PORT=4662
    iptables -A block -s $KNOWN_HOST -p tcp --dport $D_PORT \
    -m state --state NEW -j ACCEPT

    KNOWN_HOST=10.0.0.2
    D_PORT=4672
    iptables -A block -s $KNOWN_HOST -p udp --dport $D_PORT \
    -m state --state NEW -j ACCEPT

    Note: iptable rules are applied in order; that is, iptable rules defined
    earlier take precendence over rules defined later.



  4. Re: Iptables and the newb

    On Thu, 15 Nov 2007 04:56:50 -0800 (PST)
    vorkragresh@gmail.com wrote:

    > Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    > access and port 4672 for udp access. I have my router set to allow
    > them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    > iptables as a firewall) but always get a low id from aMule. I have
    > read the man for iptables, but all that managed to do was add to my
    > confusion LOL. Any help for a complete networking newb would be great.


    Are there any records in the log file (syslog) about stopped/dropped
    connections?

    Mikhail

  5. Re: Iptables and the newb

    On Nov 15, 12:16 pm, Douglas Mayne wrote:
    > On Thu, 15 Nov 2007 04:56:50 -0800, vorkragresh wrote:
    > > Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    > > access and port 4672 for udp access. I have my router set to allow
    > > them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    > > iptables as a firewall) but always get a low id from aMule. I have
    > > read the man for iptables, but all that managed to do was add to my
    > > confusion LOL. Any help for a complete networking newb would be great.

    >
    > I hate giving advice on iptables because there is a big downside to
    > getting it wrong. I can't know everything about your setup, and the devil
    > is in the details. I really advise you to read Rusty Russell's explanation
    > of how to setup a basic iptables firewall. Also, I haven't looked up the
    > ports you need to be open to offer any possible reason why you
    > shouldn't, etc. With those disclaimers, and Russell's tutorial on hand,http://www.netfilter.org/documentati...ing-HOWTO.html
    >
    > then perhaps, adding rules similar to those presented below could work.
    >
    > If the chain begins with an "ESTABLISHED, RELATED", then perhaps appending
    > to the existing user defined chain (as shown in Russell's example):
    >
    > KNOWN_HOST=10.0.0.2
    > D_PORT=4662
    > iptables -A block -s $KNOWN_HOST -p tcp --dport $D_PORT \
    > -m state --state NEW -j ACCEPT
    >
    > KNOWN_HOST=10.0.0.2
    > D_PORT=4672
    > iptables -A block -s $KNOWN_HOST -p udp --dport $D_PORT \
    > -m state --state NEW -j ACCEPT
    >
    > Note: iptable rules are applied in order; that is, iptable rules defined
    > earlier take precendence over rules defined later.


    gonna go over this and the link and see what I can get to work
    thanks

  6. Re: Iptables and the newb

    On Nov 15, 12:53 pm, Mikhail Zotov wrote:
    > On Thu, 15 Nov 2007 04:56:50 -0800 (PST)
    >
    > vorkragr...@gmail.com wrote:
    > > Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    > > access and port 4672 for udp access. I have my router set to allow
    > > them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    > > iptables as a firewall) but always get a low id from aMule. I have
    > > read the man for iptables, but all that managed to do was add to my
    > > confusion LOL. Any help for a complete networking newb would be great.

    >
    > Are there any records in the log file (syslog) about stopped/dropped
    > connections?
    >
    > Mikhail


    I haven't seen any as yet.

  7. Re: Iptables and the newb

    On Nov 15, 9:53 am, Dan C wrote:
    > On 2007-11-15, vorkragr...@gmail.com wrote:
    > > Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    > > access and port 4672 for udp access. I have my router set to allow
    > > them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    > > iptables as a firewall) but always get a low id from aMule. I have
    > > read the man for iptables, but all that managed to do was add to my
    > > confusion LOL. Any help for a complete networking newb would be great.

    >
    > STFW
    > JFGI
    > GAFC
    >
    > --
    > "Ubuntu" - an African word meaning "Slackware is too hard for me".


    A reply that is shorter than your tagline...unique and yet still
    completely usless and uninteresting except maybe from a clinical
    psychology standpoint.

  8. Re: Iptables and the newb

    vorkragresh@gmail.com wrote:
    > I have
    > read the man for iptables, but all that managed to do was add to my
    > confusion LOL. Any help for a complete networking newb would be great.


    Understanding iptables requires a good knowledge of tcp/ip and
    networking protocols and ports. Whole books have been written on the
    subject. You might try setting up Guarddog firewall utility to get a
    working packet filter firewall until you get a grasp on the subject.
    Guarddog is designed for ease of use for newbies and uses a KDE gui
    front end. You might also look at Arno's iptables firewall script. It
    uses a shell config script to set up a working firewall. Both
    approaches use the "deny all: allow few" approach. You allow only what
    you need.

    http://www.simonzone.com/software/guarddog/
    http://rocky.molphys.leidenuniv.nl/

    I recently ran across a well written online tutorial on iptables, but
    the url is not on this computer. I'll try and find it and send it along.

    nb
    nb

  9. Re: Iptables and the newb

    On Thu, 15 Nov 2007 10:02:12 -0800, vorkragresh wrote:

    > A reply that is shorter than your tagline...unique and yet still
    > completely usless and uninteresting except maybe from a clinical
    > psychology standpoint.


    Dan C shares his pain and anguish with us for various reasons...using
    Occam's Razor we can conclude that his recent choice of sharp sand as a
    "sensation enhancing additive" to his favourite lubricant was sadly...a
    poor choice...for both him and his inflatable friend...ah well...live and
    learn

  10. Re: Iptables and the newb

    On Thu, 15 Nov 2007 10:00:22 -0800 (PST)
    vorkragresh@gmail.com wrote:

    > On Nov 15, 12:53 pm, Mikhail Zotov wrote:
    > > On Thu, 15 Nov 2007 04:56:50 -0800 (PST)

    ....
    > >
    > > Are there any records in the log file (syslog) about stopped/dropped
    > > connections?
    > >
    > > Mikhail

    >
    > I haven't seen any as yet.


    Do you have rules with the LOG target? Anyway, if you don't have time
    to study the iptables tutorial by O. Andreasson, I suggest you take a look
    at the following resources:

    http://linuxgazette.net/103/odonovan.html
    http://www.sns.ias.edu/~jns/wp/category/linux/iptables/

    --
    Mikhail


  11. Re: Iptables and the newb

    On Nov 15, 7:56 am, vorkragr...@gmail.com wrote:
    > Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    > access and port 4672 for udp access. I have my router set to allow
    > them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    > iptables as a firewall) but always get a low id from aMule. I have
    > read the man for iptables, but all that managed to do was add to my
    > confusion LOL. Any help for a complete networking newb would be great.


    After a check with my Linux Guru/mentor, I located the following line
    in my rc.firewall
    PORT_FORWARDS="" and added a bit to it and also a second line to look
    like this

    PORT_FORWARDS="tcp:4662:10.0.0.0(my local ip here)"
    PORT_FORWARDS="udp:4672:10.0.0.0(same)
    which after a quick /etc/rc.d/rc.firewall restart gave me a failure
    on the sanity checks because I had forgotten to enable Full NAT in my
    kernel LOL... After a quick recompile all was good and seems to be
    functioning as needed.

    Thanks for all the tutorial links , I bookmarked them all for
    reading against future need.

  12. Re: Iptables and the newb

    On Thu, 15 Nov 2007 10:02:12 -0800, vorkragresh wrote:

    > On Nov 15, 9:53 am, Dan C wrote:
    >> On 2007-11-15, vorkragr...@gmail.com wrote:
    >> > Hello yet again fellow Slackers. I am trying to open port 4662 for tcp
    >> > access and port 4672 for udp access. I have my router set to allow
    >> > them for this machine (Slackware 11 using the 2.4.33.3 kernel and
    >> > iptables as a firewall) but always get a low id from aMule. I have
    >> > read the man for iptables, but all that managed to do was add to my
    >> > confusion LOL. Any help for a complete networking newb would be great.

    >>
    >> STFW
    >> JFGI
    >> GAFC
    >>
    >> --
    >> "Ubuntu" - an African word meaning "Slackware is too hard for me".

    >
    > A reply that is shorter than your tagline...unique and yet still
    > completely usless and uninteresting except maybe from a clinical
    > psychology standpoint.


    Of course, if you fully took his advice to heart, you would no longer
    count as a "newb".

  13. Re: Iptables and the newb

    On 2007-11-15, vorkragresh@gmail.com wrote:

    >> STFW
    >> JFGI
    >> GAFC


    > A reply that is shorter than your tagline...unique and yet still
    > completely usless and uninteresting except maybe from a clinical
    > psychology standpoint.


    Shorter? The reply was 3 lines and the tagline is 1 line. No wonder
    you're having trouble with iptables.

    As for it being "usless", it's quite the opposite. All you need to know
    is contained in those three lines. Your problem is that you let your
    laziness get in the way of learning anything, because you want others to
    do your work for you.

    Oh well. That's why there are folks that work at McDonald's their whole
    lives. We need people like you around to make society function for the
    rest of us. Thanks.



    --
    "Ubuntu" - an African word meaning "Slackware is too hard for me".


  14. Re: Iptables and the newb

    On Fri, 16 Nov 2007 01:16:21 +0000, Dan C wrote:

    > Oh well. That's why there are folks that work at McDonald's their whole
    > lives. We need people like you around to make society function for the
    > rest of us. Thanks.


    Wow. From opening ports in the firewall to the needs of society in three
    steps. Impressive topic drift!

    --
    Chick Tower

    For e-mail: aols2 DOT sent DOT towerboy AT xoxy DOT net


  15. Re: Iptables and the newb

    Chick Tower wrote:
    > On Fri, 16 Nov 2007 01:16:21 +0000, Dan C wrote:


    > Wow. From opening ports in the firewall to the needs of society in three
    > steps. Impressive topic drift!


    You should hear some of "the meaning of life" limericks outta this group!

    nb


+ Reply to Thread