Find the answer to your Linux question:
Results 1 to 3 of 3
Hi folks, WAN Ubuntu 7.04 server amd64 iptables 1.3.6 port 22 forwarded to server router addr (router_ip) Server_router_ip = 192.168.0.51 Public_IP_1 Archlinux 86-64 2007-08-2 (workstation) Workstation_router_ip = 192.168.0.11 Public_IP_2 I'm ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,814

    iptables rule question


    Hi folks,


    WAN

    Ubuntu 7.04 server amd64
    iptables 1.3.6
    port 22 forwarded to server router addr (router_ip)
    Server_router_ip = 192.168.0.51
    Public_IP_1

    Archlinux 86-64 2007-08-2 (workstation)
    Workstation_router_ip = 192.168.0.11
    Public_IP_2


    I'm trying to set rules on Server to only allow the workstation which is running
    Public_IP_2 and router_ip=192.168.0.11 to ssh_connect the Server. Please shed me some light how to
    start. TIA


    B.R.
    satimis

  2. #2
    Linux Engineer Kieren's Avatar
    Join Date
    Aug 2007
    Location
    England
    Posts
    848
    If I understand this right you want to allow 192.168.0.11 to connect to 192.168.0.51 on port 22 (ssh) and all other traffic to be dropped? This rule should do that:

    #accept tcp packets from 192.168.0.11 on port 22
    iptables --append INPUT --source 192.168.1.11 --protocol tcp --destination-port 22 --jump ACCEPT

    #drop everything else
    iptables --append INPUT --jump DROP
    Linux User #453176

  3. #3
    Linux Guru
    Join Date
    Sep 2004
    Posts
    1,814
    Quote Originally Posted by Kieren View Post
    If I understand this right you want to allow 192.168.0.11 to connect to 192.168.0.51 on port 22 (ssh) and all other traffic to be dropped? This rule should do that:

    #accept tcp packets from 192.168.0.11 on port 22
    iptables --append INPUT --source 192.168.1.11 --protocol tcp --destination-port 22 --jump ACCEPT

    #drop everything else
    iptables --append INPUT --jump DROP
    Thanks for your advice.


    Following rules works here but port 22 has to be forwarded on server router
    Code:
    # INPUT
    #
    
    # allow all incoming traffic from the management interface NIC
    # as long as it is a part of an established connection
    iptables -I INPUT 1 -j ACCEPT -d server_public_ip -m state --state RELATED,ESTABLISHED
    
    # allow all VMware MUI HTTP traffic to the management interface NIC
    iptables -I INPUT 2 -j ACCEPT -p TCP -d server_public_ip --destination-port 8222
    
    # allow all VMware MUI HTTPS traffic to the management interface NIC
    iptables -I INPUT 3 -j ACCEPT -p TCP -d server_public_ip --destination-port 8333
    
    # allow all VMware Authorization Daemon traffic to the management interface NIC
    iptables -I INPUT 4 -j ACCEPT -p TCP -d server_public_ip --destination-port 902
    
    # reject all other traffic to the management interface NIC
    iptables -I INPUT 5 -j REJECT -d server_public_ip --reject-with icmp-port-unreachable
    
    #
    # OUTPUT
    #
    
    # allow all outgoing traffic from the management interface NIC
    # if it is a part of an established connection
    iptables -I OUTPUT 1 -j ACCEPT -s server_public_ip -m state --state RELATED,ESTABLISHD
    
    # allow all DNS queries from the management interface NIC
    iptables -I OUTPUT 2 -j ACCEPT -s server_public_ip -p UDP --destination-port 53
    
    # reject all other traffic from localhost
    #iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable
    
    # reject all other traffic from the management interface NIC
    iptables -I OUTPUT 3 -j REJECT -s server_public_ip --reject-with icmp-port-unreachable
    Adding your suggestion and indexing them as 2 and 3 makes no difference (other index also changed according.)

    "A" has to be changed as "I". Otherwise it complains

  4. $spacer_open
    $spacer_close

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •