Results 1 to 3 of 3
Hi folks,
WAN
Ubuntu 7.04 server amd64
iptables 1.3.6
port 22 forwarded to server router addr (router_ip)
Server_router_ip = 192.168.0.51
Public_IP_1
Archlinux 86-64 2007-08-2 (workstation)
Workstation_router_ip = 192.168.0.11
Public_IP_2
I'm ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-21-2008 #1Linux Guru
- Join Date
- Sep 2004
- Posts
- 1,712
iptables rule question
Hi folks,
WAN
Ubuntu 7.04 server amd64
iptables 1.3.6
port 22 forwarded to server router addr (router_ip)
Server_router_ip = 192.168.0.51
Public_IP_1
Archlinux 86-64 2007-08-2 (workstation)
Workstation_router_ip = 192.168.0.11
Public_IP_2
I'm trying to set rules on Server to only allow the workstation which is running
Public_IP_2 and router_ip=192.168.0.11 to ssh_connect the Server. Please shed me some light how to
start. TIA
B.R.
satimis
- 02-21-2008 #2Linux Engineer
- Join Date
- Aug 2007
- Location
- England
- Posts
- 848
If I understand this right you want to allow 192.168.0.11 to connect to 192.168.0.51 on port 22 (ssh) and all other traffic to be dropped? This rule should do that:
#accept tcp packets from 192.168.0.11 on port 22
iptables --append INPUT --source 192.168.1.11 --protocol tcp --destination-port 22 --jump ACCEPT
#drop everything else
iptables --append INPUT --jump DROPLinux User #453176
- 02-21-2008 #3Linux Guru
- Join Date
- Sep 2004
- Posts
- 1,712
Thanks for your advice.
Originally Posted by Kieren 
Following rules works here but port 22 has to be forwarded on server routerAdding your suggestion and indexing them as 2 and 3 makes no difference (other index also changed according.)Code:# INPUT # # allow all incoming traffic from the management interface NIC # as long as it is a part of an established connection iptables -I INPUT 1 -j ACCEPT -d server_public_ip -m state --state RELATED,ESTABLISHED # allow all VMware MUI HTTP traffic to the management interface NIC iptables -I INPUT 2 -j ACCEPT -p TCP -d server_public_ip --destination-port 8222 # allow all VMware MUI HTTPS traffic to the management interface NIC iptables -I INPUT 3 -j ACCEPT -p TCP -d server_public_ip --destination-port 8333 # allow all VMware Authorization Daemon traffic to the management interface NIC iptables -I INPUT 4 -j ACCEPT -p TCP -d server_public_ip --destination-port 902 # reject all other traffic to the management interface NIC iptables -I INPUT 5 -j REJECT -d server_public_ip --reject-with icmp-port-unreachable # # OUTPUT # # allow all outgoing traffic from the management interface NIC # if it is a part of an established connection iptables -I OUTPUT 1 -j ACCEPT -s server_public_ip -m state --state RELATED,ESTABLISHD # allow all DNS queries from the management interface NIC iptables -I OUTPUT 2 -j ACCEPT -s server_public_ip -p UDP --destination-port 53 # reject all other traffic from localhost #iptables -I OUTPUT 3 -j REJECT -s 127.0.0.1 --reject-with icmp-port-unreachable # reject all other traffic from the management interface NIC iptables -I OUTPUT 3 -j REJECT -s server_public_ip --reject-with icmp-port-unreachable
"A" has to be changed as "I". Otherwise it complains
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
