Find the answer to your Linux question:
Results 1 to 3 of 3
I recently built a new linux box running ubuntu 9.04 on an Asus eeebox. So far everything works great, but I am having an issue setting up my iptables rules. ...
  1. 06-02-2009 #1
    xolt
    xolt is offline
    Just Joined!
    Join Date
    Jun 2009
    Posts
    1

    iptables help

    I recently built a new linux box running ubuntu 9.04 on an Asus eeebox. So far everything works great, but I am having an issue setting up my iptables rules. What I am trying to do is only allow bittorrent traffic over my vpn connection ppp0. I have created a rule to drop all bittorrent traffic over eth0 and allow all bittorrent traffic over ppp0. Currently my script is not blocking the eth0 connection, so I am still able to download over eth0. Here is my iptables script. I hope someone can look at it a tell me what I have done wrong or what I am missing. Thanks in advance for all the help

    Code:
    #!/bin/bash

# Remove all rules and chains
iptables -F
iptables -X

# first set the default behaviour => accept connections
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# Allow ESTABLISHED and RELATED incoming connection
iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# DROP all forward packets, I don't share this internet connection
iptables -A FORWARD -j DROP
# Drop all Bittorrent packets going over eth0
iptables -A OUTPUT -o eth0 -p tcp -m multiport --dport 6881:6999 -j DROP
# Allow all Bittorent traffic going over vpn connection pp0
iptables -A OUTPUT -o ppp0 -p tcp -m multiport --dport 6881:6999 -j ACCEPT

# End message
echo " [iptables rules are set]"
    Reply With Quote Reply With Quote
  2. 06-03-2009 #2
    Krendoshazin
    Krendoshazin is offline
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    385
    The problem here is that you're attempting to filter traffic the wrong way around. Your packets will be _received_ on 6881:6999 rather than sent. Change OUTPUT to INPUT and see if this works.
    Reply With Quote Reply With Quote
  3. 06-04-2009 #3
    Lazydog
    Lazydog is offline
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,281
    Where does eth0 connect?
    Where does ppp0 connect?


    Because your Policy is set to ACCEPT on all INPUT, OUTPUT and FORWARD the following rules are redundant;

    Code:
    iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o ppp0 -p tcp -m multiport --dport 6881:6999 -j ACCEPT
    The POLICY already accepts them and everything else coming to your system. Your firewall is not going to block anything but forwarding and port 6881-6999 going out eth0 as you have it set up now. That being said I hope your system isn't on the internet yet because you could have already be jacked.

    You are thinking sdrawkcabssa!

    You should be blocking everything and only allowing in what you want in or out. As to the other posters comment about switching OUTPUT and INPUT it doesn't matter as you are accepting everything anyway.

    This TUTORIAL is a starting place and has examples in it.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

...