Find the answer to your Linux question:
Results 1 to 3 of 3
I recently built a new linux box running ubuntu 9.04 on an Asus eeebox. So far everything works great, but I am having an issue setting up my iptables rules. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jun 2009
    Posts
    1

    iptables help


    I recently built a new linux box running ubuntu 9.04 on an Asus eeebox. So far everything works great, but I am having an issue setting up my iptables rules. What I am trying to do is only allow bittorrent traffic over my vpn connection ppp0. I have created a rule to drop all bittorrent traffic over eth0 and allow all bittorrent traffic over ppp0. Currently my script is not blocking the eth0 connection, so I am still able to download over eth0. Here is my iptables script. I hope someone can look at it a tell me what I have done wrong or what I am missing. Thanks in advance for all the help

    Code:
    #!/bin/bash
    
    # Remove all rules and chains
    iptables -F
    iptables -X
    
    # first set the default behaviour => accept connections
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT
    
    # Allow ESTABLISHED and RELATED incoming connection
    iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    # Allow loopback traffic
    iptables -A INPUT -i lo -j ACCEPT
    # DROP all forward packets, I don't share this internet connection
    iptables -A FORWARD -j DROP
    # Drop all Bittorrent packets going over eth0
    iptables -A OUTPUT -o eth0 -p tcp -m multiport --dport 6881:6999 -j DROP
    # Allow all Bittorent traffic going over vpn connection pp0
    iptables -A OUTPUT -o ppp0 -p tcp -m multiport --dport 6881:6999 -j ACCEPT
    
    # End message
    echo " [iptables rules are set]"

  2. #2
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    The problem here is that you're attempting to filter traffic the wrong way around. Your packets will be _received_ on 6881:6999 rather than sent. Change OUTPUT to INPUT and see if this works.

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Where does eth0 connect?
    Where does ppp0 connect?


    Because your Policy is set to ACCEPT on all INPUT, OUTPUT and FORWARD the following rules are redundant;

    Code:
    iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A INPUT -i lo -j ACCEPT
    iptables -A OUTPUT -o ppp0 -p tcp -m multiport --dport 6881:6999 -j ACCEPT
    The POLICY already accepts them and everything else coming to your system. Your firewall is not going to block anything but forwarding and port 6881-6999 going out eth0 as you have it set up now. That being said I hope your system isn't on the internet yet because you could have already be jacked.

    You are thinking sdrawkcabssa!

    You should be blocking everything and only allowing in what you want in or out. As to the other posters comment about switching OUTPUT and INPUT it doesn't matter as you are accepting everything anyway.

    This TUTORIAL is a starting place and has examples in it.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •