Find the answer to your Linux question:
Results 1 to 3 of 3
Hi all. was wondering if you could check my rule and see if its correct. (dummy, ip's) basically i want to reject anything coming through the router and forwarding onto ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Feb 2007
    Posts
    2

    iptable rule. have i got it correct


    Hi all.

    was wondering if you could check my rule and see if its correct. (dummy, ip's)

    basically i want to reject anything coming through the router and forwarding onto a specific ip all ports apart from the one i have allowed through

    -A FORWARD -d 1.1.1.0 -s 2.2.2.0 -j ACCEPT -p tcp --destination-port 1433 -i eth2
    -A FORWARD -d 1.1.1.0 -s 2.2.2.0 -j DROP -p tcp -i eth2

    1.1.1.0 is the servers ip.
    2.2.2.0 is the users ip
    port 1443 is the only port i want to allow through, want to block everything else.

    cheers aron

  2. #2
    Linux User cyberinstru's Avatar
    Join Date
    Jan 2007
    Location
    India
    Posts
    362
    It also involves other details like:

    1. Consider your INPUT, FORWARD chains are DROP by default
    * -I INPUT -s 2.2.2.0 -d 1.1.1.0 -i eth2 -p tcp --dport 1433 -j ACCEPT
    * -I FORWARD -d 1.1.1.0 -s 2.2.2.0 -j ACCEPT -p tcp --destination-port 1433 -i eth2 -j ACCEPT

    Make sure that you allow all RELATED and ESTABLISHED states in INPUT chain.
    ---------------------------------
    Registered Linux User #440311
    HI2ARUN _AT_ GMAIL _DOT_ COM
    ---------------------------------

  3. #3
    Just Joined!
    Join Date
    Feb 2007
    Posts
    2
    thanks cyberinstru

    im trying to understand this, the rule i posted was what i got from reading around.

    they way i understood it is iptables reads each line starting at line 1.

    so line 1 would be

    -A FORWARD -d 1.1.1.0 -s 2.2.2.0 -j ACCEPT -p tcp --destination-port 1433 -i eth2

    if the port that was trying to enter is port 1433 then it finishes and lets that port through provided the source and desitination are as per the rule. if not it then moves onto the next rule

    -A FORWARD -d 1.1.1.0 -s 2.2.2.0 -j DROP -p tcp -i eth2

    and see that anything else drops.

    I may have it wrong thats why im requesting help from here.

    with you rule you say

    1. Consider your INPUT, FORWARD chains are DROP by default

    how do i find this out.

    and this

    -I INPUT -s 2.2.2.0 -d 1.1.1.0 -i eth2 -p tcp --dport 1433 -j ACCEPT

    i think i understand it your saying that its an input into the router and to accept it.

    -I FORWARD -d 1.1.1.0 -s 2.2.2.0 -j ACCEPT -p tcp --destination-port 1433 -i eth2 -j ACCEPT

    and im guessing its to be forward on but shouldnt i be dropping the rest ?

    im very new to this iptables, and trying to learn.

    cheers aron.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •