allow telnet from one ip segment

[sskraju]

Hi

I'm new to linux.I want to allow only ip segment(212.154.75.0/24) to telnet the server(RHEL-7.3).How this can be done using iptables?

In the server i gave this command:

# iptables -I FORWARD -s 212.154.75.0/24 -p tcp --dport 23 -j ACCEPT

output is

0 0 ACCEPT tcp -- * * 212.154.75.0/24 0.0.0.0/0 tcp dpt:23

shud i restart iptables...if so how??

or

shud I make changes in /etc/hosts.allow as:

in.telnetd:212.154.75.0/255.255.255.0

I tried this..still unable to telnet

shud I restart telnet/iptables..Plz guide me

thnx
raju

[syd05]

Hi,


Still unable to telnet? Means your not able to telnet from the subnet you've set an ACCEPT rule for?

Also, if the system on which you are entering the iptables rules is the destination telnet server then you need to use the INPUT chain, not the FORWARD chain. The rule changes to

Code:

iptables -I INPUT -s 212.154.75.0/24 -p tcp --dport 23 -j ACCEPT

If the above does not work then provide the output of the command

Code:

iptable -L -v

If you enter the command in the CLI prompt then you need not restart iptables. The rules take effect immediately

-Syd

[scathefire]

but if you really wanted to know how to restart iptables, I use:

Code:

service iptables restart

ran as root, of course or:

Code:

/etc/init.d/iptables restart

if you want to empty your rulebase use:

Code:

iptables --flush

but be careful, most systems are set to go to a default drop policy if you just run --flush. one would look rather silly being locked out by their own firewall with this method.

[Lazydog]

When you say "unable to telnet" what is the message you are getting? Could be that you do not have telnetd running and/or installed on the system you are trying to get to.