Find the answer to your Linux question:
Results 1 to 7 of 7
network2.jpg hi i need help with config iptables for g01 attached photo above.. On Router g01: Configure TCP Wrappers to allow ssh only from a list of specific nodes on ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2013
    Posts
    6

    iptables help!


    network2.jpg

    hi i need help with config iptables for g01 attached photo above..

    On Router g01:

    Configure TCP Wrappers to allow ssh only from a list of specific nodes on black. Include 10.3.1.1 in this list so that you can ssh to the gateway.??

    can anyone help me?
    Last edited by whatsup1234; 03-13-2013 at 09:57 PM.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    For traffic to pass through this device you nee to change your rules from INPUT to FORWARD
    INPUT means the traffic stops at this device
    OUTPUT means traffic originates from this device
    FORWARD means traffic passes through this device.

    One thing I would suggest is you not mix STATEFUL (as you have with your icmp rules) with CONNECTION (as you have with your ssh rules) based firewall rules.

    STATEFUL are rules that look at the connection state new, established and related
    CONNECTION are rules that only look at the ports 22, 80, 443, ect.

    I would suggest staying with STATEFUL rules.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3
    Just Joined!
    Join Date
    Mar 2013
    Posts
    6
    help anyone!

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    What are you looking for? I gave you what you needed to do and then you edit your original post and remove the rules you already had listed and post again for help.

    Here is a LINK to a TUTORIAL where you can learn IPTABLES.

    If you cannot understand what I stated above let me know.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #5
    Just Joined!
    Join Date
    Mar 2013
    Posts
    6
    this doesnt work yes i need help
    i only want the blue zone to ssh to the red zone. the red zone cant ssh back to blue zone

    on r01 Router
    Allow ssh from blue to red
    iptables -A INPUT -s 10.2.0.0/16 -p tcp --dport 22 -j accept
    iptables -A output -s 10.2.0.0/16 -p tcp --sport 22 -j accept

    Allow http from blue to red (required for patching)
    iptables -A INPUT -s 10.2.0.0/16 -p tcp --dport 80 -j accept
    iptables -A OUTPUT -s 10.2.0.0/16 -p tcp --sport 80 -j accept

    Allow pings both ways
    iptables -A INPUT -p icmp -d 0/0 -j ACCEPT
    iptables -A OUTPUT -p icmp -d 0/0 -j ACCEPT

    Allow nothing else
    iptables -A INPUT -j DROP

  7. #6
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    I explained in my first post the difference between INPUT, OUTPUT and FORWARD. You are going to have to change your rules from INPUT to FORWARD and also turn on forwarding on the system. You should also change your rules from connection to stateful. Here is a sample of what you need;

    Code:
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -A FORWARD -i eth1 -p tcp --dport 22 -m state --state NEW -j ACCEPT
    iptables -A FORWARD -j DROP
    The above rules will allow ssh from blue to red. See the tutorial in my second post to learn how to setup up your rules and what they do.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  8. #7
    Just Joined!
    Join Date
    Mar 2013
    Posts
    6
    no this doesn't work.. thanks anyways

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •