Find the answer to your Linux question:
Results 1 to 6 of 6
Hey everybody. I am setting up iptables for the first time. I have an incomplete knowledge of what I am doing, but I have it mostly working. I have two ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie
    Join Date
    Aug 2005
    Location
    Sterling, VA
    Posts
    100

    IPTables Experts?


    Hey everybody. I am setting up iptables for the first time. I have an incomplete knowledge of what I am doing, but I have it mostly working. I have two problems of note.

    1) I can't establish outgoing connections. For example, sendmail won't work and I can't ping anything.
    2) When I ssh to the machine (or scp, whatever), it takes at least 10 seconds for it to prompt me with the password. After that it works fine.

    Here is my results of iptables-save. Oh, and I'm using debian linux, if that matters (ubuntu).

    # Generated by iptables-save v1.3.1 on Sun Jan 15 13:54:41 2006
    *filter
    :INPUT ACCEPT [322:122977]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [3395:1737145]
    -A INPUT -p tcp -m iprange --src-range 192.168.1.100-192.168.1.110 -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -s 127.0.0.1 -j ACCEPT
    -A INPUT -d 192.168.1.254 -j DROP
    COMMIT
    # Completed on Sun Jan 15 13:54:41 2006

    What am I missing? Does anything there look wrong?

    Thanks,
    - EndianX -

  2. #2
    Just Joined!
    Join Date
    Jan 2006
    Posts
    77
    that output accept should be [0:0] i guess. that's probably why you can't ping out.

  3. #3
    Just Joined!
    Join Date
    Jan 2006
    Posts
    5

    Generated IPTables scripts...

    It does look a bit of a mess, post what you want you to block or forward with your iptables version and if I get time (sry) I'll put together a commented script for you.

    if you want to write your own look at http://iptables-tutorial.frozentux.n...-tutorial.html its easier than you think to crite a nice little firewall...

    Andy H
    www.ictsc.com

  4. #4
    Linux Newbie
    Join Date
    Aug 2005
    Location
    Sterling, VA
    Posts
    100
    Thank you marlowe, I will try that.

    And thank you for the link ajehals. That is actually what I had used to make what I did, though like I said, I don't completely understand the process yet.

    Basically what I want is to accept connections from 80 and 22 from the outside. Accept connections from any ip between 192.168.1.100 and 192.168.1.110. Accept related and established connections. And of course connections from localhost. Other than those exceptions, I want to drop everything.

    A commented example of that would be extremely helpful. I learn far better by example.

    Thank you,
    - EndianX -

  5. #5
    Linux Newbie
    Join Date
    Aug 2005
    Location
    Sterling, VA
    Posts
    100
    Alright, well using webmin I got it working perfectly I think.

    The one problem I have left is I lose my settings on reboot. I made a script that restores the settings and placed it in /etc/init.d. Now I am fairly new to linux, but I thought that would work and it didn't.

    What need I do to restore these iptables settings (using iptables-save and iptables-restore I guess) on reboot.

    Thanks,
    - EndianX -

  6. #6
    Linux Newbie
    Join Date
    Aug 2005
    Location
    Sterling, VA
    Posts
    100
    I'm back again.

    I finally got this working. Really I just needed to understand the linux boot process better.

    I just needed a symbolic link called /etc/rc2.d/S20iptables and my script ran and my tables are restored.
    - EndianX -

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •