- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- Re: IPTABLES
Operating System - Linux
1752800
Members
5585
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2007 10:12 PM
тАО06-11-2007 10:12 PM
Re: IPTABLES
What's your OUTPUT chain look like?
One long-haired git at your service...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-11-2007 11:55 PM
тАО06-11-2007 11:55 PM
Re: IPTABLES
Shalom,
This is tough to learn, espcially in a hurry. It literally took me years to learn the subtlties here. Take a look at my past questions.
Firestarter has a GUI, you point you click you have a firewall. I really recommend it for beginners.
SEP
This is tough to learn, espcially in a hurry. It literally took me years to learn the subtlties here. Take a look at my past questions.
Firestarter has a GUI, you point you click you have a firewall. I really recommend it for beginners.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2007 12:52 AM
тАО06-12-2007 12:52 AM
Re: IPTABLES
The server is in remote location.
I don't have graphic environment.
I've partialy solved the problem.
The thing is you have to spicify the interface -i eth0 (but the rea server has eth0 + eth0:0). Then on testng machine everythink works fine.But not at the real server. Problem with eth0:0?
real server iptables - webpage blocked,ssh-ok,ping-ok
==========================================
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
ACCEPT tcp -- 81.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state RELATED,ESTABLISHED
ACCEPT tcp -- 81.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state NEW
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
==========================================
On the testing machine I have apache instaled and several rules in iptables:
testing machine - everything works fine
==========================================
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
Everythink works fine.
The only one difference betwen those machines is the virtual (eth0:0) interface on the web server.
I can ping it,ssh is working but I can't open the webpage.
I have to do that with iptables
Thanks
I don't have graphic environment.
I've partialy solved the problem.
The thing is you have to spicify the interface -i eth0 (but the rea server has eth0 + eth0:0). Then on testng machine everythink works fine.But not at the real server. Problem with eth0:0?
real server iptables - webpage blocked,ssh-ok,ping-ok
==========================================
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
ACCEPT tcp -- 81.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state RELATED,ESTABLISHED
ACCEPT tcp -- 81.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state RELATED,ESTABLISHED
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state NEW
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
==========================================
On the testing machine I have apache instaled and several rules in iptables:
testing machine - everything works fine
==========================================
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 state NEW
Everythink works fine.
The only one difference betwen those machines is the virtual (eth0:0) interface on the web server.
I can ping it,ssh is working but I can't open the webpage.
I have to do that with iptables
Thanks
Jesus is the King
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2007 12:57 AM
тАО06-12-2007 12:57 AM
Re: IPTABLES
Chain OUTPUT (policy ACCEPT 181 packets, 13459 bytes)
pkts bytes target prot opt in out source destination
987K 522M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
96M 131G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
pkts bytes target prot opt in out source destination
987K 522M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
96M 131G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED
Jesus is the King
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2007 05:38 AM
тАО06-12-2007 05:38 AM
Re: IPTABLES
Finaly it works:
Chain INPUT (policy DROP 443 packets, 52393 bytes)
num pkts bytes target prot opt in out source destination
1 5009 1448K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 1685 365K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state RELATED,ESTABLISHED
4 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
5 2083 161K ACCEPT tcp -- eth0 * 81.150.xxx.xxx 217.174.xxx.xxx tcp dpt:22 state RELATED,ESTABLISHED
6 4 192 ACCEPT tcp -- eth0 * 81.150.xxx.xxx 217.174.xxx.xxx tcp dpt:22 state NEW
7 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state RELATED,ESTABLISHED
8 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
9 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state RELATED,ESTABLISHED
10 1 71 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
11 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state RELATED,ESTABLISHED
12 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
13 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state RELATED,ESTABLISHED
14 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW
15 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state RELATED,ESTABLISHED
16 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state NEW
17 17 1292 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
18 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW
19 188K 12M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state RELATED,ESTABLISHED
20 356 21360 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW
21 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state RELATED,ESTABLISHED
22 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state NEW
23 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state RELATED,ESTABLISHED
24 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state NEW
25 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state RELATED,ESTABLISHED
26 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state NEW
27 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state RELATED,ESTABLISHED
28 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state NEW
29 0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
30 4527 272K ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW
31 0 0 ACCEPT tcp -- eth0 * 217.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state RELATED,ESTABLISHED
32 0 0 ACCEPT tcp -- eth0 * 217.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state NEW
Chain INPUT (policy DROP 443 packets, 52393 bytes)
num pkts bytes target prot opt in out source destination
1 5009 1448K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 1685 365K ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
3 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state RELATED,ESTABLISHED
4 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW
5 2083 161K ACCEPT tcp -- eth0 * 81.150.xxx.xxx 217.174.xxx.xxx tcp dpt:22 state RELATED,ESTABLISHED
6 4 192 ACCEPT tcp -- eth0 * 81.150.xxx.xxx 217.174.xxx.xxx tcp dpt:22 state NEW
7 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state RELATED,ESTABLISHED
8 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW
9 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state RELATED,ESTABLISHED
10 1 71 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 state NEW
11 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state RELATED,ESTABLISHED
12 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 state NEW
13 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state RELATED,ESTABLISHED
14 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 state NEW
15 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state RELATED,ESTABLISHED
16 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:110 state NEW
17 17 1292 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
18 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state NEW
19 188K 12M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state RELATED,ESTABLISHED
20 356 21360 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306 state NEW
21 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state RELATED,ESTABLISHED
22 0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:3306 state NEW
23 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state RELATED,ESTABLISHED
24 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5555 state NEW
25 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state RELATED,ESTABLISHED
26 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8002 state NEW
27 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state RELATED,ESTABLISHED
28 0 0 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:9001 state NEW
29 0 0 ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
30 4527 272K ACCEPT icmp -- eth0 * 0.0.0.0/0 0.0.0.0/0 state NEW
31 0 0 ACCEPT tcp -- eth0 * 217.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state RELATED,ESTABLISHED
32 0 0 ACCEPT tcp -- eth0 * 217.xxx.xxx.xxx 217.xxx.xxx.xxx tcp dpt:22 state NEW
Jesus is the King
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-12-2007 05:43 AM
тАО06-12-2007 05:43 AM
Re: IPTABLES
closed
Jesus is the King
- « Previous
-
- 1
- 2
- Next »
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP