|
Home > Archive > Red Hat Networking > January 2004 > Opening ports in an IPtables firewall
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Opening ports in an IPtables firewall
|
|
| Morgan Sales 2004-01-23, 7:35 pm |
| Hello folks, I've just started dabbling with Linux(RedHat 8.0) networking,
trying to teach myself the basics. However I'm having trouble with my
firewall. going through the howtos and some web pages I've worked out that
this makes a functional firewall and NAT:
iptables -N block
iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
iptables -A block -j DROP
iptables -A INPUT -j block
iptables -A FORWARD -j block
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
when I save off the iptable eveything works fine.
However I can't work out how to open a port.
I'm trying to open TCP port 4662(inbound) to any IP address. Can anyone
tell how I might do this.
My iptables file looks like this:
---------------------------------------------------
# Generated by iptables-save v1.2.6a on Mon Aug 4 19:34:32 2003
*natquote:
> PREROUTING ACCEPT [473:42295]
> POSTROUTING ACCEPT [80:10462]
> OUTPUT ACCEPT [1238:63295]
[1249:57305] -A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Aug 4 19:34:32 2003
# Generated by iptables-save v1.2.6a on Mon Aug 4 19:34:32 2003
*filterquote:
> INPUT ACCEPT [176:30771]
> FORWARD ACCEPT [0:0]
> OUTPUT ACCEPT [11817:2852225]
> block - [0:0]
[12699:9285652] -A INPUT -j block
[1896:800733] -A FORWARD -j block
[13498:9970655] -A block -m state --state RELATED,ESTABLISHED -j ACCEPT
[839:74872] -A block -i ! eth0 -m state --state NEW -j ACCEPT
[258:40858] -A block -j DROP
COMMIT
# Completed on Mon Aug 4 19:34:32 2003
-------------------------------------------------------------
Any help would be much appreciated.
Thanks
--
Morgan.
----
* You see in this world there's 10 kinds of people my friend, those who
understand binary, and those who don't.
Mail: Morgan.Sales@ntlworld.com
Webpage: http://homepage.ntlworld.com/msales
| |
| Alexander Dalloz 2004-01-23, 7:35 pm |
| Morgan Sales <msalesDIESPAMMER@ntlworld.com> wrote:
quote:
> Hello folks, I've just started dabbling with Linux(RedHat 8.0) networking,
> trying to teach myself the basics. However I'm having trouble with my
> firewall. going through the howtos and some web pages I've worked out that
> this makes a functional firewall and NAT:
>
> iptables -N block
> iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A block -m state --state NEW -i ! eth0 -j ACCEPT
at this point before jumping to block you need to insert:
iptables -A INPUT -p tcp --d-port 4662 -j ACCEPT
quote:
> iptables -A block -j DROP
> iptables -A INPUT -j block
> iptables -A FORWARD -j block
> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
>
> when I save off the iptable eveything works fine.
>
> However I can't work out how to open a port.
>
> I'm trying to open TCP port 4662(inbound) to any IP address. Can anyone
> tell how I might do this.
>
> My iptables file looks like this:
> ---------------------------------------------------
> # Generated by iptables-save v1.2.6a on Mon Aug 4 19:34:32 2003
> *nat
> [1249:57305] -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Mon Aug 4 19:34:32 2003
> # Generated by iptables-save v1.2.6a on Mon Aug 4 19:34:32 2003
> *filter
> [12699:9285652] -A INPUT -j block
> [1896:800733] -A FORWARD -j block
> [13498:9970655] -A block -m state --state RELATED,ESTABLISHED -j ACCEPT
> [839:74872] -A block -i ! eth0 -m state --state NEW -j ACCEPT
> [258:40858] -A block -j DROP
> COMMIT
> # Completed on Mon Aug 4 19:34:32 2003
> -------------------------------------------------------------
>
> Any help would be much appreciated.
> Thanks
>
> --
> Morgan.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
| |
| Morgan Sales 2004-01-23, 7:35 pm |
| Alexander Dalloz wrote:quote:
> Morgan Sales <msalesDIESPAMMER@ntlworld.com> wrote:
>
>
> at this point before jumping to block you need to insert:
>
> iptables -A INPUT -p tcp --d-port 4662 -j ACCEPT
Thanks.
--
Morgan.
----
* "Can you send me a copy of your Visual Basic assignment?" "Yeh, as soon as
I've finished downloading it of the net" :- Steve Reading.
Mail: Morgan.Sales@ntlworld.com
Webpage: http://homepage.ntlworld.com/msales
|
|
|
|
|