Linux Help
guides forums blogs
Home Desktops Distributions ISO Images Logos Newbies Reviews Software Support & Resources Linuxhelp Wiki

Welcome Guest ( Log In | Register )



Advanced DNS Management
New ZoneEdit. New Managment.

FREE DNS Is Back

Sign Up Now
 
Reply to this topicStart new topic
> How to configure iptables?, A newbie needs help
rij
post Apr 24 2009, 01:03 PM
Post #1


Whats this Lie-nix Thing?
*

Group: Members
Posts: 3
Joined: 20-April 09
Member No.: 14,412



Hello folks,

I am having a problem understanding and configuring iptables and I was hoping someone would help me out.

I have 2 machines: A with ip 10.10.X.X and B with ip 10.10.X.X

I am running a simple UDP server on A and a simple UDP client on B. However, nothing was beig sent from B to A. From reading online, I understood that iptables is probably creating a problem.
So as a first check, I stopped the service by typing: service iptables stop
My client server app then ran just fine.

So now, instead of completely dropping the iptable, I wanted to add some rules to it so that all communication between all machines in this network (only) is accepted.

Initially, I added the following to the input and output chain of both machines.
iptables -A INPUT -j ACCEPT -p all -s 10.10.20.0/24 -i eth0
iptables -A OUTPUT -j ACCEPT -p all -s 10.10.20.0/24 -i eth0

My C/S app did not work.

So I searched on this forum and I noticed a previous discussion where it was suggested that the rule might have been added to the wrong chain and instead FORWARD might be the correct one.

So I restarted my iptables (as I believe that starts the original script and discards any change that I might have made from the comand line -- Please correct me if I am wrong).
Then I added:
iptables -A FORWARD -j ACCEPT -p all -s 10.10.20.0/24 -i eth0

Still it doesn't work.

I have included the two tables as shown by:service iptables status.

Please, provide some insight.

=================================================================
after adding FORWARD

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 10.10.20.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

=================================================================
This is the original:

Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
num target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
3 ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
5 ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
6 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
8 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
9 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
10 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Go to the top of the page
 
+Quote Post
michaelk
post Apr 24 2009, 05:11 PM
Post #2


Its GNU/Linuxhelp.net
*******

Group: Support Specialist
Posts: 1,797
Joined: 23-January 03
Member No.: 360



If would of been nice if you had replied to your original thread your results to keep the continuity in one place instead of starting a new one.

What version of RH are you running?

You need to specify the port you are using. In your existing firewall rules i.e. 631 is cups and 22 is SSH.

iptables -A RH-Firewall-1-INPUT -p all --dport XXXX -s 10.10.20.0/24 j ACCEPT (Where XXXX is the port # you are using in your application.)


Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 23rd October 2017 - 06:47 AM