Help needed for IPTABLES

Mailing List

Home

Linux - General Red Hat Linux discussion list

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Installation - Getting started with Red Hat Linux

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Red Hat Linux 8.0 - Discussion of Red Hat Linux 8.0 (Psyche)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.1 - Discussion of Red Hat Linux 7.1 (Seawolf)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	X Windows problem (xauth)
•	Upgrading openoffice 1 1 rpm
•	FTP: connection refused
•	FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	broadcom network interface
•	make mrproper
•	sendmail configuration on redhat
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	Promise 378 controller
•	kernel 2 6 and /dev/sound/mixer not found
•	Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	Lotus Notes under Wine
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	Command stream end of file while reading
•	rpm database corrupt
•	qla2300 modules

Help needed for IPTABLES

Help needed for IPTABLES

2004-02-05 - By Grinberg, Hari

Back

Reply: 1 2 3

All experts Hi,

I try to secure a RedHat ES 3.0
I have two NIC 's etho and eth1.

I want to at the begging to drop everything on eth0 and accept only what i need like SSH.

I use this rules

iptables -A INPUT -i lo -p all -j ACCEPT
iptables -A OUTPUT -o lo -p all -j ACCEPT
iptables -A INPUT -i eth0 -m state --state ESTABLISH, RELATED -j ACCEPT

for dropping all connection i use this rule

iptables -A INPUT -i eth0 -p tcp --tcp-option ! 2 REJECT --reject-with tcp-reset

for accepting i use this rule

iptables -A INPUT -p tcp -i eth0 --dport 22 -j ACCEPT

basically i stop all connection but it effect booth eth0 and eth1
and for port 22 i can 't connect , surprise when i run iptables -L -v i get as SSH connection was accepted.

at the same time i found that the output connection like internet do not work.

i need help on this issue.

Thanks
Hari

***********************************************************************************
Information contained in this email message is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the postmaster@(protected) and destroy the original message.
***********************************************************************************

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN " >
<HTML > <HEAD >
<META HTTP-EQUIV= "Content-Type " CONTENT= "text/html; charset=iso-8859-1 " >

<META content= "MSHTML 6.00.2800.1276 " name=GENERATOR > </HEAD >
<BODY >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >All experts
Hi, </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN
class=875551317-05022004 > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >I try to secure a
RedHat ES 3.0 </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >I have two NIC 's
etho and eth1. </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN
class=875551317-05022004 > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >I want to at the
begging to drop everything on eth0 and accept only what i need like
SSH. </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN
class=875551317-05022004 > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >I use this
rules </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN
class=875551317-05022004 > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 >iptables -A INPUT -i
lo -p all -j ACCEPT </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >iptables -A OUTPUT -o lo -p all -j
ACCEPT </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >iptables -A INPUT -i eth0 -m state --state ESTABLISH,
RELATED -j ACCEPT </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >for dropping all connection i use this
rule </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 >iptables -A INPUT -i
eth0 -p tcp --tcp-option ! 2 REJECT --reject-with
tcp-reset </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 >for accepting i use this
rule </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >iptables -A INPUT -p tcp -i eth0 --dport 22 -j
ACCEPT </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >basically i stop all connection but it effect booth
eth0 and eth1 </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >and for port 22 i can 't connect , surprise when i
run iptables -L -v i get as SSH connection was
accepted. </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >at the same time i found that the output connection
like internet do not work. </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 >i need help on this
issue. </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=David size=2 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > <SPAN class=875551317-05022004 > <SPAN
class=875551317-05022004 > </SPAN > </SPAN > </SPAN > </SPAN > </FONT > </DIV >
<DIV > <FONT face=Arial > <FONT face=David size=2 > <SPAN
class=875551317-05022004 >Thanks </SPAN > </FONT > </FONT > </DIV >
<DIV > <FONT face=Arial > <FONT face=David size=2 > <SPAN
class=875551317-05022004 >Hari </SPAN > </FONT > </DIV > </FONT >
<DIV > </DIV >*********************************************************************************** <br >Information contained in this email message is intended only for use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the postmaster@(protected) and destroy the original message. <br >*********************************************************************************** </BODY > </HTML >