Bluehost.com Web Hosting $6.95

iptables

This is a discussion on iptables within the Linux Networking forums, part of the Linux Forums category; Hello, I am more or less new to Linux and my problem is with iptables! I wrote a file with ...


Go Back   Usenet Forums > Linux Forums > Linux Networking

Reload this Page iptables

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 01-04-2005
Bernd Roth
 
Posts: n/a
Default iptables
Hello,

I am more or less new to Linux and my problem is with iptables!

I wrote a file with the following iptables in it and linked it to
S03firewall.
There is running an apache 1.3 on the server!

iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A INPUT -p tcp --sport 80 --dport 1024: ! --syn -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 80 -j ACCEPT

However, when I reboot the server it isnīt possible to start the firewall
and apache isnīt able to show me the homepage!

Can someone tell me what I am doing wrong here?
Or can he/she gives me an iptablesscript where the ports 80, 110, 25, 22 are
reachable but the syn scan is deactivated?

Thanks very much!

Bernd


Reply With Quote
  #2 (permalink)  
Old 01-04-2005
Tobias Schenk
 
Posts: n/a
Default Re: iptables
On Tue, 04 Jan 2005 16:45:35 GMT, "Bernd Roth" <bernd@chello.at>
wrote:

>I wrote a file with the following iptables in it and linked it to
>S03firewall.
>There is running an apache 1.3 on the server!
>
>iptables -F
>iptables -P INPUT DROP
>iptables -P OUTPUT DROP
>
>iptables -A INPUT -p tcp --sport 80 --dport 1024: ! --syn -j ACCEPT
>iptables -A OUTPUT -p tcp --sport 1024: --dport 80 -j ACCEPT
You just swapped source and destination and I would leave out the syn
statement.

BTW: Even swapped I hope these are not the only rules. If so, your box
can do no networking part from answering http request. No DNS for
example.

>However, when I reboot the server it isnīt possible to start the firewall
Sure. Can you see the rules using iptables -L ?
>and apache isnīt able to show me the homepage!
Should be clear now.

>Or can he/she gives me an iptablesscript where the ports 80, 110, 25, 22 are
Dont innovate, imitate.

>reachable but the syn scan is deactivated?
Google around for rule sets concerning scanning and blocking. There
are many sohpisticated ones out there.

HTH,

Tobias

Reply With Quote
  #3 (permalink)  
Old 01-05-2005
Doug Mitton
 
Posts: n/a
Default Re: iptables
"Bernd Roth" <bernd@chello.at> wrote:

>Hello,
>
>I am more or less new to Linux and my problem is with iptables!
>
>I wrote a file with the following iptables in it and linked it to
>S03firewall.
>There is running an apache 1.3 on the server!
>
>iptables -F
>iptables -P INPUT DROP
>iptables -P OUTPUT DROP
>
>iptables -A INPUT -p tcp --sport 80 --dport 1024: ! --syn -j ACCEPT
>iptables -A OUTPUT -p tcp --sport 1024: --dport 80 -j ACCEPT
>
>However, when I reboot the server it isnīt possible to start the firewall
>and apache isnīt able to show me the homepage!
>
>Can someone tell me what I am doing wrong here?
>Or can he/she gives me an iptablesscript where the ports 80, 110, 25, 22 are
>reachable but the syn scan is deactivated?
>
>Thanks very much!
>
>Bernd

I've been using a (somewhat modified) script from the Sept, 2001 (Iss
89) Pages 64-72 Listing 2 downloadable from
ftp://ftp.ssc.com/pub/lj/listings/issue89/4815.tgz

It is fairly basic BUT easily updated and is quite understandable.

--
------------------------------------------------
http://www3.sympatico.ca/dmitton
SPAM Reduction: Remove "x." from my domain.
------------------------------------------------
Reply With Quote
  #4 (permalink)  
Old 01-05-2005
Bernd Roth
 
Posts: n/a
Default Re: iptables
Sorry,

but I donīt know what to do with the iptables -L command?

Where do I have to put it exactly?

Sorry, but I am not very good in the iptables, though I try to learn!

Thx,

Bernd


"Tobias Schenk" <schenk_remove_this_@physik.tu-berlin.de> schrieb im
Newsbeitrag news:nrtlt0djjtp3724dhodgqjbj9lum6c6do2@4ax.com...
> On Tue, 04 Jan 2005 16:45:35 GMT, "Bernd Roth" <bernd@chello.at>
> wrote:
>
>>I wrote a file with the following iptables in it and linked it to
>>S03firewall.
>>There is running an apache 1.3 on the server!
>>
>>iptables -F
>>iptables -P INPUT DROP
>>iptables -P OUTPUT DROP
>>
>>iptables -A INPUT -p tcp --sport 80 --dport 1024: ! --syn -j ACCEPT
>>iptables -A OUTPUT -p tcp --sport 1024: --dport 80 -j ACCEPT
> You just swapped source and destination and I would leave out the syn
> statement.
>
> BTW: Even swapped I hope these are not the only rules. If so, your box
> can do no networking part from answering http request. No DNS for
> example.
>
>>However, when I reboot the server it isnīt possible to start the firewall
> Sure. Can you see the rules using iptables -L ?
>>and apache isnīt able to show me the homepage!
> Should be clear now.
>
>>Or can he/she gives me an iptablesscript where the ports 80, 110, 25, 22
>>are
> Dont innovate, imitate.
>
>>reachable but the syn scan is deactivated?
> Google around for rule sets concerning scanning and blocking. There
> are many sohpisticated ones out there.
>
> HTH,
>
> Tobias
>


Reply With Quote
  #5 (permalink)  
Old 01-05-2005
H. S.
 
Posts: n/a
Default Re: iptables
Apparently, _Bernd Roth_, on 05/01/05 10:03,typed:
> Sorry,
>
> but I donīt know what to do with the iptables -L command?
>
> Where do I have to put it exactly?


1. Open a terminal (xterm, gnome-terminal, etc.)
2. Become root.
3. Give the command("#>" means root prompt here):
#> iptables -nvL

This will list your iptables rules currently in place. Do:
#> man iptables

for meaning of the options.



->HS

--
Please remove the underscores ( the '_' symbols) from my email address
to obtain the correct one. Apologies, but the fudging is to remove spam.
Reply With Quote
  #6 (permalink)  
Old 01-16-2005
Jose Maria Lopez Hernandez
 
Posts: n/a
Default Re: iptables
Bernd Roth wrote:
> Hello,
>
> I am more or less new to Linux and my problem is with iptables!
>
> I wrote a file with the following iptables in it and linked it to
> S03firewall.
> There is running an apache 1.3 on the server!
>
> iptables -F
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
>
> iptables -A INPUT -p tcp --sport 80 --dport 1024: ! --syn -j ACCEPT
> iptables -A OUTPUT -p tcp --sport 1024: --dport 80 -j ACCEPT
>
> However, when I reboot the server it isnīt possible to start the firewall
> and apache isnīt able to show me the homepage!
>
> Can someone tell me what I am doing wrong here?
> Or can he/she gives me an iptablesscript where the ports 80, 110, 25, 22 are
> reachable but the syn scan is deactivated?
>
> Thanks very much!
>
> Bernd

You can try, if you want, our bastion-firewall GPL firewall, it's very
easy to configure it with config files and it does all you want and
more. It generates scripts that you can edit.

You can also build your own script using fwbuilder (a very powerful
program) or use firestarter or another of the usual firewalls.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAŅA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"
Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On




All times are GMT +1. The time now is 01:50 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0