LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-22-2009, 06:24 AM   #1
lomaree
Member
 
Registered: May 2003
Location: Qatar
Distribution: Suse
Posts: 60

Rep: Reputation: 15
ip tables in fedora core 5


hi all,

well I have prepared a simply web server running Apache and I am interested in setting up a firewall which will block all outside access to this server except for port 80 traffic..

can anybody help me in this setup, i will really apperciate

thanks in advance
 
Old 01-22-2009, 06:27 AM   #2
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,631

Rep: Reputation: Disabled
What help do you need? Do you need the iptables script?
You could use something like this;

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j REJECT
 
Old 01-22-2009, 04:59 PM   #3
lazlow
Senior Member
 
Registered: Jan 2006
Posts: 4,363

Rep: Reputation: 172Reputation: 172
You may want to rethink using FC5 as a web server. It has not had any updates (of any kind) for a few years. Fedora is currently on Fedora 10(just to give you an idea how far you are behind). You may want to consider Centos 5 instead. Centos is RHEL(Red Hat Enterprise Linux) with the logos removed. It is free to download/update (unlike RHEL) and has a five year support life(as opposed to Fedora's 13month support life). Centos 5 was based on FC6 so it will "feel" reasonably close to FC5.
 
Old 01-23-2009, 02:57 AM   #4
lomaree
Member
 
Registered: May 2003
Location: Qatar
Distribution: Suse
Posts: 60

Original Poster
Rep: Reputation: 15
thanks for the input, basically if there is any scripts it would help alot because I really don't know iptables and ipchains so well, I mean I can work but not an expert.

also I'll try downloading the centos 5.2 which is the lastest release and in the mean time if anyone can help me build iptables and ipchains firewall it would be great, previously I had used aron-iptables-firwall but in that scenario I was doing NAT and was using the machine as gateway for small workgroup. But in this case there is no NAT & no gateway, just a simple firewall to block all outside access on it expect for port 80 which is the webserver.

Thanks in advance
 
Old 01-23-2009, 04:34 AM   #5
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,631

Rep: Reputation: Disabled
Try the two iptables commands that I gave in the previous post #2. Look if they are what you need. You do not say much and do not give information on what you have tried.
On the basis of what you have said you need those two will deny access to all the ports other than 80. You could add another rule to make the default rule for INPUT chain to DROP.

iptables -A INPUT -P DROP
 
Old 01-23-2009, 05:05 AM   #6
lomaree
Member
 
Registered: May 2003
Location: Qatar
Distribution: Suse
Posts: 60

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by linuxlover.chaitanya View Post
What help do you need? Do you need the iptables script?
You could use something like this;

iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -j REJECT
Thanks, just a quick question, if i do what you told me to do, it will not stop my remote connection to the machine rite which in this case is ssh.
 
Old 01-23-2009, 05:20 AM   #7
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,631

Rep: Reputation: Disabled
It will. You will need to open ssh port either through tcpwrappers or iptables.
If you want ssh port to be open for your machine you will need to add another online rule

iptables -A INPUT -s youipaddress --dport 22 -j ACCEPT

or you can add a line in /etc/hosts.allow
sshd:<youripaddress>

Edit:

But make sure that you insert all the rules before DROP. Otherwise they wont work.

Last edited by linuxlover.chaitanya; 01-23-2009 at 05:21 AM.
 
Old 01-23-2009, 05:50 AM   #8
lomaree
Member
 
Registered: May 2003
Location: Qatar
Distribution: Suse
Posts: 60

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by linuxlover.chaitanya View Post
It will. You will need to open ssh port either through tcpwrappers or iptables.
If you want ssh port to be open for your machine you will need to add another online rule

iptables -A INPUT -s youipaddress --dport 22 -j ACCEPT

or you can add a line in /etc/hosts.allow
sshd:<youripaddress>

Edit:

But make sure that you insert all the rules before DROP. Otherwise they wont work.
I tired that above iptables and i got this error

Bad argument `22'
Try `iptables -h' or 'iptables --help' for more information.
 
Old 01-23-2009, 05:59 AM   #9
lomaree
Member
 
Registered: May 2003
Location: Qatar
Distribution: Suse
Posts: 60

Original Poster
Rep: Reputation: 15
I have put the entries in hosts.allow file and also did the port 80 using iptables, but another small question, won't I have to restart some services in order to get the new iptables to work or they will automatically become active
 
Old 01-23-2009, 06:49 AM   #10
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,631

Rep: Reputation: Disabled
No they wont automatically reload new rules. You will need to save new rules and reload iptables. Man iptables for any information.
I forgot one parameter there -d yourserveraddress.

iptables -A INPUT -s youripaddress -d yourserveraddress --dport 22 -j ACCEPT
 
Old 01-23-2009, 07:25 AM   #11
osamaensyviswinkel
LQ Newbie
 
Registered: Sep 2007
Location: Stellenbosch, South Africa
Distribution: Ubuntu 12.10 at home, Mac OS X on laptop
Posts: 20

Rep: Reputation: 0
You may want to have a look at the following link: http://iptables-tutorial.frozentux.n...-tutorial.html - been a while since I looked at it, but I remember it did come in handy in the past.
 
Old 01-23-2009, 08:11 AM   #12
lomaree
Member
 
Registered: May 2003
Location: Qatar
Distribution: Suse
Posts: 60

Original Poster
Rep: Reputation: 15
iptables v1.3.5: Unknown arg `--dport'
Try `iptables -h' or 'iptables --help' for more information

same error message.... :S

also these iptables will not stop this machine to communicate with other machines on e.g. port 53 DNS for query .
 
Old 01-23-2009, 11:00 PM   #13
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,631

Rep: Reputation: Disabled
man iptables is what you need. By default you should not have problems contacting your dns.
 
Old 01-24-2009, 12:38 AM   #14
lomaree
Member
 
Registered: May 2003
Location: Qatar
Distribution: Suse
Posts: 60

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by linuxlover.chaitanya View Post
man iptables is what you need. By default you should not have problems contacting your dns.
what do you mean by the above quoted statement.. because I have iptables..is there something wrong with it or what ?
 
Old 01-24-2009, 12:49 AM   #15
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Gurgaon, India
Distribution: Cent OS 6/7
Posts: 4,631

Rep: Reputation: Disabled
see the man page for iptables why --dport option is giving error.

Edit:

This script will do what you want. Allow ssh traffic but deny other. So you will need to edit it to allow port 80 as well.

http://www.cyberciti.biz/tips/linux-...allow-ssh.html

Last edited by linuxlover.chaitanya; 01-24-2009 at 12:52 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
No Video bios modes for chosen depth in Fedora Core 6 in Fedora Core 6 bubus_world Fedora - Installation 3 10-20-2008 10:30 AM
How can i open the foxpro forms & tables in fedora ? ceramic Linux - Newbie 1 07-16-2008 12:43 PM
Setup Fedora core 3 & Redhat 7.2 software development environment under Fedora core 5 powah Fedora 1 06-16-2006 10:25 AM
Upgrade Fedora Core 4 (FC4) to Fedora Core 5 (FC5) hangs vogelap Fedora - Installation 10 05-22-2006 09:00 AM
Fedora 3/winXP corrupted partition tables frankinmerth Linux - Newbie 4 04-13-2005 04:06 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration