Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Sanity check... My machine is sitting behind a router that forwards all HTTP,HTTPS,and SSH requests to my server. I'm also running a MySQL database, CUPS, and SENDMAIL but those work locally on the server so there is no need for the router to forward those requests. Because these services are working locally I don't think it is necessary to define them in the "TCP rules" section below. I need a good pair of eyes to look at this one since I am an iptables newbie. Also what is the difference between iptables and ip6tables?
# IPTables Script
# (1) Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
# (2) User-Defined chain for ACCEPTed TCP packets
iptables -N okay
iptables -A okay -p TCP --syn -j ACCEPT
iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A okay -p TCP -j DROP
# (3) INPUT chain rules
# Rules for incoming packets from the LAN
iptables -A INPUT -p ALL -i eth0 -s 192.168.0.0/8 -j ACCEPT
# Packets for established connections
iptables -A INPUT -p ALL -d 192.168.0.100 -m state --state ESTABLISHED,RELATED -j ACCEPT
# (4) OUTPUT chain rules
# Only output packets with local addresses (no spoofing)
iptables -A OUTPUT -p ALL -s 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -p ALL -s 192.168.0.100 -j ACCEPT
iptables -A OUTPUT -p ALL -s 220.127.116.11 -j ACCEPT
1) Your router is on the network 192.168.0.0/8, so by accepting all traffic from that network, you are accepting all traffic from the router also and hence, all traffic from the internet. This of course assumes your router is on eth0.
Well the routers public IP address is the one given to me by my ISP. Its something like 18.104.22.168 . From the LAN the routers IP is 192.168.0.1 . I see what you are saying. Isn't this how I want it setup though. It does allow everything from the router in but then it runs through the rest of the rules doesn't it check to make sure that they are valid requests to the server?