LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 06-21-2005, 03:55 AM   #1
Artik
Member
 
Registered: Apr 2005
Location: Israel
Distribution: Debian 3.1 Sarge, Ubuntu Breezy
Posts: 223

Rep: Reputation: 30
Open All Ports - iptables


Hello,

I'm using iptables in order to allow internet sharing from computer X (connected to internet with Router at eth0) to computer Y connected with X with coross-X cable at eth1.

For this I use following script
Code:
/sbin/iptables --flush
modprobe iptable_nat
echo 1 > /proc/sys/net/ipv4/ip_forward

/sbin/iptables -A INPUT -p udp --dport 4672 -j ACCEPT ## aMule UDP
/sbin/iptables -A INPUT -p tcp --dport 4662 -j ACCEPT ## aMule TCP
/sbin/iptables -A INPUT -p tcp --dport 21 -j ACCEPT ## FTP - Connection
/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT ## SSH

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -j LOG --log-level 4 --log-prefix "ATTACK"
/sbin/iptables -A INPUT -j DROP


/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
The script works well but it has side effect - adds additional firewall level and I have to open ports in it in order to work normally.

I have firewall enabled in Modem/Router and it protects my home network from unaothorized access. However I don't want to enable internal firewall between X and Y... I want free access to all ports on X from Y. I don't want to open firewall for every internal system like Samba, NFS, XPDCM etc...

How do I disable firwall protection in iptables?
 
Old 06-21-2005, 04:05 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
You make the firewall rules specific to the router interface eth0 so they don't effect eth1..
eg
/sbin/iptables -A INPUT -i eth0 -p udp --dport 4672 -j ACCEPT ## aMule UDP
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 4662 -j ACCEPT ## aMule TCP
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 21 -j ACCEPT ## FTP - Connection
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT ## SSH

/sbin/iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -j LOG --log-level 4 --log-prefix "ATTACK"
/sbin/iptables -A INPUT -i eth0 -j DROP

The last POSTROUTING rule is already being done by the previous POSTROUTING MASQUERADE rule, so is unnecessary.

Have a look at the tutorial at http://iptables-tutorial.frozentux.n...-tutorial.html

Last edited by peter_robb; 06-21-2005 at 04:11 AM.
 
Old 06-21-2005, 03:17 PM   #3
Artik
Member
 
Registered: Apr 2005
Location: Israel
Distribution: Debian 3.1 Sarge, Ubuntu Breezy
Posts: 223

Original Poster
Rep: Reputation: 30
It works!!!

Thanks a lot
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to open ports with iptables lsimon4180 Linux - Security 7 07-07-2014 02:06 PM
ports open with iptables saugato Linux - Security 3 04-19-2005 01:31 AM
open ports with iptables? vijaysh Linux - Networking 2 12-27-2004 06:54 AM
IPtables open ports Paul_assheton Linux - Security 3 10-10-2003 02:03 AM
Iptables: Open some ports! Abomm Linux - Networking 2 05-31-2002 01:49 AM


All times are GMT -5. The time now is 07:13 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration