LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-01-2003, 08:55 PM   #1
FlyingMoose
LQ Newbie
 
Registered: Mar 2003
Posts: 19

Rep: Reputation: 0
Quick iptables question...


Ok, I want to use rsync, but I want to be the only one allowed in. So, I do this:

iptables -A INPUT -p tcp --dport rsync -s ! 1.2.3.4 -j REJECT

my thinking is that this will add a rule, where if a packet is going to the rsync port, and did not come from my IP (1.2.3.4), it will be rejected. However, this rejects ALL packets, whether from my IP or not.

iptables -L gives the following:

Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- !alb-24-92-43-34.nycap.rr.com anywhere tcp dpt:rsync reject-with icmp-port-unreachable

If it matters, I'm using Debian woody r1 with the 2.4bf kernel, upgraded to the newest version (2.4.18-bf2.4). Thanks.
 
Old 08-01-2003, 09:56 PM   #2
Corin
Member
 
Registered: Jul 2003
Location: Jette, Brussels Hoofstedelijk Gewest
Distribution: Debian sid, RedHat 9, Suse 8.2
Posts: 446

Rep: Reputation: 30
To see exactly what is happening, try this

${IPTABLES} -t filter -N LOG_RSYNC 2> /dev/null
${IPTABLES} -t filter -F LOG_RSYNC
${IPTABLES} -t filter -A LOG_RSYNC -j LOG --log-level 6 --log-prefix "iptables +RSYNC+ : " -m limit --limit 10/min
${IPTABLES} -t filter -A LOG_RSYNC -j DROP

${IPTABLES} -A INPUT -p tcp --dport rsync -s ! 1.2.3.4 -j LOG_RSYNC

then do a

tail -f /var/log/kern.log

(assuming log level 6 points to kern.log on your syslog configuration)

and try rsyncing

Does the rsync server use TCP wrappers?

If it does then you need to worry about hosts.allow entries.
 
Old 08-01-2003, 11:35 PM   #3
FlyingMoose
LQ Newbie
 
Registered: Mar 2003
Posts: 19

Original Poster
Rep: Reputation: 0
Nevermind, I'm stupid... I assumed that my reverse DNS had my real IP in it (I have a dynamic IP) but it was incorrect. Sorry to bother ya.

Last edited by FlyingMoose; 08-01-2003 at 11:44 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Quick iptables Question... Darvocet Linux - Software 2 06-02-2005 01:35 PM
iptables syntax quick question abcampa Linux - Security 1 05-03-2005 08:03 AM
quick iptables question peok Linux - Networking 6 11-11-2003 02:34 PM
Quick Iptables question moger Linux - General 1 01-01-2003 02:23 PM
Quick Q's on IPTables/Masq tarballed Linux - Security 5 12-15-2002 05:47 AM


All times are GMT -5. The time now is 05:06 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration