allow remote connection
I would like to use iptables to set to allow a specific IP to access a server , what I would like to do is to allow any services to and from 192.168.0.0 with my server , could advise what I need to do is just to run the following command in the server , no need to do other things ? thanks
/sbin/iptables -A INPUT -p tcp -s 192.168.0.0 -j ACCEPT /sbin/iptables -A OUTPUT -p tcp -s 192.168.0.0 -j ACCEPT |
Not sure what iptables makes of it but I say it will miss a subnetmask try. 192.168.0.0./24 or 192.168.0.0/16 depending on your network.
Also have your policy set to drop Quote:
|
192.168.0.0 is not a specific IP number, it is a network.
It represents everything from 192.168.0.1 to 192.168.255.254. If you want a specific IP number you have to specify the IP number -something like 192.168.5.3. Using masking (such as 192.168.0.0/16), specifies the network 192.168.0.0 as they are equivalent. Specifying 192.160.0.0/24 is different, but it represents all hosts from 192.168.0.1 through 192.168.0.254. |
Quote:
Would advise why I need drop the connection by "iptables -P INPUT DROP" , "iptables -P OUTPUT DROP" ? if I add it , what will be happen ? thanks |
If you default the Policy to 'DROP' (a good idea), then you are whitelisting ie anything not explicitly 'allowed' will be dropped.
|
thats what recommended to make drop all as default and then explicitly allow whats needed.
and what type of connections you want to allow matters a lot if ssh then allow requests (in/out)coming from port 22 specifying source and destination IP. |
sorry , I have a bit do not understand the solution , may be I adjust something , what I would like to do is to control only allow a same subnet ( 10.168.1.0 ) of IP can access a server , could advise the simple thing that I need to do is the following , do I need to do something else ? thanks
/sbin/iptables -A INPUT -p tcp -s 10.168.1.0 -j ACCEPT /sbin/iptables -A OUTPUT -p tcp -s 10.168.1.0 -j ACCEPT |
may be I am not clearly state the question
1) If I just want to allow 10.168.1 network , do I need to use netmasking ? 2) if question 1 is No , the basic thing that I need to do is to run the below command , no need to do other thing ? thanks for advise . /sbin/iptables -A INPUT -p tcp -s 10.168.1.0 -j ACCEPT /sbin/iptables -A OUTPUT -p tcp -s 10.168.1.0 -j ACCEPT |
thanks repy ,
I use the command bwlow iptables -A INPUT -s 10.168.1.0/24 -j ACCEPT then check by iptable -L -v 0 0 ACCEPT all -- any any 10.168.1.0/24 anywhere but still found that all IP can access , what I would like is to allow the 10.168.1.0 can access it , could advise what is wrong ? thanks |
Quote:
Quote:
Code:
ping |
All times are GMT -5. The time now is 03:39 PM. |