allow remote connection
 

I would like to use iptables to set to allow a specific IP to access a server , what I would like to do is to allow any services to and from 192.168.0.0 with my server , could advise what I need to do is just to run the following command in the server , no need to do other things ? thanks


/sbin/iptables -A INPUT -p tcp -s 192.168.0.0 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s 192.168.0.0 -j ACCEPT

Not sure what iptables makes of it but I say it will miss a subnetmask try. 192.168.0.0./24 or 192.168.0.0/16 depending on your network.

Also have your policy set to drop

192.168.0.0 is not a specific IP number, it is a network.

It represents everything from 192.168.0.1 to 192.168.255.254.

If you want a specific IP number you have to specify the IP number -something like 192.168.5.3.

Using masking (such as 192.168.0.0/16), specifies the network 192.168.0.0 as they are equivalent. Specifying 192.160.0.0/24 is different, but it represents all hosts from 192.168.0.1 through 192.168.0.254.

thanks reply ,

Would advise why I need drop the connection by "iptables -P INPUT DROP" , "iptables -P OUTPUT DROP" ? if I add it , what will be happen ? thanks

If you default the Policy to 'DROP' (a good idea), then you are whitelisting ie anything not explicitly 'allowed' will be dropped.

thats what recommended to make drop all as default and then explicitly allow whats needed.
and what type of connections you want to allow matters a lot if ssh then allow requests (in/out)coming from port 22 specifying source and destination IP.

sorry , I have a bit do not understand the solution , may be I adjust something , what I would like to do is to control only allow a same subnet ( 10.168.1.0 ) of IP can access a server , could advise the simple thing that I need to do is the following , do I need to do something else ? thanks



/sbin/iptables -A INPUT -p tcp -s 10.168.1.0 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s 10.168.1.0 -j ACCEPT

may be I am not clearly state the question

1) If I just want to allow 10.168.1 network , do I need to use netmasking ?

2) if question 1 is No , the basic thing that I need to do is to run the below command , no need to do other thing ? thanks for advise .

/sbin/iptables -A INPUT -p tcp -s 10.168.1.0 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s 10.168.1.0 -j ACCEPT

thanks repy ,

I use the command bwlow

iptables -A INPUT -s 10.168.1.0/24 -j ACCEPT

then check by iptable -L -v

0 0 ACCEPT all -- any any 10.168.1.0/24 anywhere

but still found that all IP can access , what I would like is to allow the 10.168.1.0 can access it , could advise what is wrong ? thanks

Nice The quote above you should fine very useful if you know your networking. Though I may just ask if you are able to the server...? You seem to know your way around at least.