LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-12-2014, 09:25 PM   #1
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Rep: Reputation: Disabled
allow remote connection


I would like to use iptables to set to allow a specific IP to access a server , what I would like to do is to allow any services to and from 192.168.0.0 with my server , could advise what I need to do is just to run the following command in the server , no need to do other things ? thanks


/sbin/iptables -A INPUT -p tcp -s 192.168.0.0 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s 192.168.0.0 -j ACCEPT

Last edited by byran cheung; 01-12-2014 at 09:55 PM.
 
Old 01-14-2014, 07:32 AM   #2
zhjim
Senior Member
 
Registered: Oct 2004
Distribution: Debian Squeeze x86_64
Posts: 1,748
Blog Entries: 11

Rep: Reputation: 233Reputation: 233Reputation: 233
Not sure what iptables makes of it but I say it will miss a subnetmask try. 192.168.0.0./24 or 192.168.0.0/16 depending on your network.

Also have your policy set to drop
Quote:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
 
Old 01-14-2014, 08:06 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,661

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
192.168.0.0 is not a specific IP number, it is a network.

It represents everything from 192.168.0.1 to 192.168.255.254.

If you want a specific IP number you have to specify the IP number -something like 192.168.5.3.

Using masking (such as 192.168.0.0/16), specifies the network 192.168.0.0 as they are equivalent. Specifying 192.160.0.0/24 is different, but it represents all hosts from 192.168.0.1 through 192.168.0.254.
 
Old 01-14-2014, 08:12 PM   #4
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by zhjim View Post
Not sure what iptables makes of it but I say it will miss a subnetmask try. 192.168.0.0./24 or 192.168.0.0/16 depending on your network.

Also have your policy set to drop
thanks reply ,

Would advise why I need drop the connection by "iptables -P INPUT DROP" , "iptables -P OUTPUT DROP" ? if I add it , what will be happen ? thanks
 
Old 01-14-2014, 09:41 PM   #5
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,294

Rep: Reputation: 2358Reputation: 2358Reputation: 2358Reputation: 2358Reputation: 2358Reputation: 2358Reputation: 2358Reputation: 2358Reputation: 2358Reputation: 2358Reputation: 2358
If you default the Policy to 'DROP' (a good idea), then you are whitelisting ie anything not explicitly 'allowed' will be dropped.
 
Old 01-14-2014, 11:57 PM   #6
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
thats what recommended to make drop all as default and then explicitly allow whats needed.
and what type of connections you want to allow matters a lot if ssh then allow requests (in/out)coming from port 22 specifying source and destination IP.
 
Old 01-22-2014, 04:01 AM   #7
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Original Poster
Rep: Reputation: Disabled
sorry , I have a bit do not understand the solution , may be I adjust something , what I would like to do is to control only allow a same subnet ( 10.168.1.0 ) of IP can access a server , could advise the simple thing that I need to do is the following , do I need to do something else ? thanks



/sbin/iptables -A INPUT -p tcp -s 10.168.1.0 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s 10.168.1.0 -j ACCEPT
 
Old 01-22-2014, 08:01 PM   #8
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Original Poster
Rep: Reputation: Disabled
may be I am not clearly state the question

1) If I just want to allow 10.168.1 network , do I need to use netmasking ?

2) if question 1 is No , the basic thing that I need to do is to run the below command , no need to do other thing ? thanks for advise .

/sbin/iptables -A INPUT -p tcp -s 10.168.1.0 -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp -s 10.168.1.0 -j ACCEPT
 
Old 01-24-2014, 01:00 AM   #9
byran cheung
Member
 
Registered: Sep 2013
Posts: 321

Original Poster
Rep: Reputation: Disabled
thanks repy ,

I use the command bwlow

iptables -A INPUT -s 10.168.1.0/24 -j ACCEPT

then check by iptable -L -v

0 0 ACCEPT all -- any any 10.168.1.0/24 anywhere

but still found that all IP can access , what I would like is to allow the 10.168.1.0 can access it , could advise what is wrong ? thanks
 
Old 01-24-2014, 01:14 AM   #10
mariose
Member
 
Registered: May 2013
Location: Republic of South Africa
Distribution: Debian 8.0 "jessie"
Posts: 189

Rep: Reputation: 7
Quote:
Originally Posted by jpollard View Post
192.168.0.0 is not a specific IP number, it is a network.

It represents everything from 192.168.0.1 to 192.168.255.254.

If you want a specific IP number you have to specify the IP number -something like 192.168.5.3.

Using masking (such as 192.168.0.0/16), specifies the network 192.168.0.0 as they are equivalent. Specifying 192.160.0.0/24 is different, but it represents all hosts from 192.168.0.1 through 192.168.0.254.
Nice
Quote:
jpollard
The quote above you should fine very useful if you know your networking. Though I may just ask if you are able to
Code:
ping
the server...? You seem to know your way around at least.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't SSH to remote machine: Connection closed by remote host Avatar Linux - Networking 34 05-24-2013 09:28 AM
remote connection ust Linux - Software 1 09-24-2008 10:27 AM
Remote Desktop Connection hangs on 'Establishing connection...' madala Linux - Networking 1 06-27-2008 03:04 PM
remote connection sniffer_raghav Linux - Networking 3 06-03-2008 09:48 AM
Remote Connection OtisLinux Linux - Networking 1 04-28-2006 05:41 AM


All times are GMT -5. The time now is 01:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration