Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
Okay, im at a bit of a loss with this one. The only way i can see to get iptables to work properly with my servers that im running on my Debian box is to start it up after all the servers have loaded. But then when i restart (which does happen occasionally) it blocks everything up again!
Ive got Apache, SSH, vsftp, and a pop3 server running on this box, and i want all of the servers to be able to access the net from bootup.
I also need to find some info concerning mysql-server, and how to make sure that only localhost can access it.
If your iptables rules are blocking your servers, it just means your rules aren't set up properly. On my box, the iptables rules are loaded before the ethernet card is brought up, which is definitely before any servers are started and none of my servers (httpd, sshd, mysqld) have any problem with access.
If you want to block external access to mysql, you can do it with a rule like this:
iptables -A INPUT -i eth0 -p TCP --dport 3306 -j DROP
This would drop anything heading for port 3306 (assuming that is what you are running mysql on) that is coming from your ethernet card (again assuming your external connection is on eth0). Unless I'm completely mistaken, this should still allow localhost to access mysql.
Is there any sort of newbies guide to iptables anywhere? All i need to do really is know how to allow access to certain ports (TCP) on my ethernet card. i.e. to allow requests on port 80, 23, 21, etc etc.
Umm, there is one problem with the above tip. It seems i cant access anything from the box any more. I.e. mozilla wont work, apt-get wont work, they dont resolve host names. What should i make unblocked to allow me to use www browsers and apt-get?
You need to allow NEW, ESTABLISHED and RELATED packets through the firewall. So on my input chain, I've got these two rules:
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p udp -m state --state ESTABLISHED, RELATED -j ACCEPT
You also might need:
iptables -A INPUT -p tcp --syn -j ACCEPT
And on the OUTPUT chain I do the same thing only the --state is NEW,ESTABLISHED,RELATED for both tcp and udp:
iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -p udp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
Rather than looking at specific ports, these rules look at the state of the packet and NEW,ESTABLISHED and RELATED states are all states from connections originating within your computer so someone from the outside can't use them to get in. See the FrozenTux tutorial for the fine details.