LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-18-2005, 11:23 PM   #1
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Rep: Reputation: 30
IPtables allow help


Hi trying to allow a service to run on my server.

i can get it to work when i stop iptables and when i start it it no longer works.
(web based application (cpanel))

Now i know the ports it uses and all but i don't know how to add them.

thank you in advance
 
Old 01-19-2005, 12:24 AM   #2
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Original Poster
Rep: Reputation: 30
For better understanding of what im trying to do -

ok so i sorta now how to insert rules and how to save them.

for example:

iptables -A INPUT -s 192.168.0.6 (internal IP address or 0/0) -i eth0 -d 192.168.0.2 (internal IP for server) -p TCP UDP \ --sport 2086:2087 --dport 80 -j ACCEPT

When logging into the main pannel it goes through https://192.168.0.2:2087

I tried this but still no go, any clue what im doing wrong\

thank you
 
Old 01-19-2005, 09:00 AM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Quote:
--dport 80
This is part of your problem. If you are using SSL to connect (https instead of http) you need to open port 443. SSL doesn't work on port 80.

And you might try this re-write of your rule:

iptables -A INPUT -s 192.168.0.0/24 -i eth0 -p all --dport 443 -j ACCEPT

The 192.168.0.0/24 will allow any IP address from the 192.168.0 range so if you are using DHCP for your internal network, you don't have to worry about setting up static IP addresses. I'm also a little confused about why you want to limit the source port range. This actually may be another part of the problem unless you know that your browser is always going to use those ports. Unless yo've done something to lock your browser down, odds are it is using something else. Finally, unless you are using this box as a router, -i eth0 and -d 192.168.0.2 are kind of redundant. Personally I prefer to use -i, but that is a personal preference.
 
Old 01-19-2005, 12:40 PM   #4
Fredstar
Member
 
Registered: Jul 2004
Location: Rochester, NY
Distribution: Fedora9::FreeBSD7.1
Posts: 296

Original Poster
Rep: Reputation: 30
I tried that and it told me that --dport is an unknown argument?
 
Old 01-19-2005, 01:00 PM   #5
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 416Reputation: 416Reputation: 416Reputation: 416Reputation: 416
Hmm. I suppose you may have to specifiy TCP when using --dport, but I thought it would work with all. Does this work?

iptables -A INPUT -s 192.168.0.0/24 -i eth0 -p tcp --dport 443 -j ACCEPT

That is almost verbatim from my firewall so it should work. You also might want to check again for typos. They can kill a firewall.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
An error occured getting IPtables status from the command /etc/rc.d/init.d/iptables s CrazyMAzeY Linux - Newbie 10 08-12-2010 06:25 AM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 03:24 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 07:08 AM
iptables book wich one can you pll recomment to be an iptables expert? linuxownt Linux - General 2 06-26-2003 05:38 PM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 08:36 AM


All times are GMT -5. The time now is 10:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration