iptables for port 8000
Hi all,
I want to open up port 8000 for music streaming using shoutcast. I've searched around this forum and internet and things confuse me even more. Can anyone show me some light here... I've used the following command but its says Bad Argument 'input' Code:
iptables -t -I input -i eth0 -p tcp -s 0/0 -d 0/0 8000 -j ACCEPT |
use INPUT
its case sensitive |
that does not work...any more suggestions????:confused:
|
I just ran
#iptables -L so see current rules in iptables. Here's the output...does anyone think I still need to open up port 8000 since i think i can receive and send from all ports right now. Chain INPUT (policy ACCEPT) target prot opt source destination RH-Lokkit-0-50-INPUT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination RH-Lokkit-0-50-INPUT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination |
If memory serves me right your system is open for an attack, so no you do no have to open port 8000. I will be a little worry.
You may want to get firestarter. Its a GUI program that will help you configure IPTABLES. It just uses a simple script to configure IPTABLES. Firestarter also comes with a few ports turned off like for torjans. |
Thanks Electro for the input. I'll download and install firestarter. I am running an apache webserver, ftp server and planning to run shoutcast streaming server. Now that I know, I'll follow your tips and hopefully be secure...Thanks once again.
Enjoy!!! |
Here is my iptables script. Notice the TOS rule that basically sts to give the outbound shoutcast traffic priority over other outbound traffic. Enjoy.
#!/bin/bash # Anti-spoof for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done # Policies (default) iptables -P INPUT DROP iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP #Flush iptables -F INPUT iptables -F FORWARD iptables -F OUTPUT # Rules for incoming packets from local interface iptables -A INPUT -i lo -j ACCEPT #Rules for incoming packets from the internet # Packets for established connections iptables -A INPUT -p ALL -d 192.168.0.2 -m state --state ESTABLISHED,RELATED -j ACCEPT # TOS iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j TOS --set-tos Maximize-Throughput #Rules for TCP/UDP packets iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.0.2 --dport 22 --syn -j ACCEPT iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.0.2 --dport 22 -j ACCEPT iptables -A INPUT -p tcp -m tcp -s 0/0 --dport 8000 --syn -j ACCEPT iptables -A INPUT -p tcp -m tcp -s 0/0 --dport 8000 -j ACCEPT iptables -A INPUT -p tcp -m tcp -s yp.shoutcast.com --sport 80 -d 0/0 -j ACCEPT iptables -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT iptables -A INPUT -p udp -m udp -s 200.150.110.25 --sport 53 -d 0/0 -j ACCEPT iptables -A INPUT -p udp -m udp -s 203.153.0.53 --sport 53 -d 0/0 -j ACCEPT |
All times are GMT -5. The time now is 05:38 PM. |