LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   iptables for port 8000 (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-for-port-8000-a-203881/)

tuxrules 07-11-2004 08:18 PM
iptables for port 8000
 
Hi all,
I want to open up port 8000 for music streaming using shoutcast. I've searched around this forum and internet and things confuse me even more. Can anyone show me some light here...
I've used the following command but its says Bad Argument 'input'

Code:
iptables -t -I input -i eth0 -p tcp -s 0/0 -d 0/0 8000 -j ACCEPT
thanks in advance

SciYro 07-11-2004 08:26 PM
use INPUT

its case sensitive

tuxrules 07-11-2004 08:39 PM
that does not work...any more suggestions????:confused:

tuxrules 07-11-2004 08:45 PM
I just ran
#iptables -L so see current rules in iptables. Here's the output...does anyone think I still need to open up port 8000 since i think i can receive and send from all ports right now.


Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Electro 07-12-2004 04:46 AM
If memory serves me right your system is open for an attack, so no you do no have to open port 8000. I will be a little worry.

You may want to get firestarter. Its a GUI program that will help you configure IPTABLES. It just uses a simple script to configure IPTABLES. Firestarter also comes with a few ports turned off like for torjans.

tuxrules 07-12-2004 01:10 PM
Thanks Electro for the input. I'll download and install firestarter. I am running an apache webserver, ftp server and planning to run shoutcast streaming server. Now that I know, I'll follow your tips and hopefully be secure...Thanks once again.

Enjoy!!!

fuubar2003 07-17-2004 09:10 PM
Here is my iptables script. Notice the TOS rule that basically sts to give the outbound shoutcast traffic priority over other outbound traffic. Enjoy.

#!/bin/bash
# Anti-spoof
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
# Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#Flush
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
# Rules for incoming packets from local interface
iptables -A INPUT -i lo -j ACCEPT
#Rules for incoming packets from the internet
# Packets for established connections
iptables -A INPUT -p ALL -d 192.168.0.2 -m state --state ESTABLISHED,RELATED -j ACCEPT
# TOS
iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j TOS --set-tos Maximize-Throughput
#Rules for TCP/UDP packets
iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.0.2 --dport 22 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.0.2 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 --dport 8000 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s yp.shoutcast.com --sport 80 -d 0/0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 200.150.110.25 --sport 53 -d 0/0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 203.153.0.53 --sport 53 -d 0/0 -j ACCEPT


All times are GMT -5. The time now is 05:38 PM.