LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-11-2004, 08:18 PM   #1
tuxrules
Senior Member
 
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 -current
Posts: 1,144

Rep: Reputation: 56
iptables for port 8000


Hi all,
I want to open up port 8000 for music streaming using shoutcast. I've searched around this forum and internet and things confuse me even more. Can anyone show me some light here...
I've used the following command but its says Bad Argument 'input'

Code:
iptables -t -I input -i eth0 -p tcp -s 0/0 -d 0/0 8000 -j ACCEPT
thanks in advance
 
Old 07-11-2004, 08:26 PM   #2
SciYro
Senior Member
 
Registered: Oct 2003
Location: hopefully not here
Distribution: Gentoo
Posts: 2,038

Rep: Reputation: 51
use INPUT

its case sensitive
 
Old 07-11-2004, 08:39 PM   #3
tuxrules
Senior Member
 
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 -current
Posts: 1,144

Original Poster
Rep: Reputation: 56
that does not work...any more suggestions????
 
Old 07-11-2004, 08:45 PM   #4
tuxrules
Senior Member
 
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 -current
Posts: 1,144

Original Poster
Rep: Reputation: 56
I just ran
#iptables -L so see current rules in iptables. Here's the output...does anyone think I still need to open up port 8000 since i think i can receive and send from all ports right now.


Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Lokkit-0-50-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
 
Old 07-12-2004, 04:46 AM   #5
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
If memory serves me right your system is open for an attack, so no you do no have to open port 8000. I will be a little worry.

You may want to get firestarter. Its a GUI program that will help you configure IPTABLES. It just uses a simple script to configure IPTABLES. Firestarter also comes with a few ports turned off like for torjans.
 
Old 07-12-2004, 01:10 PM   #6
tuxrules
Senior Member
 
Registered: Jun 2004
Location: Chicago
Distribution: Slackware64 -current
Posts: 1,144

Original Poster
Rep: Reputation: 56
Thanks Electro for the input. I'll download and install firestarter. I am running an apache webserver, ftp server and planning to run shoutcast streaming server. Now that I know, I'll follow your tips and hopefully be secure...Thanks once again.

Enjoy!!!
 
Old 07-17-2004, 09:10 PM   #7
fuubar2003
Member
 
Registered: May 2004
Location: Orlando, Florida
Distribution: SLES10/11, RH4/5 svrs, Fedora, Debian/Ubuntu/Mint; FreeBSD/OpenBSD
Posts: 63

Rep: Reputation: 26
Here is my iptables script. Notice the TOS rule that basically sts to give the outbound shoutcast traffic priority over other outbound traffic. Enjoy.

#!/bin/bash
# Anti-spoof
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f; done
# Policies (default)
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
#Flush
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
# Rules for incoming packets from local interface
iptables -A INPUT -i lo -j ACCEPT
#Rules for incoming packets from the internet
# Packets for established connections
iptables -A INPUT -p ALL -d 192.168.0.2 -m state --state ESTABLISHED,RELATED -j ACCEPT
# TOS
iptables -A OUTPUT -t mangle -p tcp --sport 8000 -j TOS --set-tos Maximize-Throughput
#Rules for TCP/UDP packets
iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.0.2 --dport 22 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 -d 192.168.0.2 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 --dport 8000 --syn -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s 0/0 --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp -s yp.shoutcast.com --sport 80 -d 0/0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 --dport 67:68 -i eth0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 200.150.110.25 --sport 53 -d 0/0 -j ACCEPT
iptables -A INPUT -p udp -m udp -s 203.153.0.53 --sport 53 -d 0/0 -j ACCEPT
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables - incomming port to external port - possible? ziggie216 Linux - Software 1 07-13-2006 02:08 PM
port forwarding with iptables kkennedy Linux - Networking 1 09-01-2005 06:48 PM
Port 8000 sujte Linux - Networking 8 04-19-2005 08:35 PM
Port 80 forwarding to port 22 with iptables zahoo Linux - Networking 3 02-22-2005 07:22 AM
IPTABLES and port 25 KoR Linux - Newbie 1 09-30-2003 07:51 PM


All times are GMT -5. The time now is 11:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration