Iptables issue.
Hi Team,
i have done port blocking command in our rhel server its fine but i want to enable that port now, please check below command. iptables -A INPUT -p tcp --destination-port 22 -s \! 10.0.0.220 -j DROP now am not able to connect this particular ip through 22 port. My problem is i want remove this restriction, i need to connect through 22 port this particular ip. anybody please help me out. .. Regards Abdul |
Could you post your entire firewall script?
Or post the output of the Code:
iptables -L Assuming your default INPUT policy is DROP, those rules allow SSH access to the server from 10.0.0.220 ONLY: Code:
iptables -A INPUT -p tcp -s 10.0.0.220 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT |
[root@STS-STARS-IOT ~]# iptables -L
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@STS-STARS-IOT ~]# this is what am getting |
You don't have any rules set, so it should be working...
Is your sshd running? And check /var/log/message for any error messages regarding sshd. |
Now you want only this IP should be connected through ssh? Now you want exact opposite of what you did before.
Other IPs should not be connected by ssh, is it correct? use /etc/hosts.allow and /etc/hosts.deny In /etc/hosts.deny sshd: ALL It will block every one to use port 22 /etc/hosts.allow sshd: 192.168.0.0/255.255.255.0 It will alllow this user to access 22 |
am not able to access through port 22 (ssh) now, iptables showing like..
[root@STS-STARS-IOT ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@STS-STARS-IOT ~]# |
Quote:
|
yes your correct, now am able to do, but my requirement is i have eth0 and eth1 in that particular server. Eth0 is internal network and eth1 is public, i need to block ssh, ftp, lftp, telnet in eth1, how can i do it..
|
iptables -A INPUT -i eth1 -p tcp --dport 22 -j drop
this will block ssh through eth1 repeat for telnet and ftp ports |
Quote:
|
All times are GMT -5. The time now is 02:35 AM. |