LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Iptables issue. (https://www.linuxquestions.org/questions/linux-newbie-8/iptables-issue-4175456845/)

a.abdulna 04-04-2013 09:39 AM

Iptables issue.
 
Hi Team,

i have done port blocking command in our rhel server its fine but i want to enable that port now, please check below command.

iptables -A INPUT -p tcp --destination-port 22 -s \! 10.0.0.220 -j DROP

now am not able to connect this particular ip through 22 port. My problem is i want remove this restriction, i need to connect through 22 port this particular ip.

anybody please help me out. ..

Regards
Abdul

Annielover 04-04-2013 09:54 AM

Could you post your entire firewall script?

Or post the output of the
Code:

iptables -L
command?

Assuming your default INPUT policy is DROP, those rules allow SSH access to the server from 10.0.0.220 ONLY:
Code:

iptables -A INPUT -p tcp -s 10.0.0.220 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -d 10.0.0.220 --sport 22 -m state --state ESTABLISHED -j ACCEPT


a.abdulna 04-04-2013 09:55 AM

[root@STS-STARS-IOT ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@STS-STARS-IOT ~]#

this is what am getting

Annielover 04-04-2013 10:00 AM

You don't have any rules set, so it should be working...

Is your sshd running? And check /var/log/message for any error messages regarding sshd.

eklavya 04-04-2013 10:05 AM

Now you want only this IP should be connected through ssh? Now you want exact opposite of what you did before.
Other IPs should not be connected by ssh, is it correct?

use /etc/hosts.allow and /etc/hosts.deny

In /etc/hosts.deny
sshd: ALL

It will block every one to use port 22

/etc/hosts.allow
sshd: 192.168.0.0/255.255.255.0
It will alllow this user to access 22

a.abdulna 04-04-2013 10:26 AM

am not able to access through port 22 (ssh) now, iptables showing like..

[root@STS-STARS-IOT ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@STS-STARS-IOT ~]#

TB0ne 04-04-2013 10:37 AM

Quote:

Originally Posted by a.abdulna (Post 4925057)
am not able to access through port 22 (ssh) now, iptables showing like..

[root@STS-STARS-IOT ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@STS-STARS-IOT ~]#

Right..you already posted that. Again, are you sure SSH is running on that box, and if so, is it running on port 22???

a.abdulna 04-04-2013 11:49 AM

yes your correct, now am able to do, but my requirement is i have eth0 and eth1 in that particular server. Eth0 is internal network and eth1 is public, i need to block ssh, ftp, lftp, telnet in eth1, how can i do it..

zafar_dandoti 04-04-2013 11:58 AM

iptables -A INPUT -i eth1 -p tcp --dport 22 -j drop
this will block ssh through eth1
repeat for telnet and ftp ports

TB0ne 04-04-2013 12:22 PM

Quote:

Originally Posted by a.abdulna (Post 4925113)
yes your correct, now am able to do, but my requirement is i have eth0 and eth1 in that particular server. Eth0 is internal network and eth1 is public, i need to block ssh, ftp, lftp, telnet in eth1, how can i do it..

..which is now different than what you originally posted. You can use iptables as has been given to you already, and modify the ports accordingly, or just not run those services on that ethernet adapter, or just have them listen on the eth0 address.


All times are GMT -5. The time now is 02:35 AM.