LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 04-04-2013, 09:39 AM   #1
a.abdulna
Member
 
Registered: Feb 2013
Location: Bangalore
Distribution: Rhel
Posts: 86

Rep: Reputation: Disabled
Iptables issue.


Hi Team,

i have done port blocking command in our rhel server its fine but i want to enable that port now, please check below command.

iptables -A INPUT -p tcp --destination-port 22 -s \! 10.0.0.220 -j DROP

now am not able to connect this particular ip through 22 port. My problem is i want remove this restriction, i need to connect through 22 port this particular ip.

anybody please help me out. ..

Regards
Abdul
 
Old 04-04-2013, 09:54 AM   #2
Annielover
Member
 
Registered: May 2011
Location: Belgium
Distribution: Ubuntu Server Edition, Fedora 16
Posts: 90

Rep: Reputation: 8
Could you post your entire firewall script?

Or post the output of the
Code:
iptables -L
command?

Assuming your default INPUT policy is DROP, those rules allow SSH access to the server from 10.0.0.220 ONLY:
Code:
iptables -A INPUT -p tcp -s 10.0.0.220 --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp -d 10.0.0.220 --sport 22 -m state --state ESTABLISHED -j ACCEPT
 
Old 04-04-2013, 09:55 AM   #3
a.abdulna
Member
 
Registered: Feb 2013
Location: Bangalore
Distribution: Rhel
Posts: 86

Original Poster
Rep: Reputation: Disabled
[root@STS-STARS-IOT ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@STS-STARS-IOT ~]#

this is what am getting
 
Old 04-04-2013, 10:00 AM   #4
Annielover
Member
 
Registered: May 2011
Location: Belgium
Distribution: Ubuntu Server Edition, Fedora 16
Posts: 90

Rep: Reputation: 8
You don't have any rules set, so it should be working...

Is your sshd running? And check /var/log/message for any error messages regarding sshd.
 
Old 04-04-2013, 10:05 AM   #5
eklavya
Member
 
Registered: Mar 2013
Posts: 562

Rep: Reputation: 113Reputation: 113
Now you want only this IP should be connected through ssh? Now you want exact opposite of what you did before.
Other IPs should not be connected by ssh, is it correct?

use /etc/hosts.allow and /etc/hosts.deny

In /etc/hosts.deny
sshd: ALL

It will block every one to use port 22

/etc/hosts.allow
sshd: 192.168.0.0/255.255.255.0
It will alllow this user to access 22
 
Old 04-04-2013, 10:26 AM   #6
a.abdulna
Member
 
Registered: Feb 2013
Location: Bangalore
Distribution: Rhel
Posts: 86

Original Poster
Rep: Reputation: Disabled
am not able to access through port 22 (ssh) now, iptables showing like..

[root@STS-STARS-IOT ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@STS-STARS-IOT ~]#
 
Old 04-04-2013, 10:37 AM   #7
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,762

Rep: Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613
Quote:
Originally Posted by a.abdulna View Post
am not able to access through port 22 (ssh) now, iptables showing like..

[root@STS-STARS-IOT ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@STS-STARS-IOT ~]#
Right..you already posted that. Again, are you sure SSH is running on that box, and if so, is it running on port 22???
 
Old 04-04-2013, 11:49 AM   #8
a.abdulna
Member
 
Registered: Feb 2013
Location: Bangalore
Distribution: Rhel
Posts: 86

Original Poster
Rep: Reputation: Disabled
yes your correct, now am able to do, but my requirement is i have eth0 and eth1 in that particular server. Eth0 is internal network and eth1 is public, i need to block ssh, ftp, lftp, telnet in eth1, how can i do it..
 
Old 04-04-2013, 11:58 AM   #9
zafar_dandoti
Member
 
Registered: Dec 2005
Location: India
Distribution: Fedora 17,ubuntu,centos 6.3
Posts: 63

Rep: Reputation: 6
iptables -A INPUT -i eth1 -p tcp --dport 22 -j drop
this will block ssh through eth1
repeat for telnet and ftp ports
 
Old 04-04-2013, 12:22 PM   #10
TB0ne
Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 14,762

Rep: Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613Reputation: 2613
Quote:
Originally Posted by a.abdulna View Post
yes your correct, now am able to do, but my requirement is i have eth0 and eth1 in that particular server. Eth0 is internal network and eth1 is public, i need to block ssh, ftp, lftp, telnet in eth1, how can i do it..
..which is now different than what you originally posted. You can use iptables as has been given to you already, and modify the ports accordingly, or just not run those services on that ethernet adapter, or just have them listen on the eth0 address.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] IPTABLES issue MarcusWebb1966 Gentoo 11 12-30-2011 07:25 AM
iptables issue Lexus45 Linux - Security 7 04-11-2010 05:17 AM
Iptables Issue satish Linux - Networking 1 02-04-2009 04:51 AM
iptables issue pushpraj Linux - Networking 2 12-04-2008 09:08 AM
Issue with iptables SentralOrigin Linux - Networking 6 07-14-2007 03:42 PM


All times are GMT -5. The time now is 03:22 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration