LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-30-2005, 12:34 PM   #1
Jorek
Member
 
Registered: Sep 2005
Distribution: Slackware 13.1
Posts: 65

Rep: Reputation: 16
Problem with iptables, and a simple question about a NTFS part.


Hello my fellow Linux users!
Here's some quick qustions(I have tried both google and this forum, but I havent
been able to find the solution to my problems).

1. Iptables.
I'm trying to learn how to use iptables, so decided to write a very simple firewall script on my own.
Here's what I have done so far:
Code:
#!/bin/sh
# Setting Policy for chains...
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
# Loading userspesified rules...
iptables -A INPUT -s 127.0.0.0/8  -d 127.0.0.0/8 -lo -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp --dport 20 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
When I use this script, I can't surf on the WWW,eventhough my port 80(HTTP) and 53 (DNS) are wide open! I can't even ping, but I have allowed icmp traffic as you can see in my script. Can someone tell me whats wrong with this script?

2. NTFS Partition.
When I installed Slackware, I decided to mount my two NTFS partitions into my Linux system at boot.
That works pretty good for root, but I haven't found any way to give normal users read rights(chmod o+r).
This is a cut of my fstab:
/dev/hda5 /mnt/Windisk1 ntfs defaults 1 0
/dev/hda7 /mnt/Windisk2 ntfs defaults 1 0

Anyone?

Thanx
 
Old 12-30-2005, 01:22 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 332Reputation: 332Reputation: 332Reputation: 332
Here is a quick discussion and example script for iptables.

http://techrepublic.com.com/5100-108...tml?tag=search

I always end up hacking mounted partitions so this information may be stupid, ugly, or even wrong.

The first thing that I may be wrong about is your fstab file entries. You should include the read only directive "ro" in the options field.

Now here is where I get ugly. If I wanted to set up a system as you described I would make the mount point, set the ownership and permissions of the mount point, mount the partition, check the ownership and permissions of the mount point, and if required reset the ownership and permissions on the mount point. That's always worked for me with ntfs and vfat partitions.

Remember that you want to mount ntfs partitions as read only.

Last edited by stress_junkie; 12-30-2005 at 01:48 PM.
 
Old 12-30-2005, 02:05 PM   #3
Freemor
Member
 
Registered: Aug 2005
Location: New Brunswick
Distribution: Trisquel
Posts: 70
Blog Entries: 8

Rep: Reputation: 15
Not sure What you were trying to do with the first part of the script ( where you seem to be trying to set up policies) settin the entire input chain to DROP would basically (ifaik) drop all input.. not good.. Also you only need to open ports you have servers on. so only need to open port 80 if running a web server, 21 if you are running an ftp server etc. I generally drop the first 1023 ports. unless i'm running a server.. with the exception of the ntp port being allowed for the time server I sync with.

Here is an early sample of my IPtables script..

#!/bin/bash
#
# tight firewall
#
#

# First make sure we are not duplicating things..

iptables -F
iptables -X

# accept all local connection so interal stuff works

iptables -A INPUT -s localhost -p tcp -j ACCEPT
iptables -A INPUT -s localhost -p udp -j ACCEPT

# Open the ports we want

iptables -A INPUT -s time.nrc.ca -p udp --destination-port 123 -j ACCEPT

# Drop all ICMP requests

iptables -A INPUT -p icmp -j DROP

# Drop All un-authorizes connections

iptables -A INPUT -s 0/0 -p tcp --destination-port 0:1023 -j DROP
iptables -A INPUT -s 0/0 -p udp --destination-port 0:1023 -j DROP

---

This was an early version of my script I have since added logging capabilities for both blocked and allowed ports that i wish to monitor..

remember iptables rules are fallthrough so if i had put the last two lines first then nothing would be allowed because it would see the block everything rulle first and not fallthrough to the rest.

Hope this helps
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Simple IPTABLES problem zahoo Linux - Networking 2 03-09-2005 09:43 PM
Dual HDD Interface Problem, Linux on SATA, NTFS Part on IDE HDD LILO Not Loading Blade44 Linux - Hardware 2 02-01-2005 06:56 PM
No Sound in KDE and simple question about NTFS Nihongoga Linux - Newbie 2 07-20-2004 08:21 AM
Iptables newbie / simple question wr3ck3d Linux - Networking 2 03-06-2003 08:08 AM
Simple iptables DNAT question taylor Linux - General 0 10-02-2001 06:22 PM


All times are GMT -5. The time now is 04:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration