Hi all, i am very new to this iptables thing.
I have an oracle rac server running on RHEL 5.2 having 3 NICs(eth0,eth1,eth2), and i have to configure iptables on that.
Actually it is a cluster having 2 machines and both are identical in every sense, the eth0 of both are connected via cross-cable, so i want no other traffic on eth0, the other 2 interfaces are for access from LAN and no internet connectivity is allowed to this server. The only port to be allowed for incoming connection is tcp port 1521, which is used by Oracle listener.
I want some specific LAN IP-Addresses to be bound on both the Interfaces (eth1,eth2), lets say IP Addresses like 10.10.2.12 should be allowed only on eth1 and port tcp 1521 and all other should be dropped on this interface, IP Addresses like 172.16.100.11 should be allowed only on eth2.
Remember that eth0 interfaces of both machines have IP Address 192.168.11.10 and 192.168.11.11 respectively and they are connected directly with a cross cable.
I have tried making some simple configurations like
Code:
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:243]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.11.10 -i eth0 -p tcp -m tcp --dport 1:65000 -m state --state NEW -j ACCEPT
-A INPUT -s 10.10.2.12 -i eth1 -p tcp -m tcp --dport 1521 -m state --state NEW -j ACCEPT
-A INPUT -s 172.16.100.11 -i eth2 -p tcp -m tcp --dport 1521 -m state --state NEW -j
ACCEPT
-A INPUT -j DROP
COMMIT
But its not working, kindly suggest