LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   iptables settings (http://www.linuxquestions.org/questions/linux-security-4/iptables-settings-814708/)

shlomi.s 06-17-2010 07:59 AM

iptables settings
 
hi..

i have 2 server that sitting under the same subnet (in the hosting) and i have for both private IP and public IP.
the etc0 using for public IP and etc1 for private IP.

of-course, the servers can interact (via SSH etc.) each-other with the private IP.

now, i need the following settings on my firewall/ipatables:

server 1:
1. port 80, open for private and public.
2. port 22, open for private and public.

server 2:
1. port 22, open for private and public.
2. port 3306, open for private only.

the server 1 already configured and work fine, my problem is with server 2.
if tried to use the "system-config-securelevel" for setting the firewall to do those rules but i can't separate between the interfaces (etc0 and etc1), mean, if i'm checking the both interfaces and then checking port 22 + custom port 3306:tcp, once i did it the port 3306 will open to public also, and if i'm checking the etc0 only, the port 22 will be close to public.

how can i make the 22 port open to public and port 3306 open to private only?

do i need to edit manually the file /etc/sysconfig/iptables? if i need to do that, what settings shall be there? can someone write me those rules please?

i read the CentOs5 document about iptables but i can't figure out how to do that and if I'll have some mistake i can lock my-self out from the server and start deal with the hosting.. etc.. etc..

note: the both servers are CentOs5 64bit.

thanks in advanced.

Shlomi.

centosboy 06-17-2010 09:07 AM

Quote:

Originally Posted by shlomi.s (Post 4006477)
hi..

i have 2 server that sitting under the same subnet (in the hosting) and i have for both private IP and public IP.
the etc0 using for public IP and etc1 for private IP.

of-course, the servers can interact (via SSH etc.) each-other with the private IP.

now, i need the following settings on my firewall/ipatables:

server 1:
1. port 80, open for private and public.

iptables -I INPUT -p tcp --dport 80 -j ACCEPT


2. port 22, open for private and public.
iptables -I INPUT -p tcp --dport 80 -j ACCEPT

server 2:
1. port 22, open for private and public.
iptables -I INPUT -p tcp --dport 22 -j ACCEPT

2. port 3306, open for private only.
iptables -I INPUT -p tcp -i eth1 --dport -j ACCEPT

Quote:

Originally Posted by shlomi.s (Post 4006477)
the server 1 already configured and work fine, my problem is with server 2.
if tried to use the "system-config-securelevel" for setting the firewall to do those rules but i can't separate between the interfaces (etc0 and etc1), mean, if i'm checking the both interfaces and then checking port 22 + custom port 3306:tcp, once i did it the port 3306 will open to public also, and if i'm checking the etc0 only, the port 22 will be close to public.

how can i make the 22 port open to public and port 3306 open to private only?

do i need to edit manually the file /etc/sysconfig/iptables? if i need to do that, what settings shall be there? can someone write me those rules please?

you can do it this way, but this is an easy way to break iptables.

Quote:

Originally Posted by shlomi.s (Post 4006477)
i read the CentOs5 document about iptables but i can't figure out how to do that and if I'll have some mistake i can lock my-self out from the server and start deal with the hosting.. etc.. etc..

note: the both servers are CentOs5 64bit.

thanks in advanced.

Shlomi.


centosboy 06-17-2010 09:12 AM

Test rules and if they work, run

Code:

iptables-save > /etc/sysconfig/iptables

but only save if they work properly when testing


All times are GMT -5. The time now is 12:29 AM.