LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 06-17-2010, 08:59 AM   #1
shlomi.s
LQ Newbie
 
Registered: Dec 2009
Posts: 10

Rep: Reputation: 0
iptables settings


hi..

i have 2 server that sitting under the same subnet (in the hosting) and i have for both private IP and public IP.
the etc0 using for public IP and etc1 for private IP.

of-course, the servers can interact (via SSH etc.) each-other with the private IP.

now, i need the following settings on my firewall/ipatables:

server 1:
1. port 80, open for private and public.
2. port 22, open for private and public.

server 2:
1. port 22, open for private and public.
2. port 3306, open for private only.

the server 1 already configured and work fine, my problem is with server 2.
if tried to use the "system-config-securelevel" for setting the firewall to do those rules but i can't separate between the interfaces (etc0 and etc1), mean, if i'm checking the both interfaces and then checking port 22 + custom port 3306:tcp, once i did it the port 3306 will open to public also, and if i'm checking the etc0 only, the port 22 will be close to public.

how can i make the 22 port open to public and port 3306 open to private only?

do i need to edit manually the file /etc/sysconfig/iptables? if i need to do that, what settings shall be there? can someone write me those rules please?

i read the CentOs5 document about iptables but i can't figure out how to do that and if I'll have some mistake i can lock my-self out from the server and start deal with the hosting.. etc.. etc..

note: the both servers are CentOs5 64bit.

thanks in advanced.

Shlomi.
 
Old 06-17-2010, 10:07 AM   #2
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Quote:
Originally Posted by shlomi.s View Post
hi..

i have 2 server that sitting under the same subnet (in the hosting) and i have for both private IP and public IP.
the etc0 using for public IP and etc1 for private IP.

of-course, the servers can interact (via SSH etc.) each-other with the private IP.

now, i need the following settings on my firewall/ipatables:

server 1:
1. port 80, open for private and public.
iptables -I INPUT -p tcp --dport 80 -j ACCEPT


2. port 22, open for private and public.
iptables -I INPUT -p tcp --dport 80 -j ACCEPT

server 2:
1. port 22, open for private and public.
iptables -I INPUT -p tcp --dport 22 -j ACCEPT

2. port 3306, open for private only.
iptables -I INPUT -p tcp -i eth1 --dport -j ACCEPT

Quote:
Originally Posted by shlomi.s View Post
the server 1 already configured and work fine, my problem is with server 2.
if tried to use the "system-config-securelevel" for setting the firewall to do those rules but i can't separate between the interfaces (etc0 and etc1), mean, if i'm checking the both interfaces and then checking port 22 + custom port 3306:tcp, once i did it the port 3306 will open to public also, and if i'm checking the etc0 only, the port 22 will be close to public.

how can i make the 22 port open to public and port 3306 open to private only?

do i need to edit manually the file /etc/sysconfig/iptables? if i need to do that, what settings shall be there? can someone write me those rules please?
you can do it this way, but this is an easy way to break iptables.

Quote:
Originally Posted by shlomi.s View Post
i read the CentOs5 document about iptables but i can't figure out how to do that and if I'll have some mistake i can lock my-self out from the server and start deal with the hosting.. etc.. etc..

note: the both servers are CentOs5 64bit.

thanks in advanced.

Shlomi.

Last edited by centosboy; 06-17-2010 at 10:11 AM.
 
Old 06-17-2010, 10:12 AM   #3
centosboy
Senior Member
 
Registered: May 2009
Location: london
Distribution: centos5
Posts: 1,137

Rep: Reputation: 116Reputation: 116
Test rules and if they work, run

Code:
iptables-save > /etc/sysconfig/iptables

but only save if they work properly when testing
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Some iptables settings for testing needed khandu Linux - Networking 7 05-02-2008 10:47 PM
Recommend iptables -m recent settings helpmhost Linux - Networking 1 04-18-2007 02:22 PM
D.M.Z. settings using IPTABLES? Rims Linux - Networking 1 03-23-2004 02:35 AM
iptables settings bacon22 Linux - Networking 1 02-05-2004 09:42 AM
iptables settings Punker51 Linux - Software 2 12-01-2003 10:52 PM


All times are GMT -5. The time now is 02:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration