LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-12-2004, 03:37 PM   #1
msrinath80
LQ Newbie
 
Registered: Aug 2004
Location: Canada
Distribution: GNU
Posts: 2

Rep: Reputation: 0
Lightbulb iptables trusted host


Hi,

I have 2 GNU/Linux workstations here both of which are permanently connected to the internet. I want to ensure that the two trust each other for all port exchanges between them and reject (use predefined filters) for all outside connections.

How would I ensure that the two trust each other for all connections, specifically what line would I need to add in /etc/sysconfig/iptables assuming I know the IP address(es) that are to be trusted.

Thank you for your time!
 
Old 08-12-2004, 03:42 PM   #2
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Rep: Reputation: 30
You can define iptables to accept all protocols and only allow the source and destination address for those protocols limited to your ip range.

#For outgoing appending
iptables -A OUTPUT -p all -source Local_PC_IP -d Remote_PC-IP -j ACCEPT

#For incoming appending
iptables -A INPUT -p all -source Local_PC_IP -d Remote_PC-IP -j ACCEPT

This example is rather simplistic and you can define more rules.
 
Old 08-12-2004, 04:34 PM   #3
barisdemiray
Member
 
Registered: Sep 2003
Location: Ankara/Turkey
Distribution: Slackware
Posts: 155

Rep: Reputation: 30
Quote:
Originally posted by Obie

#For outgoing appending
iptables -A OUTPUT -p all -source Local_PC_IP -d Remote_PC-IP -j ACCEPT

#For incoming appending
iptables -A INPUT -p all -source Local_PC_IP -d Remote_PC-IP -j ACCEPT
I think the second one should be as

Code:
iptables -A INPUT -p all -source Remote_PC-IP -d Local_PC-IP -j ACCEPT
To allow other hosts packets in INPUT chain by setting --source as it's IP. And i think the rules below should also work..

Code:
iptables -I INPUT --source OTHER_ONE -j ACCEPT
iptables -I OUTPUT --destination OTHER_ONE -j ACCEPT
Easier to maintain
 
Old 08-12-2004, 06:20 PM   #4
Obie
Member
 
Registered: Apr 2004
Distribution: Red Hat
Posts: 290

Rep: Reputation: 30
quote
---------------------------------
iptables -A INPUT -p all -source Remote_PC-IP -d Local_PC-IP -j ACCEPT
---------------------------------

Sorry I agree. My mistake :-)
 
Old 08-14-2004, 06:57 PM   #5
msrinath80
LQ Newbie
 
Registered: Aug 2004
Location: Canada
Distribution: GNU
Posts: 2

Original Poster
Rep: Reputation: 0
Hi guys,

Thanks a lot. This is what I did:

-I INPUT --source ip_address_here -j ACCEPT
-I OUTPUT --destination ip_address_here -j ACCEPT

AND IT WORKED

Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ALLOW host name lookup through iptables ? qwijibow Linux - Security 7 08-02-2006 01:07 PM
Root Host or trusted host???? astro209 Linux - Security 1 12-01-2005 02:56 PM
iptables - blocking a host by MAC address retiem Linux - Security 6 08-29-2003 11:58 AM
Trusted system juno Linux - General 1 12-24-2002 05:43 AM
IPTABLES and DMZ Host htimst Linux - Security 1 12-21-2001 07:04 AM


All times are GMT -5. The time now is 09:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration