Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 11-09-2012, 02:38 PM   #1
Registered: Jul 2003
Location: Hamilton, OH
Distribution: Redhat 9, SuSE 10.1 & 10.2, Kubuntu
Posts: 173

Rep: Reputation: 30
Allow 1 site running on https - port 8080

Greetings --

I have two APs set up, one for me, one for my tenants. The AP for my tenants is locked down pretty tight using iptables and OpenDNS filters.
I use DD-WRT and have everything working great. Today, one of my tenants came to me requesting access to a site for her school.

It's a https site running at port 8080.
I don't want to set a blanket rule to allow port 8080 across the board, I would just like to allow only this site to be accessed.

Here is my current iptables - I just don't know enough about it to accomplish what I'm trying to do, so any help would be great.

here is what is currently in production:
BR0 is me. BR1 is the tenants....



#Allow br1 to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT

#Allow br1 to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

#Drop everything else on br1
iptables -I INPUT 4 -i br1 -j DROP

#Restrict br1 from accessing br0
iptables -I FORWARD 1 -i br1 -o br0 -j DROP

#Restrict br0 from accessing br1
iptables -I FORWARD 2 -i br0 -o br1 -j DROP

#Allow br1 to access http/https & FTP to internet
iptables -I FORWARD 3 -i br1 -p tcp -m multiport --dports 80,443,21 -j ACCEPT
iptables -I FORWARD 4 -i br1 -m state --state ESTABLISHED,RELATED -j ACCEPT

#Drop everything else on br1
iptables -I FORWARD 5 -i br1 -j DROP
Old 11-10-2012, 11:47 PM   #2
Registered: Aug 2012
Distribution: Debian, CentOS
Posts: 74

Rep: Reputation: Disabled

Add a rule in the FORWARD chain specifying the destination. IPtables will resolve the domain name automatically. Or if you know the IP you could enter it instead of the domain name.

iptables -I FORWARD 3 -i br1 -p tcp -d --dport 8080 -j ACCEPT
1 members found this post helpful.
Old 11-11-2012, 12:44 AM   #3
Registered: Jul 2003
Location: Hamilton, OH
Distribution: Redhat 9, SuSE 10.1 & 10.2, Kubuntu
Posts: 173

Original Poster
Rep: Reputation: 30
thanks a million!

I knew I had to tell it something but I didn't know if I could tie it to the same forward chain or if it had to be a seperate one.

Thanks again!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomcat6 stops listening on port 80 when i change from port 8080 to port 80 trongthect Linux - Server 1 07-27-2012 05:41 PM
CentOS 5: iptables - cannot open port 80 and nat to port 8080 for Tomcat steve willett Linux - Networking 4 09-24-2010 04:03 AM
access 8080 web server port through squid running on 8080 sunethj Linux - Networking 11 05-18-2007 02:38 AM
debian iptables squid - redirect port 80 to port 8080 on another machine nickleus Linux - Networking 1 08-17-2006 12:59 AM
Port 80-->8080?? flamesrock Linux - Software 4 08-01-2004 01:40 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:11 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration