LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 11-09-2012, 02:38 PM   #1
netboy_541
Member
 
Registered: Jul 2003
Location: Hamilton, OH
Distribution: Redhat 9, SuSE 10.1 & 10.2, Kubuntu
Posts: 171

Rep: Reputation: 30
Allow 1 site running on https - port 8080


Greetings --

I have two APs set up, one for me, one for my tenants. The AP for my tenants is locked down pretty tight using iptables and OpenDNS filters.
I use DD-WRT and have everything working great. Today, one of my tenants came to me requesting access to a site for her school.

It's a https site running at port 8080.
I don't want to set a blanket rule to allow port 8080 across the board, I would just like to allow only this site to be accessed.

Here is my current iptables - I just don't know enough about it to accomplish what I'm trying to do, so any help would be great.


here is what is currently in production:
BR0 is me. BR1 is the tenants....

--



### FIREWALL COMMANDS FOR PUBLIC/PRIVATE SSIDS

#Allow br1 to access DHCP on the router
iptables -I INPUT -i br1 -p udp --dport 67 -j ACCEPT

#Allow br1 to access DNS on the router
iptables -I INPUT -i br1 -p udp --dport 53 -j ACCEPT
iptables -I INPUT -i br1 -p tcp --dport 53 -j ACCEPT

#Drop everything else on br1
iptables -I INPUT 4 -i br1 -j DROP

#Restrict br1 from accessing br0
iptables -I FORWARD 1 -i br1 -o br0 -j DROP

#Restrict br0 from accessing br1
iptables -I FORWARD 2 -i br0 -o br1 -j DROP

#Allow br1 to access http/https & FTP to internet
iptables -I FORWARD 3 -i br1 -p tcp -m multiport --dports 80,443,21 -j ACCEPT
iptables -I FORWARD 4 -i br1 -m state --state ESTABLISHED,RELATED -j ACCEPT

#Drop everything else on br1
iptables -I FORWARD 5 -i br1 -j DROP
 
Old 11-10-2012, 11:47 PM   #2
hamlindsza
Member
 
Registered: Aug 2012
Distribution: Debian, CentOS
Posts: 74

Rep: Reputation: Disabled
Hi,

Add a rule in the FORWARD chain specifying the destination. IPtables will resolve the domain name automatically. Or if you know the IP you could enter it instead of the domain name.

iptables -I FORWARD 3 -i br1 -p tcp -d example.com --dport 8080 -j ACCEPT
 
1 members found this post helpful.
Old 11-11-2012, 12:44 AM   #3
netboy_541
Member
 
Registered: Jul 2003
Location: Hamilton, OH
Distribution: Redhat 9, SuSE 10.1 & 10.2, Kubuntu
Posts: 171

Original Poster
Rep: Reputation: 30
thanks a million!

I knew I had to tell it something but I didn't know if I could tie it to the same forward chain or if it had to be a seperate one.

Thanks again!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomcat6 stops listening on port 80 when i change from port 8080 to port 80 trongthect Linux - Server 1 07-27-2012 05:41 PM
CentOS 5: iptables - cannot open port 80 and nat to port 8080 for Tomcat steve willett Linux - Networking 4 09-24-2010 04:03 AM
access 8080 web server port through squid running on 8080 sunethj Linux - Networking 11 05-18-2007 02:38 AM
debian iptables squid - redirect port 80 to port 8080 on another machine nickleus Linux - Networking 1 08-17-2006 12:59 AM
Port 80-->8080?? flamesrock Linux - Software 4 08-01-2004 01:40 AM


All times are GMT -5. The time now is 04:36 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration