iptables
Hi
how can i configure in my iptables? For Following I want to allow for any access 10.10.10.10 to 22.22.22.22. I want other 10.* can get access all except 22.22.22.22 I want 10.10.10.10 can all access how can I do? Please Help me |
Quote:
Code:
iptables -I INPUT -i eth0 -m iprange ! --src-range 10.10.10.10-22.22.22.21 -j DROP |
The 10/8 network is private. the others in the range aren't so what you want to do doesn't make sense from a security standpoint.
|
Hi sirs
I have 2 uplinks. I got load balancing but not OK for fail over. I found 1 script for fail over with ping command.Very good But My ISP was denied ping for Dos virus attack. So I need to replace ping with other command. I found host command but the host command has not -I interface option as ping. I thought if I use iptables for example: eth1=10.10.10.10(up link) eth2=11.11.11.11(up link) eth0=192.168.1.1 >host 22.22.22.22 when I type I want listen this query eth1 to 22.22.22.22 not want listen from eth2 >host 33.33.33.33 when I type I want listen this query eth2 to 33.33.33.33 not want listen from eth1 Is it can OK? |
Quote:
Code:
iptables -I INPUT -i eth1 -s 33.33.33.33 -j DROP |
Hi sir
Thanks for your help :) Next time If I have problem please again help me sir |
Hi sirs
I am OK for your IPtables. I used tcping :) My script is auto delete gateway address when link down. I used auto delete for fail over. tcping can`t use when deleted gateway. How can I use this tcping without gateway? Please advice me sirs Please |
Quote:
Please open a thread for this new issue in the Networking forum. Thanks. |
Hi sir
I posted New but Please check again my iptables file /etc/sysconfig/iptables # Generated by iptables-save v1.3.7 on Thu Jan 1 06:35:21 2009 *filter :INPUT ACCEPT [60:4288] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [36:13344] -A INPUT -s 203.81.71.113 -d 10.241.177.51 -j ACCEPT -A INPUT -s 203.81.71.119 -d 10.241.184.99 -j ACCEPT -A INPUT -s 203.81.71.119 -d 10.241.177.51 -j DROP -A INPUT -s 203.81.71.113 -d 10.241.184.99 -j DROP -A INPUT -s 203.81.71.113 -i eth3 -j DROP -A INPUT -s 203.81.71.119 -i eth3 -j DROP COMMIT # Completed on Thu Jan 1 06:35:21 2009 eth1=10.241.177.51 eth2=10.241.184.99 eth3=eth3 Now I tested with tcping Result 1 ============== [root@server ~]#tcping 203.81.71.113 80 -t 2 203.81.71.113 port 80 user timeout. [root@server ~]#tcping 203.81.71.119 80 -t 2 203.81.71.119 port 80 user timeout. I got following result when I stopped iptables ============================================== Result 2 ============= [root@server ~]#tcping 203.81.71.113 80 -t 2 203.81.71.113 port 80 open. [root@server ~]#tcping 203.81.71.119 80 -t 2 203.81.71.119 port 80 open. sometime I got if "119 port open ","113 port 80 user timeout" when running Iptables. I should get as Result 1 when running Iptables. Please check for me sir what wrong in My iptables? |
When executing that tcping command, 203.81.71.113 will be the destination address on the packet. Your iptables rules are looking for 203.81.71.113 as the source address on the packet.
|
HI
OK I will be change 203.81.71.113 to -d If Not OK I will be come back Thanks for supporting |
hi I am OK with My Old Rules for other 2 NIC card PC.But not ok with my 3 NIC PC.
I can use tcping. how do you think? Thanks Please |
Quote:
|
You said that you wanted to open up 10/8 to 22/8. That is a large range of addresses you want to trust, most of which are public internet addresses.
Quote:
telnet hostname 22 If the ssh daemon is running and port 22 is open, you will get a prompt from the server. You don't get farther than that, but this even allows you to learn the version of ssh used, from the reply message. This can be even more useful than the ping command. |
All times are GMT -5. The time now is 12:51 AM. |