LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page iptables for eth0 and eth1
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-18-2021, 09:52 AM   #1
dolphs
Member
 
Registered: Nov 2003
Posts: 52

Rep: Reputation: 15
iptables for eth0 and eth1

Hi,

setting up my hardware which has two ports (eth0 and eth1)
eth0 is for inbound traffic, eth1 for outbound.

Yet I do reach Internet ( thru eth1 ) but do not reach local IPs ( 192.168.x.y )
what am I missing here, I want to use at least dns and ping thru eth1 to local addresses but preferably all outgoing ( also internet ) traffic is allowed.


# Delete all existing iptables rules
iptables -F

# Set default chain policies to DROP all
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP

# Allow all outbound traffic eth1 - including internet
iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth1 -j ACCEPT

# Allow incoming SSH traffic solely on eth0
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT




Adding these does not seem to work :
iptables -A INPUT -i eth1 -p udp --sport 53 -j ACCEPT
iptables -A INPUT -i eth1 -p icmp --icmp-type echo-reply -j ACCEPT

Is it needed to add
iptables -A OUTPUT -o eth1 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A OUTPUT -o eth1 -p udp --dport 53 -j ACCEPT


If I leave out eth1 switches it works but all outgoing traffic should go thru eth1 only.

Anyone, please?
TiA!
 
Old 03-18-2021, 11:25 AM   #2
Emerson
LQ Sage
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~amd64
Posts: 7,661

Rep: Reputation: Disabled
What means incoming and outgoing for you? All TCP traffic is bidirectional, you cannot close one direction.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
is this legal: can still ping eth1 through eth0, even if eth1 cable is unplugged 5883 Linux - Networking 2 12-05-2012 03:55 AM
howto acess intrnet thru eth1(wireless card)in winXP via briging in linux(eth0-eth1) labhesh_popli Linux - Wireless Networking 1 09-21-2006 01:11 AM
Wireless network on eth1 diabled Ethernet eth0 and eth0 never comes back tadatoshi Linux - Wireless Networking 4 09-23-2004 05:57 PM
eth1 added, mysql connections FROM this machine are from eth1. Need bound to eth0??? kreese Linux - Networking 9 03-31-2004 12:12 PM
Kernel 2.4.22 finds eth0 and eth1 but 2.6.0 does not find eth1 coollink Linux - Networking 3 01-13-2004 07:32 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:59 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration