problem with IPtables?
i thought i had my iptables script setup correctly. after installing my ventrilo server before opening the ports on it for my firewall i was able to connect to it through the ventrilo client software. so maybe something is wrong?
[root@vps local]# iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
174 13112 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dpor ts 21,22,25,80,110,3784,10000,14534,51234
37 1776 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dpor ts 3785,8767
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 162 packets, 13044 bytes)
pkts bytes target prot opt in out source destination
i just put in the ventrilo ports needed for the server so they show up in there now but for some reason it let in a packet through a port which i dindt specify to ACCEPT
this is the script im using
#!/bin/bash
IPT="/sbin/iptables"
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP
$IPT -t nat -P PREROUTING ACCEPT
$IPT -t nat -P POSTROUTING ACCEPT
$IPT -t nat -P OUTPUT ACCEPT
$IPT -t mangle -P PREROUTING ACCEPT
$IPT -t mangle -P OUTPUT ACCEPT
$IPT -F
$IPT -F -t nat
$IPT -F -t mangle
$IPT -X
$IPT -X -t nat
$IPT -X -t mangle
# $IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -m state --state NEW
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A INPUT -p tcp -m multiport --dports \ 21,22,25,80,110,3784,10000,14534,51234 -j ACCEPT
$IPT -A INPUT -p udp -m multiport --dports \ 3785,8767 -j ACCEPT
i have the states taken out right now becasue im still trying to resolve a kernel problem with my VPS with my host
Last edited by MrSako; 08-05-2006 at 05:49 PM.
|