LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-29-2006, 11:03 AM   #1
rookiepaul
Member
 
Registered: Jul 2005
Posts: 73

Rep: Reputation: 15
Simple iptables script problem.


I'm attempting to create an iptables script for a workstation. At the end I intend to be able to allow more services, but at the moment I'm trying to make it so that the workstation can just surf the net. I have the following script:

#!/bin/bash

#Initial Flush
/sbin/iptables -F

#Default Rule. Drop all incoming packets, allow all outgoing.
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT DROP

#Loopback Rule. Allow all traffic for loopback testing purposes.
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A OUTPUT -o lo -j ACCEPT

#Test.
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 80 -j ACCEPT
/sbin/iptables -A OUTPUT -o eth0 -p TCP --sport 80 -j ACCEPT

#Allow Services Rule.
/sbin/iptables -A OUTPUT -o eth0 -p TCP --sport 32768:61001 --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 32768:61011 -j ACCEPT

Now, when this script is run, I can access the Internet but only through IP addresses, no domain names. Do I have to open UDP stuff for DNS to be able to work? And, is there a simpler way of implementing this service without using the port range referrences?

Many thanks

Rookie.
 
Old 04-29-2006, 12:38 PM   #2
JJX
Member
 
Registered: Mar 2004
Location: Greece
Distribution: Debian
Posts: 351

Rep: Reputation: 31
Open port udp/53 for dns requests
 
Old 04-29-2006, 02:10 PM   #3
rookiepaul
Member
 
Registered: Jul 2005
Posts: 73

Original Poster
Rep: Reputation: 15
I did:

iptables -A INPUT -p UDP -i eth0 --dport 53 -j ACCEPT
iptables -A OUTPUT -p UDP -o eth0 --sport 53 -j ACCEPT

and no joy. Anything I have missed?
 
Old 04-30-2006, 10:03 PM   #4
philix
Member
 
Registered: Sep 2005
Location: India
Distribution: Redhat Debian
Posts: 36

Rep: Reputation: 15
Hi
Did you check with DNS entries in the /etc/resolv.conf file ?

Regards
Philix
Jesus Loves You too
 
Old 05-01-2006, 04:25 AM   #5
JJX
Member
 
Registered: Mar 2004
Location: Greece
Distribution: Debian
Posts: 351

Rep: Reputation: 31
open also 53/tcp
Clean the output chain and add rules one by one until u see where is the problem
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables (with masq) troubleshooting, very simple script attached script and logs. xinu Linux - Networking 13 11-01-2007 05:19 AM
Problem with iptables, and a simple question about a NTFS part. Jorek Linux - Newbie 2 12-30-2005 03:05 PM
Problem with simple script petenyce Linux - Newbie 1 10-13-2005 10:00 AM
Simple IPTABLES problem zahoo Linux - Networking 2 03-09-2005 10:43 PM
iptables problem in a very simple script max_sipos Linux - Security 2 08-10-2004 07:58 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration