[SOLVED] iptables blocking certain ports. How do I allow for access?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I think this will work. Change what is necessary for the others.
Quote:
-A INPUT -s 192.168.1.0/24 -m state -–state NEW -p udp –dport 137 -j ACCEPT
-A OUTPUT -d 192.168.178.0/24 -p udp --sport 137 -m state --state ESTABLISHED -j ACCEPT
# ALL UDP
iptables -N RULE_21
iptables -A OUTPUT -p udp -m udp -j RULE_21
iptables -A INPUT -p udp -m udp -j RULE_21
iptables -A RULE_21 -j LOG --log-level info --log-prefix "RULE 21 -- DENY "
iptables -A RULE_21 -j DROP
# ALL TCP
iptables -N RULE_22
iptables -A OUTPUT -p tcp -m tcp -j RULE_22
iptables -A INPUT -p tcp -m tcp -j RULE_22
iptables -A RULE_22 -j LOG --log-level info --log-prefix "RULE 22 -- DENY "
iptables -A RULE_22 -j DROP
It looks like your dropping all other UDP/TCP traffic including SMB/CIFS
This has really helped me. Thank you very much..... Now when I change DROP to ACCEPT, am I opening a can of worms? I can see the computers on the LAN and connect when I change it to ACCEPT.
You have specific rules to log and drop UDP/TCP traffic but your basic policies are drop which means you need an input and output rule for any traffic. Changing drop to accept is basically allowing any traffic not denied by an existing rule in and out.
You have specific rules to log and drop UDP/TCP traffic but your basic policies are drop which means you need an input and output rule for any traffic. Changing drop to accept is basically allowing any traffic not denied by an existing rule in and out.
I somewhat understand this, but how do I fix it? I need an example...
-A INPUT -m state -–state NEW -p udp –dport 137 -j ACCEPT
-A OUTPUT -p udp --sport 137 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state -–state NEW -p udp –dport 138 -j ACCEPT
-A OUTPUT -p udp --sport 138 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state -–state NEW -p tcp –dport 139 -j ACCEPT
-A OUTPUT -p tcp --sport 139 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state -–state NEW -p tcp –dport 445 -j ACCEPT
-A OUTPUT -p tcp --sport 445 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state -–state NEW -p udp –dport 137 -j ACCEPT
-A OUTPUT -p udp --sport 137 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state -–state NEW -p udp –dport 138 -j ACCEPT
-A OUTPUT -p udp --sport 138 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state -–state NEW -p tcp –dport 139 -j ACCEPT
-A OUTPUT -p tcp --sport 139 -m state --state ESTABLISHED -j ACCEPT
-A INPUT -m state -–state NEW -p tcp –dport 445 -j ACCEPT
-A OUTPUT -p tcp --sport 445 -m state --state ESTABLISHED -j ACCEPT
I think my failure is I'm putting the rules in the wrong spot. Adding the samba rules before rule 21 and 22 still blocks the Lan.
What rule would I use to pass my hardware router through iptables? I believe this is the culprit of all my issues. I could be wrong, but I don't know enough about iptables. So hopefully passing my router through iptables will help.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.