From: Mohamed Nassih <nassihmohamed@caramail.com>
To: netfilter@lists.netfilter.org
Subject: iptables and permits ports
Date: Wed, 11 Sep 2002 21:23:46 GMT+1 [thread overview]
Message-ID: <1031772226005316@caramail.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 2571 bytes --]
Hi,
my firewall file is like below, It is work without any
problem, today I test to connect to a oracle server via the
internet from inside to the port 1521(in outside oracle
server), and it is work.
Normaly as you can see from the roles I drop all paquets
that do not have as a distination-port www,ftp..the
firewall must drop all paquets with the port-destination
1521!!
Can I have please explanation of this..
The firewall file :
/sbin/modprobe iptables iptable_nat
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_nat_irc
/sbin/modprobe iptable_filter
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $filtre
done
fi
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
iptables -F
iptables -X
iptables -t nat -A POSTROUTING -o eth0 -s 10.154.17.0/24 -j
MASQUERADE
iptables -A INPUT -i eth0 -s 199.243.181.226 -j DROP
iptables -A INPUT -i eth1 -s ! 10.154.17.0/24 -j DROP
iptables -A INPUT -i eth0 -p tcp ! --syn -m state --state
NEW -j DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j
ACCEPT
iptables -A INPUT -i eth1 -p tcp --destination-port www -j
ACCEPT
iptables -A INPUT -i eth1 -p tcp --destination-port ftp -j
ACCEPT
iptables -A INPUT -i eth1 -p tcp --destination-port ftp-
data -j ACCEPT
iptables -A INPUT -i eth1 -p tcp --destination-port smtp -j
ACCEPT
iptables -A INPUT -i eth1 -p tcp --destination-port 110 -j
ACCEPT
iptables -A INPUT -i eth1 -d 198.235.216.131 -p udp --
destination-port domain -j ACCEPT
iptables -A INPUT -i eth1 -d 198.235.216.131 -p tcp --
destination-port domain -j ACCEPT
iptables -A INPUT -i eth1 -d 198.235.216.130 -p udp --
destination-port domain -j ACCEPT
iptables -A INPUT -i eth1 -d 198.235.216.130 -p tcp --
destination-port domain -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port www -j
ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port ftp -j
ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port ftp-
data -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --destination-port smtp -j
ACCEPT
#iptables -A INPUT -i eth0 -p tcp --destination-port 110 -j
ACCEPT
iptables -A INPUT -p tcp --dport 113 -j REJECT --reject-
with tcp-reset
iptables -A INPUT -j DROP
Thanks in advance.
______________________________________________________
Boîte aux lettres - Caramail - http://www.caramail.com
next reply other threads:[~2002-09-11 20:23 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-11 20:23 Mohamed Nassih [this message]
2002-09-12 7:02 ` iptables and permits ports Anders Fugmann
2002-09-12 8:34 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1031772226005316@caramail.com \
--to=nassihmohamed@caramail.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.