port blocking

port blocking

[Imran Alvi]

[-- Attachment #1: Type: text/plain, Size: 307 bytes --]

Hi,
I want some help on iptables, i have one ick with one priamry and one secondry ip and i want secondry interface to hear all requests except www (80) requests, Note: 
i have primary interface running for transparent proxy.
Plz help me in this regard it will be very gr8ful of u.

Regards
Imran Alvi

[-- Attachment #2: Type: text/html, Size: 886 bytes --]

port blocking

[Manish]

Hi,
 
I am having 5 network inteface card on my server,  2 connected to ethernet and 3 connected to wireless. i am also running webserver on port 10000 in the same machine. I only wanted the users from eth1 to be able to connect to my web server. users from other interface i.e eth0, eth2.eth3 and eth4 will not be able to connect to my web server. What iptables rule should i use.
 
Thanks.

		
---------------------------------
Do you Yahoo!?
 Yahoo! Mail - 250MB free storage. Do more. Manage less.

RE: port blocking

[Klemen Kecman]

-----Original Message-----
From: netfilter-bounces@lists.netfilter.org
[mailto:netfilter-bounces@lists.netfilter.org] On Behalf Of Manish
Sent: 25. marec 2005 13:00
To: netfilter@lists.netfilter.org
Subject: port blocking

Hi,
 
I am having 5 network inteface card on my server,  2 connected to ethernet
and 3 connected to wireless. i am also running webserver on port 10000 in
the same machine. I only wanted the users from eth1 to be able to connect to
my web server. users from other interface i.e eth0, eth2.eth3 and eth4 will
not be able to connect to my web server. What iptables rule should i use.
 
Thanks.

		
---------------------------------
Do you Yahoo!?
 Yahoo! Mail - 250MB free storage. Do more. Manage less.


iptables -A INPUT -i eth0 -p tcp --dport 10000 -j DROP
iptables -A INPUT -i eth2 -p tcp --dport 10000 -j DROP
iptables -A INPUT -i eth3 -p tcp --dport 10000 -j DROP
iptables -A INPUT -i eth4 -p tcp --dport 10000 -j DROP


and so on ..

But its better if you go other way around, set policy to drop, and then
specify what to allow in.

Greets, Klemen

Re: port blocking

[Petrisor Bobalca]

Hello,

usually you can bind the webserver on a specific IP address (for apache
use BindAddress in httpd.conf). if not, use this iptables rule before
accepting packets on eth0, eth2, eth3, eth4:

iptables -A INPUT -p tcp -i ! eth1 --dport 10000 -j DROP

On Friday, March 25, 2005, 2:00:12 PM, Manish wrote:

> Hi,
 
> I am having 5 network inteface card on my server,  2 connected to
> ethernet and 3 connected to wireless. i am also running webserver on
> port 10000 in the same machine. I only wanted the users from eth1 to
> be able to connect to my web server. users from other interface i.e
> eth0, eth2.eth3 and eth4 will not be able to connect to my web
> server. What iptables rule should i use.
 
> Thanks.

		
> ---------------------------------
> Do you Yahoo!?
>  Yahoo! Mail - 250MB free storage. Do more. Manage less.



-- 
Best regards,
 Petrisor                            mailto:petry.b@gmail.com

Re: port blocking

[Jason Opperisano]

On Fri, 2005-03-25 at 07:00, Manish wrote:
> Hi,
>  
> I am having 5 network inteface card on my server,  2 connected to ethernet and 3 connected to wireless. i am also running webserver on port 10000 in the same machine. I only wanted the users from eth1 to be able to connect to my web server. users from other interface i.e eth0, eth2.eth3 and eth4 will not be able to connect to my web server. What iptables rule should i use.

run a default drop policy, and then allow what you want:

  iptables -P INPUT DROP
  iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  iptables -A INPUT -i eth1 -p tcp --syn --dport 10000 -j ACCEPT

-j
 
--
"Man, you go through life, you try to be nice to people, you struggle
 to resist the urge to punch 'em in the face, and for what?"
	--The Simpsons