Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: IPtables settings

  1. #1
    Join Date
    Apr 2013
    Beans
    46

    IPtables settings

    Hello guys, Im trying to setup a few simple rules

    Code:
    root@washington:~# iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    root@washington:~# iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    root@washington:~# iptables -P INPUT DROP
    root@washington:~# iptables -P OUTPUT DROP
    root@washington:~# iptables -P FORWARD DROP
    root@washington:~# iptables -A INPUT -i lo -j ACCEPT
    root@washington:~# iptables -A OUTPUT -o lo -j ACCEPT
    root@washington:~# iptables -A INPUT -p tcp --dport 22 -j ACCEPT
    root@washington:~# iptables -A OUTPUT -o eth0 -p tcp --dport 80 -j ACCEPT
    root@washington:~# iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
    root@washington:~# iptables -A OUTPUT -o eth0 -p tcp --dport 3306 -j ACCEPT
    root@washington:~# wget google.com
    --2013-05-25 12:59:52--  http://google.com/
    Resolving google.com (google.com)... 173.194.43.8, 173.194.43.14, 173.194.43.6, ...
    Connecting to google.com (google.com)|173.194.43.8|:80... failed: Connection timed out.
    Connecting to google.com (google.com)|173.194.43.14|:80... failed: Connection timed out.
    And its giving me this error in all output connections, someone understand why? In another ubuntu 12.04 vps its working well, but recently i've bought a softlayer vps and its buggyng.

  2. #2
    Join Date
    Mar 2007
    Location
    Denver, CO
    Beans
    7,554
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: IPtables settings

    First I don't like the way you entered your firewall commands. Put them in a script file and do it that way so its easy to change things and reload the rules.

    Next iptables works like a dumb script, one it matches a ruleset and an action occurs such as drop or accept, the rule set is finished. I think based on your post that your output chain is working because google.com gets resolved. I'd probably make your output chain accept for default ruleset for now.

    Something is telling me you need to flush your iptable ruleset and start over sudo iptables -F

  3. #3
    Join Date
    Apr 2013
    Beans
    46

    Re: IPtables settings

    Quote Originally Posted by kevdog View Post
    First I don't like the way you entered your firewall commands. Put them in a script file and do it that way so its easy to change things and reload the rules.

    Next iptables works like a dumb script, one it matches a ruleset and an action occurs such as drop or accept, the rule set is finished. I think based on your post that your output chain is working because google.com gets resolved. I'd probably make your output chain accept for default ruleset for now.

    Something is telling me you need to flush your iptable ruleset and start over sudo iptables -F
    Well, ive ran it on a new server, without any config, dont know whats wrong, I cant connect to mysql port aswell!

  4. #4
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: IPtables settings

    You aren't allowing port 80 out...

    I don't deal with the output side of my firewall at all. I only care about the input.

    This post also has good advice.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #5
    Join Date
    Apr 2013
    Beans
    46

    Re: IPtables settings

    Quote Originally Posted by CharlesA View Post
    You aren't allowing port 80 out...

    I don't deal with the output side of my firewall at all. I only care about the input.

    This post also has good advice.
    Ofc I'm

    Code:
    root@washington:~# iptables -A OUTPUT -o eth0 -p tcp --dport 80 -j ACCEPT
    root@washington:~# iptables -A OUTPUT -o eth0 -p udp --dport 53 -j ACCEPT
    root@washington:~# iptables -A OUTPUT -o eth0 -p tcp --dport 3306 -j ACCEPT

  6. #6
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: IPtables settings

    Derp. Change the output policy to accept and see if you still get the time out message.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  7. #7
    Join Date
    Apr 2013
    Beans
    46

    Re: IPtables settings

    Quote Originally Posted by CharlesA View Post
    Derp. Change the output policy to accept and see if you still get the time out message.
    What do you mean? I can understand what you are trying to say

  8. #8
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: IPtables settings

    Run this:

    Code:
    sudo iptables -P OUTPUT ACCEPT
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  9. #9
    Join Date
    Apr 2013
    Beans
    46

    Re: IPtables settings

    Quote Originally Posted by CharlesA View Post
    Run this:

    Code:
    sudo iptables -P OUTPUT ACCEPT
    But I need to filter all the output rules, I cant allow them all!

  10. #10
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: IPtables settings

    Quote Originally Posted by pedrommone View Post
    But I need to filter all the output rules, I cant allow them all!
    You need to do it if you want to troubleshoot why it isn't working.
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •