Results 1 to 9 of 9

Thread: iptables issue

  1. April 12th, 2014 #1
    matias6
    matias6 is offline First Cup of Ubuntu
    Join Date
    Mar 2014
    Beans
    7

    iptables issue

    Hi everyone, i got a ubuntu server distro and iptables.
    i have eth0 and eth1
    eth0:172.16.221.122
    eth1: 192.168.222.254

    laptop1= 172.16.221.120
    laptop2= 192.168.222.249

    I have configured the iptables in this way =

    iptables -P INPUT DROP
    iptables -P FORWARD DROP
    iptables -P OUTPUT DROP

    and a rule like this:

    iptables -A FORWARD -s 192.168.222.249 -p tcp --dport 3389 -j ACCEPT

    the 3389 is for RDP cnn, but does not work.

    whem I go to connect from laptop2(222.249) to laptop1(221.120)my question is why iptables drop me if I already created a rule/exception for the 249 ip ?

    thanks
    Advanced reply Adv Reply  
  2. April 12th, 2014 #2
    SeijiSensei's Avatar
    SeijiSensei
    SeijiSensei is offline Ubuntu addict and loving it
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: iptables issue

    You need to enable packet forwarding in /etc/sysctl.conf. Uncomment the net.ipv4.ip_forward=1 line.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
    Advanced reply Adv Reply  
  3. April 12th, 2014 #3
    matias6
    matias6 is offline First Cup of Ubuntu
    Join Date
    Mar 2014
    Beans
    7

    Re: iptables issue

    Hi SeijiSensei that line was uncomment before I asked the question and doesn't work...
    Advanced reply Adv Reply  
  4. April 12th, 2014 #4
    SeijiSensei's Avatar
    SeijiSensei
    SeijiSensei is offline Ubuntu addict and loving it
    Join Date
    Nov 2008
    Location
    Boston MetroWest
    Beans
    16,326

    Re: iptables issue

    Let's see the results of running "route -n" on both machines. Wrap the output in [code][/code] tags to make it legible.

    Also flush all the iptables rules and make sure you can connect without them.
    Code:
    /sbin/iptables -F INPUT
/sbin/iptables -F FORWARD
/sbin/iptables -F OUTPUT
    Last edited by SeijiSensei; April 12th, 2014 at 08:44 PM.
    If you ask for help, do not abandon your request. Please have the courtesy to check for responses and thank the people who helped you.

    Blog · Linode System Administration Guides · Android Apps for Ubuntu Users
    Advanced reply Adv Reply  
  5. April 12th, 2014 #5
    matias6
    matias6 is offline First Cup of Ubuntu
    Join Date
    Mar 2014
    Beans
    7

    Re: iptables issue

    Ago
    SeijiSensei:

    with or without FLUSH the rules:

    Code:
    iptables -P FORWARD DROP
    not work.

    Code:
    iptables -P FORWARD ACCEPT
    then it works.

    but that I knew that. My problem is: open (ip/port) with a FORWARD rule when the FORWARD POLICY is set to DROP...

    (PS: the laptops have Windows 7 with windows firewall off).
    Advanced reply Adv Reply  
  6. April 13th, 2014 #6
    HermanAB's Avatar
    HermanAB
    HermanAB is offline make bzImage, not war
    Join Date
    Oct 2005
    Location
    Lab, Slovakia
    Beans
    10,791

    Re: iptables issue

    Well, there is nothing left to FORWARD after you dropped everything at the INPUT.

    First get the thing to work with all the rules flushed, then read the iptables man page about ten times (I'm serious!), then try to set a few rules.
    Cheers,

    Herman
    http://www.aeronetworks.ca
    Advanced reply Adv Reply  
  7. April 13th, 2014 #7
    The Cog's Avatar
    The Cog
    The Cog is offline Woof
    Join Date
    Nov 2007
    Location
    London, England
    Beans
    7,701

    Re: iptables issue

    You probably also need a rule to allow the replies from laptop2 to go back to laptop1. TCP requires two-way traffic.
    The easiest way to do this is probably:
    Code:
    iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    The above rule will automatically allow traffic on connections that have previously been allowed by other rules (e.g. the laptop1-laptop2 connection request).
    Last edited by The Cog; April 13th, 2014 at 11:05 AM.
    Advanced reply Adv Reply  
  8. April 13th, 2014 #8
    matias6
    matias6 is offline First Cup of Ubuntu
    Join Date
    Mar 2014
    Beans
    7

    Re: iptables issue

    my friend already set INPUT DROP and OUTPUT-FORWARD ACCEPT and the RCP cnn is working OKEY, so... you too read the man page!
    Advanced reply Adv Reply  
  9. April 13th, 2014 #9
    matias6
    matias6 is offline First Cup of Ubuntu
    Join Date
    Mar 2014
    Beans
    7

    Re: iptables issue

    THE COG! yes, it work! with the default policy in DROP.. thanks
    Advanced reply Adv Reply  
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Ubuntu Forums Code of Conduct