Originally Posted by
tommytomato
what do you do if you want to add in server stuff like ssh, stmp, pop3, www, ftp
only want to be able to access server via local network for ssh and stmp pop3 only, I dont want others to be able to access it via the net, only web ( www )
if that makes any sence.
this is how far i got
Some of the ports you chose to open don't corresponf to the comment you put, for instance the port for pop3 is 110.
Code:
#Allow Web Taffic
iptables -A INPUT -i eth0 -p tcp -m tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
these lines are useless, you don't filter output in your script and the first firewall rule allows already the needed trffic on port 80 (iptables -A FIREWALL -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT)
Code:
#Allow www
iptables -A TRUSTED -i eth0 -p udp -m udp --sport 80 -j ACCEPT
iptables -A TRUSTED -i eth0 -p tcp -m tcp --sport 80 -j ACCEPT
also useless for the same reasons.
Code:
# Allow FTP
iptables -A TRUSTED -i eth0 -p udp -m udp --sport 21 -j ACCEPT
iptables -A TRUSTED -i eth0 -p tcp -m tcp --sport 21 -j ACCEPT
#Allow smtp
iptables -A TRUSTED -i eth0 -p udp -m udp --sport 110 -j ACCEPT
iptables -A TRUSTED -i eth0 -p tcp -m tcp --sport 110 -j ACCEPT
#Allow pop3
iptables -A TRUSTED -i eth0 -p udp -m udp --sport 25 -j ACCEPT
iptables -A TRUSTED -i eth0 -p tcp -m tcp --sport 25 -j ACCEPT
Useless as well the first firewall rule allows already all that.
To be sure just open your /etc/services file, all the port are listed with the name of the corresponding services so just look at this file to catch the good port with the good protocol.
Here you just seems to need to open your ssh port for what you want to do.
Now for your local network matter i don't know because you didn't give enought details, do you have 2 network cards one on internet and the other on the local network or is it something else. ?
Bookmarks