Re: Help an IPTABLES neophyte please | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
Waldher, Travis R wrote:
I’ve got a machine acting as a portal between a public network and a private network. Right now, all you can do is ssh in to the box from the public side, and then do as you please on the private side. You cannot ssh or form any other connection that wasn’t initiated by a client on the public side of the machine. Think of it as a roach motel.Well, I need to be able to pull information from an LDAP server that is on the public network.How do I setup my firewall so that it will first allow outbound traffic on port 389 (any others?) and second forward any requests it receives from other machines on the private network on.
Hey, Travis! Long time, no speak! If this were a normal machine (one not acting as a router), the way you worded the above sounds like the only incoming connections allowed are for ssh (TCP port 22), so you probably have a rule such as: -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT in your ruleset. Assuming that the OUTPUT chain has a default policy of "ACCEPT", you should also have rules such as: -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT before the final "-j REJECT" (or "-j DROP") in the input chain. That should allow ANY TCP traffic as long as it was INITIATED from the local machine. If the machine is a router, then we'd probably have to get into specifying the different NICs in the rules (by use of the "-i" parameter). Could you post your current ruleset so we can get a grip on what you have set up? It may be a really simple fix or a simpler ruleset may work. ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer rps2@xxxxxxxx - - Hosting Consulting, Inc. - - - - NEWS FLASH! Intelligence of mankind decreasing! Details at... - - uh, when, uh, the little hand is, uh, on the... Aw, NUTS! - ---------------------------------------------------------------------- _______________________________________________ Redhat-install-list mailing list Redhat-install-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/redhat-install-list To Unsubscribe Go To ABOVE URL or send a message to: redhat-install-list-request@xxxxxxxxxx Subject: unsubscribe
[Home] [Red Hat Kickstart] [Fedora Users] [Red Hat General] [Red Hat Watch List] [Red Hat Development] [Samba List] [Kernel List] [Kernel Newbies] [Hot Springs] [Yosemite News]