Google
  Web www.spinics.net

Re: Help an IPTABLES neophyte please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Waldher, Travis R wrote:
I’ve got a machine acting as a portal between a public network and a private network. Right now, all you can do is ssh in to the box from the public side, and then do as you please on the private side. You cannot ssh or form any other connection that wasn’t initiated by a client on the public side of the machine. Think of it as a roach motel.

Well, I need to be able to pull information from an LDAP server that is on the public network.

How do I setup my firewall so that it will first allow outbound traffic on port 389 (any others?) and second forward any requests it receives from other machines on the private network on.

Hey, Travis!  Long time, no speak!

If this were a normal machine (one not acting as a router), the way you
worded the above sounds like the only incoming connections allowed are
for ssh (TCP port 22), so you probably have a rule such as:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

in your ruleset.  Assuming that the OUTPUT chain has a default policy
of "ACCEPT", you should also have rules such as:

-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

before the final "-j REJECT" (or "-j DROP") in the input chain.  That
should allow ANY TCP traffic as long as it was INITIATED from the
local machine.

If the machine is a router, then we'd probably have to get into
specifying the different NICs in the rules (by use of the "-i"
parameter).

Could you post your current ruleset so we can get a grip on what you
have set up?  It may be a really simple fix or a simpler ruleset may work.

----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                       rps2@xxxxxxxx -
- Hosting Consulting, Inc.                                           -
-                                                                    -
-   NEWS FLASH! Intelligence of mankind decreasing!  Details at...   -
-     uh, when, uh, the little hand is, uh, on the...  Aw, NUTS!     -
----------------------------------------------------------------------

_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@xxxxxxxxxx
Subject: unsubscribe

[Red Hat Kickstart]     [Fedora Users]     [Red Hat General]     [Red Hat Development]     [Samba]     [Kernel]     [Kernel Newbies]     [Hot Springs]     [Yosemite News]

Powered by Linux