Google
  Web www.spinics.net

RE: Help an IPTABLES neophyte please

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 
> -----Original Message-----
> From: Rick Stevens [mailto:ricks@xxxxxxxx]
> Sent: Friday, May 09, 2008 9:54 AM
> To: Getting started with Red Hat Linux
> Subject: Re: Help an IPTABLES neophyte please

<snip>

> 
> You didn't say which NICs are on the external and which are on the
> internal (and I see 3 NICS in your ruleset).  However, assuming eth0
is
> the external and eth1 and eth2 are the internal, then
> 
> # Permit incoming and outgoing LDAP:// traffic on eth0...
> iptables -A INPUT -i eth0 -s 0/0 -p tcp --dport 389 -m state --state \
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUTPUT -o eth0 -s 0/0-p tcp --sport 389 -m state --state \
> NEW -j ACCEPT
> # Permit incoming and outgoing LDAPS:// traffic on eth0...
> iptables -A INPUT -i eth1 -s 0/0 -p tcp -sport 636 -m state --state \
> ESTABLISHED,RELATED -j ACCEPT
> iptables -A OUTPUT -o eth0 -s 0/0-p tcp --sport 636 -m state --state \
> NEW -j ACCEPT
> 
> Should be a good basis to start with.  
> ----------------------------------------------------------------------
> - Rick Stevens, Systems Engineer                       rps2@xxxxxxxx -
> - Hosting Consulting, Inc.                                           -
> -                                                                    -
> -           Blech!  ACKth!  Ooop!  -- Bill the Cat (Outland)         -
> ----------------------------------------------------------------------

Okay, I finally got that working.

#Allow outbound LDAP
## Permit incoming and outgoing LDAP:// traffic on eth0...
iptables -A INPUT -i eth0 -s 0/0 -p tcp --sport 389 --dport 1024:65535
-m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o eth0 -s 0/0 -p tcp --sport 1024:65535 --dport 389
-m state --state NEW,ESTABLISHED -j ACCEPT

There was no talking on 636, so I was going to leave that closed off
unless there is a good reason to open it.

Next step, forwarding LDAP requests over eth1 or eth2 going out eth0.



_______________________________________________
Redhat-install-list mailing list
Redhat-install-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/redhat-install-list
To Unsubscribe Go To ABOVE URL or send a message to:
redhat-install-list-request@xxxxxxxxxx
Subject: unsubscribe

[Red Hat Kickstart]     [Fedora Users]     [Red Hat General]     [Red Hat Development]     [Samba]     [Kernel]     [Kernel Newbies]     [Hot Springs]     [Yosemite News]

Powered by Linux