You are not logged in.
- Topics: Active | Unanswered
#1 2013-04-27 15:36:08
- koralgolek
- Member
- Registered: 2010-07-27
- Posts: 23
iptables problem with input connections
I've got 4 computers and 1 server. I need to allow connection of 2 computers to server but on specific ports only. Rest of computers should be able to connect on any port. My firewall on server:
iptables -F
iptables -X
iptables -P INPUT ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.50 --dport 3128 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.50 --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.50 --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.60 --dport 3128 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.60 --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s 192.168.0.60 --dport 80 -j ACCEPT
iptables -A INPUT -s 192.168.0.50 -j DROP
iptables -A FORWARD -s 192.168.0.50 -j DROP
iptables -A INPUT -s 192.168.0.60 -j DROP
iptables -A FORWARD -s 192.168.0.60 -j DROPProblem of this configurations is that only first computer in iptables' configuration works as I want. Second computer can't connect to any port. Why?
I tried to put commands with DROP in other places in configurations and it still not working.
Last edited by koralgolek (2013-04-27 15:56:30)
Offline
#2 2013-04-27 16:53:17
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: iptables problem with input connections
Can't see a reason. Look at what is actually taking effect:
iptables-saveOffline
#3 2013-04-27 17:03:17
- koralgolek
- Member
- Registered: 2010-07-27
- Posts: 23
Re: iptables problem with input connections
# Generated by iptables-save v1.4.8 on Sat Apr 27 19:02:58 2013
*filter
:INPUT ACCEPT [812:348051]
:FORWARD ACCEPT [154:112203]
:OUTPUT ACCEPT [1781:859968]
-A INPUT -s 192.168.0.50/32 -i eth0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -s 192.168.0.50/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.50/32 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.0.60/32 -i eth0 -p tcp -m tcp --dport 3128 -j ACCEPT
-A INPUT -s 192.168.0.60/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -s 192.168.0.60/32 -i eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -s 192.168.0.50/32 -j DROP
-A INPUT -s 192.168.0.60/32 -j DROP
-A FORWARD -s 192.168.0.50/32 -j DROP
-A FORWARD -s 192.168.0.60/32 -j DROP
COMMIT
# Completed on Sat Apr 27 19:02:58 2013
# Generated by iptables-save v1.4.8 on Sat Apr 27 19:02:58 2013
*nat
:PREROUTING ACCEPT [55124:3356855]
:POSTROUTING ACCEPT [54572:3776680]
:OUTPUT ACCEPT [45497:3236713]
COMMIT
# Completed on Sat Apr 27 19:02:58 2013Offline
#4 2013-04-27 17:11:45
- brebs
- Member
- Registered: 2007-04-03
- Posts: 3,742
Re: iptables problem with input connections
I still don't see a problem.
Maybe your 2nd PC's routing is at fault?
Offline
#5 2013-04-27 17:19:27
- koralgolek
- Member
- Registered: 2010-07-27
- Posts: 23
Re: iptables problem with input connections
When I change order of ip then 60 works and 50 not...
Offline