Answer the question
In order to leave comments, you need to log in
I
I
IsaevDev2017-04-19 22:06:06
IsaevDev, 2017-04-19 22:06:06
How to open a port in iptables for private network only?
Created a private network on VPS hosting
Writes:
Gateway: 10.0.0.1
Mask: 255.255.255.0
IP addresses via DHCP
Then I want to make a cache server with redis on port 6379 I set
the following rules:
iptables -A INPUT -p TCP -m state --state ESTABLISHED ,RELATED -j ACCEPT
iptables -A INPUT -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p TCP --sport 22 -j ACCEPT
iptables -A INPUT -p TCP -s 10.0.0.1/24 --dport 6379 -j ACCEPT (or 10.0.0.0)
iptables -A OUTPUT -p TCP --sport 6379 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
I try to connect from a server from a private network - it drops. Works without rules
Tell me which way to dig?
Thank you!
1 answer(s)
@IsaevDev
Well, configuration for your needs
A
Alexey Cheremisin, 2017-04-19 @IsaevDev
Are you still writing iptables by hand?! Then we go to you!
Finally, install firehol or ufw, or some other analogue of auto rule generators.
My favorite is firehol - https://firehol.org
# apt-get install firehol
# vi /etc/default/firehol
# /etc/init.d/firehol start|stop|restart|statusWell, configuration for your needs
server_redis_ports="tcp/6379 udp/6379"
client_redis_ports="default 6379"
redirect to 22 proto tcp dport 2244
interface eth0 internet
policy drop
protection strong
server smtp accept
server http accept
server ftp accept
server ssh accept ### (!) проверить сначала работу по 2244, не выключать текущую сессию ssh!
client ping accept
interface eth1 myprivatelan
policy reject
server "ping ssh redis" accept src 10.0.0.0/24
server dhcp accept
client "ssh ping redis dhcp" accept
Similar questions
N
M
S
B
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question