I
I
IsaevDev2017-04-19 22:06:06
linux
IsaevDev, 2017-04-19 22:06:06

How to open a port in iptables for private network only?

Created a private network on VPS hosting
Writes:
Gateway: 10.0.0.1
Mask: 255.255.255.0
IP addresses via DHCP
Then I want to make a cache server with redis on port 6379 I set
the following rules:
iptables -A INPUT -p TCP -m state --state ESTABLISHED ,RELATED -j ACCEPT
iptables -A INPUT -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p TCP --sport 22 -j ACCEPT
iptables -A INPUT -p TCP -s 10.0.0.1/24 --dport 6379 -j ACCEPT (or 10.0.0.0)
iptables -A OUTPUT -p TCP --sport 6379 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
I try to connect from a server from a private network - it drops. Works without rules
Tell me which way to dig?
Thank you!

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alexey Cheremisin, 2017-04-19
@IsaevDev

Are you still writing iptables by hand?! Then we go to you!
Finally, install firehol or ufw, or some other analogue of auto rule generators.
My favorite is firehol - https://firehol.org

# apt-get install firehol
# vi /etc/default/firehol
# /etc/init.d/firehol start|stop|restart|status

Well, configuration for your needs
server_redis_ports="tcp/6379 udp/6379"
client_redis_ports="default 6379"

redirect to 22 proto tcp dport 2244

interface eth0 internet
    policy drop
    protection strong
    server smtp accept
    server http accept
    server ftp  accept
    server ssh  accept ### (!) проверить сначала работу по 2244, не выключать текущую сессию ssh!
    client ping accept

interface eth1 myprivatelan
    policy reject
    server "ping ssh redis" accept src 10.0.0.0/24
    server dhcp accept
    client "ssh ping redis dhcp"  accept

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question