Answer the question
In order to leave comments, you need to log in
How to open a port in iptables for private network only?
Created a private network on VPS hosting
Writes:
Gateway: 10.0.0.1
Mask: 255.255.255.0
IP addresses via DHCP
Then I want to make a cache server with redis on port 6379 I set
the following rules:
iptables -A INPUT -p TCP -m state --state ESTABLISHED ,RELATED -j ACCEPT
iptables -A INPUT -p UDP -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p TCP --sport 22 -j ACCEPT
iptables -A INPUT -p TCP -s 10.0.0.1/24 --dport 6379 -j ACCEPT (or 10.0.0.0)
iptables -A OUTPUT -p TCP --sport 6379 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j DROP
I try to connect from a server from a private network - it drops. Works without rules
Tell me which way to dig?
Thank you!
Answer the question
In order to leave comments, you need to log in
Are you still writing iptables by hand?! Then we go to you!
Finally, install firehol or ufw, or some other analogue of auto rule generators.
My favorite is firehol - https://firehol.org
# apt-get install firehol
# vi /etc/default/firehol
# /etc/init.d/firehol start|stop|restart|status
server_redis_ports="tcp/6379 udp/6379"
client_redis_ports="default 6379"
redirect to 22 proto tcp dport 2244
interface eth0 internet
policy drop
protection strong
server smtp accept
server http accept
server ftp accept
server ssh accept ### (!) проверить сначала работу по 2244, не выключать текущую сессию ssh!
client ping accept
interface eth1 myprivatelan
policy reject
server "ping ssh redis" accept src 10.0.0.0/24
server dhcp accept
client "ssh ping redis dhcp" accept
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question