Where is the error in IPTABLES?

V

Vladislav Bushuev2015-03-31 12:44:43

linux

Vladislav Bushuev, 2015-03-31 12:44:43

The server has two network cards, eth0 -> distributes the Internet, eth1 -> receives the Internet. I needed to block all external connections to the server and add exceptions.
Here's what I did:

# Policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

# Разрешаем loopback
iptables -A INPUT -i lo -j ACCEPT

# Разрешим работу второй сетевой карты eth0
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A OUTPUT -p ALL -j ACCEPT

# Разрешаем все установленные соединения
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT

# Разрешаем SSH
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1715 -j ACCEPT

And the Internet does not go, there is a connection to the server from the local area, but there is no access to the global network. There is no internet on the server either.
Where is the mistake?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Anton Nagaets, 2015-03-31
@redstar

# Policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

Move to the end.
At the beginning, you banned everything and the packages went into milk without reaching the rest of the chains.
the essence of iptables is going through the lines and executing the rule on its first occurrence.

iptables -P INPUT DROP
iptables -P FORWARD DROP

you disabled packages.
And your server was locked inside itself.
Block rules # Let 's
allow the second network card eth0
no packets reach them

P

Pavel Perminov, 2015-03-31
@perminov_dot_im

1. The order of -P and -A does not matter. -P is what is applied if nothing else is applied.
2. Where are the routes?
3. Where is the nat?
UPDT
Replace -m state with -m conttrack and --state ESTABLISHED with --ctstate ESTABLISHED