[linux-network] Re: Iptables Prerouting

• Previous message: selam 007: "[linux-network] sendmail auth MySQL"
• In reply to: Emre BALCI: "[linux-network] Re: Iptables Prerouting"
• Next in thread: Emre BALCI: "[linux-network] iptables ve --dport 53"

loopback interface icin herseye izin verdiniz mi ??
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
makine uzerindeki servislerin calisabilmesi icin bu 2 satir gerekli.
 Yardimci olabilir dusuncesiyle kendi makinemde sizin yaptirmak
istediginiz sekilde uyguladigim iptables kurallarini veriyorum. Belki
isinize yarar.

Chain INPUT (policy DROP 1420 packets, 209K bytes)
target prot opt in out source
destination
ACCEPT all -- lo any anywhere anywhere
LOG tcp -- any any anywhere
anywhere state INVALID,NEW LOG level warning prefix
`FW-tcp-INPUT: '
LOG udp -- any any anywhere
anywhere state INVALID,NEW LOG level warning prefix
`FW-udp-INPUT: '
ACCEPT icmp -- any any anywhere
anywhere icmp echo-request
ACCEPT icmp -- any any anywhere
anywhere icmp echo-reply
ACCEPT tcp -- eth0 any anywhere
anywhere tcp dpt:ssh
ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
 
Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target prot opt in out source
destination
 
Chain OUTPUT (policy DROP 9 packets, 540 bytes)
target prot opt in out source
destination
ACCEPT all -- any lo anywhere anywhere
ACCEPT icmp -- any any anywhere
anywhere icmp echo-request
ACCEPT icmp -- any any anywhere
anywhere icmp echo-reply
ACCEPT udp -- any eth0 anywhere
anywhere udp dpt:domain
ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:http
ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:https
ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:pop3
ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:smtp
ACCEPT tcp -- any eth0 anywhere
anywhere tcp dpt:ssh
ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED

Emre BALCI wrote:

>yine olmadı
>--- Orhan Albay <orhan.albay@kaynet.com> wrote:
>
>
>>soyle denediniz mi ?
>>
>>tum zincirler icin default policy DROP yapiyoruz.
>>iptables -P INPUT DROP
>>iptables -P OUTPUT DROP
>>
>>iptables -A INPUT -p tcp -i eth0 --dport 110 -j
>>ACCEPT
>>iptables -A INPUT -p tcp -i eth0 --dport 25 -j
>>ACCEPT
>>
>>daha sonra OUTPUT zinciri icin onceden kurulmus
>>(ESTABLISHED) olan
>>baglantilarin interface den cikmasina izin
>>veriyoruz. diger durumlarda DROP.
>>
>>iptables -A OUTPUT -p tcp -o eth0 -m state --state
>>ESTABLISHED,RELATED
>>-j ACCEPT
>>
>>problem OUTPUT zincirinde bu kuralin
>>olusturulmamasindan oluyor bence.
>> Ayrica INPUT zinciri icin de boyle bir kural
>>yazmaniz gerekebilir.
>>
>>iptables -A INPUT -p tcp -i eth0 -m state --state
>>ESTABLISHED,RELATED -j
>>ACCEPT
>>
>>Iyi sanslar,
>>
>>Orhan Albay.
>>
>>Emre BALCI wrote:
>>
>>
>>
>>>Selamlar
>>>Mail Server olarak calısacak makinem uzerinde
>>>
>>>
>>iptables
>>
>>
>>>ile sadece 110 ve 25 nolu portlardan iletisim
>>>kurulması için input zincirinin default policysini
>>>drop edip 110 ve 25 nolu portlar için accept
>>>
>>>
>>ediyorum
>>
>>
>>>fakat iletisim kurulamıyor prerouting zinciride
>>>gorunmuyor ?
>>>bu konfigurasyonu webmin den yapıyorum
>>>
>>>
>>>__________________________________
>>>Do you Yahoo!?
>>>Yahoo! SiteBuilder - Free, easy-to-use web site
>>>
>>>
>>design software
>>
>>
>>>http://sitebuilder.yahoo.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>
>
>__________________________________
>Do you Yahoo!?
>Yahoo! SiteBuilder - Free, easy-to-use web site design software
>http://sitebuilder.yahoo.com
>
>
>
>
>

• Previous message: selam 007: "[linux-network] sendmail auth MySQL"
• In reply to: Emre BALCI: "[linux-network] Re: Iptables Prerouting"
• Next in thread: Emre BALCI: "[linux-network] iptables ve --dport 53"