Help with iptables

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Help with iptables

Jon Miller-5
I'm trying to construct a set of rules that would allow udp ports 5060, 7824, 49152:65535 6000:6004 to come in as well as go out.  It is my understanding that these packets needs to be able to have an open port both incoming and outgoing.  What I'm looking for is the iptables rule to allow these ports in.  The external interface is on eth1 and the internal (LAN) is on eth0.

Thanks,

Jon

Reply | Threaded
Open this post in threaded view
|

Re: Help with iptables

Roberto C. Sanchez
Jon Miller wrote:
> I'm trying to construct a set of rules that would allow udp ports 5060, 7824, 49152:65535 6000:6004 to come in as well as go out.  It is my understanding that these packets needs to be able to have an open port both incoming and outgoing.  What I'm looking for is the iptables rule to allow these ports in.  The external interface is on eth1 and the internal (LAN) is on eth0.
>
> Thanks,
>
> Jon
>

Have you considered using shorewall?  It will generate all those sorts
of rules automatically using rules and zones that you specify in
configuration files.

-Roberto

--
Roberto C. Sanchez
http://familiasanchez.net/~roberto

signature.asc (264 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Help with iptables

Brian Schrock
In reply to this post by Jon Miller-5
On Friday 31 March 2006 22:56, Jon Miller wrote:

> I'm trying to construct a set of rules that would allow udp ports 5060,
> 7824, 49152:65535 6000:6004 to come in as well as go out.  It is my
> understanding that these packets needs to be able to have an open port both
> incoming and outgoing.  What I'm looking for is the iptables rule to allow
> these ports in.  The external interface is on eth1 and the internal (LAN)
> is on eth0.
>
> Thanks,
>
> Jon

Assumptions:
You do NOT want state tracking.
You do NOT care what interface.
You are not too concerned about cleanliness of the traffic. (Portscans, bad
packets etc, etc, etc.)
You are human....
You know how to read...
You know how to read the iptables man page...
I am sure there are a ton of others, but I am having troubles being funny this
morning.

Off the top of my head...

/sbin/iptables -t filter -A INPUT -p udp --dport 5060 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p udp --dport 5060 -j ACCEPT

/sbin/iptables -t filter -A INPUT -p udp --dport 7824 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p udp --dport 7824 -j ACCEPT

/sbin/iptables -t filter -A INPUT -p udp --dport 49152:65535 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p udp --dport 49152:65535 -j ACCEPT

/sbin/iptables -t filter -A INPUT -p udp --dport 6000:6004 -j ACCEPT
/sbin/iptables -t filter -A OUTPUT -p udp --dport 6000:6004 -j ACCEPT

--
Brian J. Schrock


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Help with iptables

Travis Crook
In reply to this post by Jon Miller-5
On Sat, 01 Apr 2006 11:56:48 +0800
"Jon  Miller" <[hidden email]> wrote:

> I'm trying to construct a set of rules that would allow udp ports
> 5060, 7824, 49152:65535 6000:6004 to come in as well as go out.  It
> is my understanding that these packets needs to be able to have an
> open port both incoming and outgoing.  What I'm looking for is the
> iptables rule to allow these ports in.  The external interface is on
> eth1 and the internal (LAN) is on eth0.
>
> Thanks,
>
> Jon

If you are looking for an entire firewall I would recommend
http://homelansecurity.sourceforge.net/.  (Some of the links have an
extra "/" in them, you may have to remove it to get the info).  If you
don't want the whole firewall then just open the script and find the
port forwarding rules.  You can easily modify them from there.

Good luck!

--
Travis Crook
Visions Beyond
www.VisionsBeyond.com
208-478-7836


--
To UNSUBSCRIBE, email to [hidden email]
with a subject of "unsubscribe". Trouble? Contact [hidden email]