how to allow certain packet with certian destination ports to forward using iptables?
Posted
by
moataz metwally
on Stack Overflow
See other posts from Stack Overflow
or by moataz metwally
Published on 2013-10-22T03:49:54Z
Indexed on
2013/10/22
3:53 UTC
Read the original article
Hit count: 173
i have server and i virualized it into multiple windws vps's using kvm. i would like to make all vps behind the server firewall. to control all the ports of all vps's from the host server.i have tried to do this by that iptables file but it still blocking all the forward packets. when i remove -A FORWARD -j DROP from the file the vps will be out of the firewall control :
# Generated by iptables-save v1.4.7 on Mon Oct 21 04:30:35 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [49:7546]
-A OUTPUT -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 5901:6010,4080:4085 -j ACCEPT
-A FORWARD -p tcp -s 0/0 -d 0/0 --destination-port 3389 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -j DROP
COMMIT
# Completed on Mon Oct 21 04:30:35 2013
and my ifconfig output:
eth0 Link encap:Ethernet HWaddr 6C:62:6D:EF:B8:77
inet6 addr: fe80::6e62:XXX:feef:b877/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4460000 errors:0 dropped:0 overruns:0 frame:0
TX packets:1825697 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5461498823 (5.0 GiB) TX bytes:547852516 (522.4 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6380 errors:0 dropped:0 overruns:0 frame:0
TX packets:6380 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6481652 (6.1 MiB) TX bytes:6481652 (6.1 MiB)
natbr2 Link encap:Ethernet HWaddr 52:54:00:48:72:53
inet addr:88.XXX.XXX.X53 Bcast:88.198.242.159 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1338720 errors:0 dropped:0 overruns:0 frame:0
TX packets:3570844 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:434791198 (414.6 MiB) TX bytes:4321751647 (4.0 GiB)
viif1001 Link encap:Ethernet HWaddr FE:16:3E:0F:41:D8
inet6 addr: fe80::fc16:XXX:fe0f:41d8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:358229 errors:0 dropped:0 overruns:0 frame:0
TX packets:479289 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:50127351 (47.8 MiB) TX bytes:261223068 (249.1 MiB)
viif1002 Link encap:Ethernet HWaddr FE:16:3E:EA:65:FA
inet6 addr: fe80::fc16:XXX:feea:65fa/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:575590 errors:0 dropped:0 overruns:0 frame:0
TX packets:1489296 errors:0 dropped:0 overruns:5412 carrier:0
collisions:0 txqueuelen:500
RX bytes:243629668 (232.3 MiB) TX bytes:1724640936 (1.6 GiB)
viif1003 Link encap:Ethernet HWaddr FE:16:3E:2B:85:0E
inet6 addr: fe80::fc16:XXX:fe2b:850e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:413052 errors:0 dropped:0 overruns:0 frame:0
TX packets:1741801 errors:0 dropped:0 overruns:299 carrier:0
collisions:0 txqueuelen:500
RX bytes:147931054 (141.0 MiB) TX bytes:2338132498 (2.1 GiB)
viifbr0 Link encap:Ethernet HWaddr 6C:62:6D:EF:B8:77
inet addr:176.XX.XX.X9 Bcast:176.9.0.95 Mask:255.255.255.224
inet6 addr: fe80::6e62:XXX:feef:b877/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2685666 errors:0 dropped:0 overruns:0 frame:0
TX packets:1472089 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4244043694 (3.9 GiB) TX bytes:523110523 (498.8 MiB)
© Stack Overflow or respective owner
