[plug] Help with IP Tables
Andrew Greig
agreig at gmail.com
Tue Oct 6 10:57:11 WST 2009
On 06/10/09 10:01, Jon L. Miller <jlmiller at mmtnetworks.com.au> wrote:
> I need some help on writing a firewall rule for letting in and out on port
> 5721.
Can you clarify what needs to talk to what on port 5721?
> Are you able to write this?
>
> eth0 is Internal
> eth1 is External
I'm assuming you've got something like the following at the top of your
firewall script:
INT_IFACE=eth0
EXT_IFACE=eth1
> What I have is an INPUT and OUTPUT rule that simple states:
>
>
> $IPT -A INPUT -p tcp -i $INT_IFACE --dport 5721 -j ACCEPT
> $IPT -A INPUT -p udp -i $INT_IFACE --dport 5721 -j ACCEPT
That should allow devices on the internal network to reach the gateway.
You probably want a corresponding rule for the external interface if it
needs to be internet accessible.
> I've also allow this port out of the Cisco Router that sits in front of
> the Gateway server where these rules are applied.
>
> the OUTPUT rules:
>
> $IPT -A OUTPUT -p tcp --dport 5721 -j ACCEPT
> $IPT -A OUTPUT -p udp --dport 5721 -j ACCEPT
You may want to match on the source port rather than destination for
outgoing packets i.e. --sport 5721
INPUT and OUTPUT are fine if you just want to reach the gateway server
itself. If the internal computers need to be accessed you'll need some
FORWARD rules.
Hope this helps,
Andrew Greig
More information about the plug
mailing list