[plug] iptables questions
Fred Janon
fjanon at yahoo.com
Wed Sep 29 16:06:43 WST 2010
Hi,
I am trying to understand how iptables work. I have a CentOS install and I am trying to enable ping/tracert on that instance. I don't understand if every port is open or closed by default on that instance? What does an empty rule mean? Every port opne or every port clodes?
And after I added the icmp rules, are other ports open or is icmp the only traffic allowed?
Here are the default iptables
---------------------------
$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
--------------------------
After some research, I did this to try to enable PINGs. The server IP is 10.161.82.237
---------------------------
$ SERVER_IP="10.161.82.237"
$ sudo iptables -A INPUT -p icmp --icmp-type 8 -s 0 /0 -d $SERVER_IP -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
$ sudo iptables -A OUTPUT -p icmp --icmp-type 0 -s $SERVER_IP -d 0/0 -m state --state ESTABLISHED,RELATED -j ACCEPT
-------------------------------
Check the new tables
--------------------------------
$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- 0.0.0.0/0 10.161.82.237 icmp type 8 state NEW,RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT icmp -- 10.161.82.237 0.0.0.0/0 icmp type 0 state RELATED,ESTABLISHED
-----------------------------------
The tracert or ping still time out.
Thanks
Fred
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20100929/ab4a3524/attachment.html>
More information about the plug
mailing list