Results 1 to 3 of 3
  1. #1
    Join Date
    Nov 2002
    Posts
    32

    default iptables rules

    What do you guys think of the default IP tables rules? I only want port 1723 and port 2323 (SSH) open, all the rest must be very closed. And I need the MASQUERADE for the VPN. This is a standalone server at a data center.

    Code:
    *nat
    -A POSTROUTING -j MASQUERADE
    COMMIT
    *filter
    -A INPUT -i lo -j ACCEPT
    -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
    -A INPUT -p tcp -m state --state NEW -m tcp --dport 2323 -j ACCEPT
    -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7
    -A INPUT -j REJECT --reject-with icmp-port-unreachable
    -A OUTPUT -j ACCEPT
    COMMIT
    Would I also need to add -A FORWARD -j REJECT?

  2. #2
    The rules looks correct and yes, set FORWARD to REJECT but accept packets from the private subnet (the one you will configure in your VPN) first in the FORWARD chain. You have to route the packets from private subnet to your server IP in the POSTROUTING chain as well. Apart from iptables rules, enable IP Forwarding too.
    | LinuxHostingSupport.net
    | Server Setup | Security | Optimization | Troubleshooting | Server Migration
    | Monthly and Task basis services.
    | MSN : madaboutlinux[at]hotmail.com | Skype : madaboutlinux

  3. #3
    Join Date
    Nov 2002
    Posts
    32
    Quote Originally Posted by madaboutlinux View Post
    The rules looks correct and yes, set FORWARD to REJECT but accept packets from the private subnet (the one you will configure in your VPN) first in the FORWARD chain. You have to route the packets from private subnet to your server IP in the POSTROUTING chain as well. Apart from iptables rules, enable IP Forwarding too.
    Thanks. How would I do this exactly with the private subnet? The private addresses it gives to VPN users are in the 192.168.1.x range.

Similar Threads

  1. I need a better rules iptables
    By drphp3 in forum Hosting Security and Technology
    Replies: 6
    Last Post: 12-04-2011, 05:22 PM
  2. iptables rules
    By Formas in forum Hosting Security and Technology
    Replies: 5
    Last Post: 03-05-2011, 04:29 AM
  3. IPTables Rules
    By Mr Hash in forum Hosting Security and Technology
    Replies: 10
    Last Post: 11-16-2010, 09:57 AM
  4. Iptables Rules
    By Ashley Merrick in forum Hosting Security and Technology
    Replies: 7
    Last Post: 07-03-2009, 07:37 AM
  5. Need to translate IPFW rules to IPTABLES rules
    By chris_jon in forum Hosting Security and Technology
    Replies: 1
    Last Post: 01-20-2006, 05:11 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •