8Dimensional Playground

[cudaman]

ok, I have a slight problem that i think is with my IPTABLES configuration. I have a web server on port 81... on the external IP (eth1) i can veiw the page on the internal network (eth0)... using its external IP #... however, when I try a computer outside the internal network, it doesnt load (I believe it times out)... I think I have the port blocked externally and when i go to add a rule to allow it I get this:

Code: Select all

iptables -A input -s 0/0 -dport 81 -j ACCEPT
Bad argument `81'
Try `iptables -h' or 'iptables --help' for more information.


I have my syntax wrong i think... and its late so that might be part of the problem... but what is the right syntax for doing what i want done here?

[Peter]

iptables -A INPUT -i eth0 -p tcp --dport 81 -j ACCEPT
or something...I guess...

[cudaman]

wierd..... that i have to use -i and cant use -s ......

nvm.... i guess i missed a dash next to the dport... it needs 2

[EvLwMn]

Wow - sorry I missed this one. So did you get it working?

[cudaman]

ya i didnt double dash the dport option

--dport NOT -dport

i think they need to say that somewhere

[EvLwMn]

Oh yeah - those double dashes are a PITA sometimes. I forget them all the time myself - and I definitely know better.

Glad you got it working now dude

[cuchumino81]

kay dudes, well as you know, i have succesfully installed gentoo, and now i want to run my bittorrent client on here, but i think i am overlooking the linux's firewall. It may have to do with the iptables. I don't really know much bout configging them on the terminal screen cuz i was a fedora user, and all i had to do to enable a port is look for the security tab in the startup panel, and put in the port address.

actually, i could prolly pull this off myself if i knew where the iptables script is located....

Any help appreciated

edit: as of, i have downloaded some front ends for iptables, firestart, and gtk-iptables, but i don't know the first thing bout iptables, so any help i can get is welcome

[cudaman]

If you didnt compile certain things in your kernel, it isnt even running.

however, here is some good reading:

http://www.linuxguruz.com/iptables/howto/iptables-HOWTO.html (HJ gave that to me)

http://www.gentoo.org/doc/en/home-router-howto.xml (has SOME iptables info including that bittorrent port and stuff)

http://www.iptables.org/ (and ofcourse iptables.org)

terminal isnt too bad, just a lot of typing. thats the only way that I have set it up.

As always with Linux...I highly recommend the How-To
http://www.linuxguruz.com/iptables/howt ... HOWTO.html


At the console type this:

IPTABLES -A FORWARD DENY
IPTABLES -A INPUT DENY
IPTABLES -A OUTPUT DENY

This will cause your machine to stop recieving any net traffic what so ever through TCP.

IPTABLES -D FORWARD DENY
IPTABLES -D INPUT DENY
IPTABLES -D OUTPUT DENY

This will remove them with the -D command if you want to test...
You can choose Source IP addresses...Destination addresses...
You can remove all traffic from your system except a single Port...

Its quite useful.

also IPTABLES SAVE will now save all that precious typing to a file that it will reload on startup

[cuchumino81]

yea i got it running. To make things easier, i downloaded a frontend firewall called firestarter .


It is very simple and i know that it doesn't take advantage of the ip tables at 100% but it is somethig, and i am downloading

[cudaman]

congrats, and good luck. I've heard of that program before. hopefully you get it going soon

[cuchumino81]

well, when i actually thought i had the firewall config my bit torrent port on, it wasn't. Im still getting a NAT error when i test the port on Azureus. Im gonna read up and see what i can find.

[cudaman]

hrm.... check and see what order all the rules are in

if a block 0-1200 is before an accept 120 the 120 will not work.

also make sure the protocol is right udp tcp etc.....