Can't remember iptables commands and what youre doing? Its easier to modify the default saved configuration instead of trying to write your own ipchains especially if you do not do this on a daily basis.
step 1: find your iptables config file.
Use "locate iptables | more". This should give a listing of anything related to iptables. Normally this should be in the /etc/sysconfig/ directory
step 2: change your rules using vim
centos: /etc/sysconfig/iptables
openwrt: /etc/firewall.user
and run:
centos # /etc/init.d/iptables restart
openwrt(i think) # /etc/init.d/S45firewall restart
The good news is that in most cases now, the default firewall does give an example of a tcp port and udp port. and openwrt gives a commented version on forwarding ports. e.g.
WAN=$(nvram get wan_ifname)
### Port forwarding
iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.0.2
iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.0.2 -j ACCEPT
Note that in this case, the port forwarded does not require the port to be open on the WAN interface. As it means that it will accept on the WAN
Alternatively, here's some iptables commands and basics to get you going. This is basically all I know and I managed to survive somewhat.
probably the 2 commonly used tables is nat and filter. By default it is set to filter so when listing existing firewall rules, you only need to do this:
# iptables -L --line
It is important to note that iptables works in a sequencial way, that means it looks at rule 1 before it looks at rule 2. I've recently started using --line which is really vital if you want an easy way to view what you want to insert to where. e.g. iptables -I INPUT 2 -j ACCEPT --dports 22 -p tcp
To view the nat (network address translation) table
# iptables -L -t nat --line
One of the more important entrys for this table is probably the masquerading for network sharing.
# iptables -A POSTROUTING -j MASQUERADE -t nat
I guess it does look intimidating, but it really isn't when it dawns upon you as in how the logic works.
if you have finished using iptables -I to create your rules, use "# iptables-save > /etc/sysconfig/iptables" to make sure your changes are saved.
More examples:
iptables -I RH-Firewall-1-INPUT 8 -p tcp --dport 80 -j ACCEPT
iptables -D RH-Firewall-1-INPUT 9
Subscribe to:
Post Comments (Atom)
dead pi
Well, I guess it has to happen at some point. the home automation raspberry pi has died. Much to do with the stupid Strontium mini SD card. ...
-
Broadlink now has quite a lot of integration options almost out of the box. If you enable Broadlink IHC, you can directly link it to Alexa b...
-
I spoke too soon, just as I was commenting on how stable Windows XP was in Apple is Evil , Windows XP decided to go blue screen on me. At th...
-
Since the discovery of blogs and wikis, I have never found that much fun in documentation. There is a certain element of funlyness, if there...
No comments:
Post a comment