Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] Configuring iptables
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
stunirvana21
n00b
n00b


Joined: 24 May 2011
Posts: 41

PostPosted: Thu Aug 15, 2013 9:39 pm    Post subject: [Solved] Configuring iptables Reply with quote

I am trying to set up a firewall on my web/email server. I have come up with the list of following rules, but when I enable them, I lose the ability to use roundcube. I can't figure out which ports I need to open to allow for this.

My rules:
Code:

/sbin/iptables -F
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -s x.a.com -j ACCEPT ##where x is the hostname and a is the domain
/sbin/iptables -A INPUT -i eth0 -s a.com -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 25 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 53 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 80 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 110 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 143 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 443 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 993 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 995 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p TCP --dport 2222 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -j DROP


I have 2222 open because I am running ssh on that port instead of 22. I am running postfix, dovecot, apache, ssh, and roundcube. Those are the only services I need to have ports open for.

EDIT: Updated rules


Last edited by stunirvana21 on Thu Aug 15, 2013 10:43 pm; edited 2 times in total
Back to top
View user's profile Send private message
PaulBredbury
Watchman
Watchman


Joined: 14 Jul 2005
Posts: 7310

PostPosted: Thu Aug 15, 2013 10:17 pm    Post subject: Re: Configuring iptables Reply with quote

Your ruleset is incomplete, I suggest you google for an example ruleset.

E.g. you are missing:
Code:
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
Back to top
View user's profile Send private message
stunirvana21
n00b
n00b


Joined: 24 May 2011
Posts: 41

PostPosted: Thu Aug 15, 2013 10:33 pm    Post subject: Re: Configuring iptables Reply with quote

PaulBredbury wrote:
Your ruleset is incomplete, I suggest you google for an example ruleset.

E.g. you are missing:
Code:
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT


I added that one at one point, but it didn't appear to help so I removed it.

I was going to try to do logging and see what port(s) were being blocked when I accessed roundcube. However, I don't have that module in the kernel and I am running a paravirtual kernel on a VM server I don't have control of.

Also, see my updated rules in the first post.
Back to top
View user's profile Send private message
stunirvana21
n00b
n00b


Joined: 24 May 2011
Posts: 41

PostPosted: Thu Aug 15, 2013 10:43 pm    Post subject: Reply with quote

Actually, I think what PaulBredbury suggested fixed my issue. I swear I tried it before, but maybe I didn't have the rules for my host.domain and domain in then.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum