Skip to main content

Thread: Iptables challenge: help needed please

-

dear ubuntians,

got big problem , has iptables challenge in need build firewall.

info:

incoming connections port 80 (tcp) of webserver allowed.
incoming connections port 21 (tcp) computer of webdeveloper allowed.
incoming connections port 22 (tcp) computer of systems administrator allowed if come port 1337.
incoming icmp connections allowed internal network.
other incoming connections disallowed.
outgoing connections port 25 (tcp) of mailserver allowed.
outgoing connections port 3306 (tcp) of database server allowed.
other outgoing connections dmz or internal network disallowed. outgoing connections internet allowed.


webserver 10.0.0.23
webdeveloper 192.168.0.36
systems administrator 192.168.0.52
internal network 192.168.0.0/24

database 10.0.0.12
mailserver 10.0.0.8

dmz 10.0.0.0/24

rules have far:

iptables -p input drop
iptables -p output drop
iptables -a input -p tcp --dport 80 -d 10.0.0.23 -j accept
iptables -a output -p tcp --sport 80 -s 10.0.0.23 -j accept
iptables -a input -p tcp --dport 21 -s 192.168.0.36 -j accept
iptables -a output -p tcp --sport 21 -d 192.168.0.36 -j accept
iptables -a input -p tcp --dport 22 -s 192.168.0.52 --sport 1337 -j accept
iptables -a output -p tcp --sport 22 -d 192.168.0.52 --dport 1337 -j accept
iptables -a input -p icmp -s 192.168.0.0/24 -j accept
iptables -a output -p icmp -d 192.168.0.0/24 -j accept

stuck, because enter in iptables -a input -p tcp -d 10.0.0.8 --dport 25 -j accept, challenge says failed many incoming connections allowed. reason outputs in there because answers connections need allowed well.

please me out. if need more information not hesitate ask.

thank , have day.

to able help, think need more information. computer iptables runs on router system? interface sub-net (i.e. eth0 = 192.168.0.0/24, eth1 = 10.0.0.0/24, ...). don't see forward rules, little confused @ moment.
iptables methods seem little odd me, lets leave now, except recommend reading various iptables how documents (i.e. https://help.ubuntu.com/community/iptableshowto )

not understand mean "iptables challenge". mean error code?

on test machine entered iptables rules way listed, including rule said gave "the challenge", , worked fine (to clarify: of course, system didn't work @ because rules wrong system, table loaded fine).

script:
code:
#!/bin/sh # # test_u 2012.01.02 smythies. #        experiment tables one: #        http://ubuntuforums.org/showthread.php?t=1903104 # iptables -f iptables -p input drop iptables -p output drop iptables -a input -p tcp --dport 80 -d 10.0.0.23 -j accept iptables -a output -p tcp --sport 80 -s 10.0.0.23 -j accept iptables -a input -p tcp --dport 21 -s 192.168.0.36 -j accept iptables -a output -p tcp --sport 21 -d 192.168.0.36 -j accept iptables -a input -p tcp --dport 22 -s 192.168.0.52 --sport 1337 -j accept iptables -a output -p tcp --sport 22 -d 192.168.0.52 --dport 1337 -j accept iptables -a input -p icmp -s 192.168.0.0/24 -j accept iptables -a output -p icmp -d 192.168.0.0/24 -j accept iptables -a input -p tcp -d 10.0.0.8 --dport 25 -j accept
the output "sudo iptables-save -c"
code:
  # generated iptables-save v1.4.10 on mon jan  2 08:07:00 2012 *filter :input drop [3:700] :forward accept [0:0] :output drop [0:0] [0:0] -a input -d 10.0.0.23/32 -p tcp -m tcp --dport 80 -j accept [0:0] -a input -s 192.168.0.36/32 -p tcp -m tcp --dport 21 -j accept [0:0] -a input -s 192.168.0.52/32 -p tcp -m tcp --sport 1337 --dport 22 -j accept [0:0] -a input -s 192.168.0.0/24 -p icmp -j accept [0:0] -a input -d 10.0.0.8/32 -p tcp -m tcp --dport 25 -j accept [0:0] -a output -s 10.0.0.23/32 -p tcp -m tcp --sport 80 -j accept [0:0] -a output -d 192.168.0.36/32 -p tcp -m tcp --sport 21 -j accept [0:0] -a output -d 192.168.0.52/32 -p tcp -m tcp --sport 22 --dport 1337 -j accept [0:0] -a output -d 192.168.0.0/24 -p icmp -j accept commit # completed on mon jan  2 08:07:00 2012
i not see output path internet, per text, assuming didn't rule yet.


Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Networking & Wireless [ubuntu] Iptables challenge: help needed please


Ubuntu

Comments

Post a Comment

Popular posts from this blog

How to set the order of FAQs instead of alphabetical

-
i have 19 faqs default showing them in alphabetical order.   i dislplay them in different order, weighting this, , how weighting work, is larger number higher priority, question id show first on list need numbered in weight field 19? hey vickituch,   as mentioned, default faq items sorted alphabetically. weighting, can modify order in faq items appear. way weighting works higher number specify, higher priority faq item have. example, if have 3 items each weight specified, priority follows:   99. faq item. 45. faq item. 7. yet faq item More discussions in Content Management and Modules adobe
Read more

Thread: Get UK Keyboard working

-
i using ubuntu desktop on lucid , keyboard changes british keys american keys, #/£, ~/| , "/@ around. in system->preferences->keyboard menu have set keyboard uk. when log via putty uk keys come out right. there other place more configuration required? /vfclistsguy actually settings should enough.. can try setxkbmap -query see current layout settings. Forum The Ubuntu Forum Community Ubuntu Official Flavours Support Desktop Environments [kubuntu] Get UK Keyboard working Ubuntu
Read more

how do I change the e-mail address for my merchant account

-
aloha   i have different primary address paypal account 1 listed merchant account in form   the different address same paypal account different e-mail address   i change responses   how do that?? hi,   you need register email address want paypal account form, current paypal email used form replaced. that, open form, go options -> collect payments. in paypal setup tab, enter new email address , click register.   please let me know if need more assistance.   thanks,   eman fu senior computer scientist adobe systems inc More discussions in Archived Spaces adobe
Read more