| View previous topic :: View next topic |
| Author |
Message |
TDOofSD
n00b
Joined: 19 Jun 2003
Posts: 10
Location: Canada
|
 Posted: Wed May 05, 2004 7:46 pm Post subject: iptables blocking port 80 |
 |
|
I'm trying to set up iptables to accept connections on port 80 with the config below.
| Code: |
-A INPUT -i lo -j ACCEPT
#Allows only local subnet access to port 81
-A INPUT ! -s 142.150.x.0/24 -p tcp -m tcp --dport 81 --syn -j REJECT
#Accepts all traffic from U of T network (Temporary, not dorms)
-A INPUT -s 142.150.0.0/16 -j ACCEPT
-A INPUT -s 128.100.0.0/16 -j ACCEPT
#Accepts all ssh and http requests
-A INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
...snip...
|
I can get access to ssh, and the computers in the University network can connect to port 80, but my friends in another university can't seem to get to it.
If anyone sees where I'm going wrong I'd appreciate it. |
|
| Back to top |
|
 |
kpack
Tux's lil' helper
Joined: 29 Mar 2004
Posts: 137
|
| Posted: Wed May 05, 2004 8:15 pm Post subject: |
|
|
Assuming your university isn't blocking anything, it looks to me like you're only allowing SYN packets for SSH and HHTP and nothing else, unless it comes from 142.150.0.0/16 or 128.100.0.0/16.
Try removing the --syn from the last two rules. |
|
| Back to top |
|
|
TDOofSD
n00b
Joined: 19 Jun 2003
Posts: 10
Location: Canada
|
| Posted: Wed May 05, 2004 8:33 pm Post subject: |
|
|
Thanks, that one fixed it.
You learn something new every day :p |
|
| Back to top |
|
|
Chris W
l33t
Joined: 25 Jun 2002
Posts: 972
Location: Brisbane, Australia
|
| Posted: Wed May 05, 2004 10:50 pm Post subject: |
|
|
You could consider using something like Shorewall to write a lot of these rules for you. The configuration becomes much easier and the rules much more complete for little effort.
_________________
Cheers,
Chris W
"Common sense: The collection of prejudices acquired by age 18." -- Einstein |
|
| Back to top |
|
|
|
Networking & Security
