Re: Runs internally on VPS but not internet

Fri, 03 Aug 2012 01:07:34 -0700 

On Thu, Aug 02, 2012 at 04:10:59PM +0100, Graham Mcleish wrote:
> I must confess that I have only turned off the firewall completely at
> this point to get it working as I have never had to open any ports on
> Ubuntu before! I'll away and turn it back on and try and figure out how
> to open the specific ports.
Read 'iptables' manual (man iptables) :)

For example something like this:
# remove all previous entrys
iptables -F
iptables -X

iptables -N TCP
iptables -N UDP

# default policy
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP

# allow loopback
iptables -A INPUT -i lo -j ACCEPT

# allow to connect FROM your ubuntu
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP

# disallow invalid 
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP

# allow ping echo requests
iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j
ACCEPT

# set reject policy
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-rst
iptables -A INPUT -j REJECT --reject-with icmp-proto-unreachable

# allow specified ports (22 is ssh), remember to change -i eth0 to your
# interface
for port in 22 5080 8443 1935 8088; do
        iptables -A TCP -p tcp -m state --state NEW --dport $port -i eth0 -j 
ACCEPT
done

I did not tested it, but should work. Hope it will help!
-- 
Jakub Skory, <kuba(at)ukw(dot)edu(dot)pl>
System Operator
IT Center:
_______________________________________________________________________
tel:             +48 52 3257 649,  +48 52 3257 647
fax:             +48 52 3257 646,  +48 52 3257 647
working hours:    08a.m. - 04p.m.
mail:             di(at)ukw(dot)edu(dot)pl
web:              http://di.ukw.edu.pl/
postal address:   M. Kopernika 1 (room 8/9), 85-074, Bydgoszcz.
_______________________________________________________________________
Kazimierz Wielki University,
J. K. Chodkiewicza 30,
85-064, Bydgoszcz, Poland.
_______________________________________________________________________

Attachment: pgppd0QhxRfkW.pgp
Description: PGP signature

www(dot)ukw(dot)edu(dot)pl

MID: 1828569
10:07:01 08/03/12

Reply via email to