Solved

Can the firewall from linux (centOS 5) able to filter some of ip?

Posted on 2008-06-16
18
3,905 Views
Last Modified: 2013-12-15
Dear Sir/Madam

I just install an linux (centOS 5) with oracle 11g.
When I setup the firewall of an linux (centOS 5), I have an question.
My question is can I set the firewall only able to be access from some of ip through the port 1521 to linux (centOS 5)?
(e.g.) the port 1521 only accessable from  192.168.0.1,192.168.0.2,192.168.0.3 to my oracle server (centOS 5), all the others are denied, will it possible?

Thanks
Francis SZE
Screenshot.png
0
Comment
Question by:fsze88
  • 7
  • 6
  • 3
  • +1
18 Comments
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21791780
using command line execute

iptables -A INPUT --source   192.168.0.1 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT --source   192.168.0.2 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT --source   192.168.0.3 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT -p tcp  --dport 1521 -j DROP
0
 
LVL 13

Expert Comment

by:sonicefu
ID: 21791787
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21791821
that is iptables, ipchains are outdated.
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 32

Assisted Solution

by:Kamran Arshad
Kamran Arshad earned 200 total points
ID: 21791823
Hi,

Yes you can allow and block IP address ranges in CentOS using IPTables. Please read the below article for howto:

http://wiki.centos.org/HowTos/Network/IPTables
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21791832
Has anyone read my comment..the first one ?
0
 
LVL 13

Expert Comment

by:sonicefu
ID: 21791881
Important Commands
Commands.pdf
0
 
LVL 13

Expert Comment

by:sonicefu
ID: 21791885
Alternative Method
If you are using managed switch, you can achieve this goal by configuring access-list
0
 
LVL 15

Author Comment

by:fsze88
ID: 21792349
Dear Sir/Madam

I would like to know if I only accept 192.168.123.x to access linux (centOS 5) through the port 1521.
The only things I sould do is as following?

After that, all finished?
After saved (/sbin/service iptables save), after reboot, I would have same setting as before?
 iptables -F
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT  
 /sbin/service iptables save

Open in new window

0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21792369
yes however add

iptables -A INPUT -s  -p tcp --dport 1521 -j DROP

if you change your default policy to ACCEPT in future time.
0
 
LVL 15

Author Comment

by:fsze88
ID: 21792460
So, I run following command once all done!?
Also, I would like to know what's meaning of 24 from the command line
iptables -A INPUT -s 192.168.123.0/<b>24</b> -p tcp --dport 1521 -j ACCEPT  
 iptables -F
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -i eth0 -j ACCEPT
 iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT  # using standard slash notation
 iptables -A INPUT -s  -p tcp --dport 1521 -j DROP 
 
 /sbin/service iptables save

Open in new window

0
 
LVL 32

Expert Comment

by:Kamran Arshad
ID: 21792472
24 shows the number of bits used as network. Your IP address is class C address which has by default 24 bits for network and 8 bits for host.

xxxxxxxx.xxxxxxxx.xxxxxxxx.hhhhhhhh

Where x are network bits.
0
 
LVL 19

Accepted Solution

by:
http:// thevpn.guru earned 300 total points
ID: 21792473
The 24 you added means all IPs from 192.168.123.1 to 192.168.123.254

If you do not want that replace

iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT

with

iptables -A INPUT --source   192.168.123.1 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT --source   192.168.123.2 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT --source   192.168.123.3 -p tcp  --dport 1521 -j ACCEPT
0
 
LVL 15

Author Comment

by:fsze88
ID: 21800319
Dear Sir/Madam

I would like to know the port number of samba?
Because I may need to share samba from the linux (centOS 5) to windows XP.

Thanks
Francis SZE
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21800326
netbios-ns      137/tcp                        # NETBIOS Name Service
netbios-ns      137/udp
netbios-dgm      138/tcp                        # NETBIOS Datagram Service
netbios-dgm      138/udp
netbios-ssn      139/tcp                        # NETBIOS session service
netbios-ssn      139/udp
0
 
LVL 19

Expert Comment

by:http:// thevpn.guru
ID: 21800330
Hmm..and 445
0
 
LVL 15

Author Comment

by:fsze88
ID: 21809852
Dear sir/madam

Am I need to delete line7 "iptables -A INPUT -i eth0 -j ACCEPT"?

Is the following to open samba for anothers computer?

netbios-ns      137/tcp                        # NETBIOS Name Service
netbios-ns      137/udp
netbios-dgm      138/tcp                        # NETBIOS Datagram Service
netbios-dgm      138/udp
netbios-ssn      139/tcp                        # NETBIOS session service
netbios-ssn      139/udp

Manay Thanks
Francis SZE
0
 
LVL 15

Author Comment

by:fsze88
ID: 21810598
Dear sir/madam

I had input command as below , But the samba is not work fine.
anyone can help me!?

Many Thanks
Francis SZE
 iptables -F
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT  
 iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 445 -j ACCEPT  
 
 /sbin/service iptables save

Open in new window

access.PNG
0
 
LVL 15

Author Comment

by:fsze88
ID: 21830277
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 445 -j ACCEPT  

iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 137 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 138 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 139 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p udp --dport 137 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p udp --dport 138 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p udp --dport 139 -j ACCEPT  
 
/sbin/service iptables save
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question