Can the firewall from linux (centOS 5) able to filter some of ip?

Dear Sir/Madam

I just install an linux (centOS 5) with oracle 11g.
When I setup the firewall of an linux (centOS 5), I have an question.
My question is can I set the firewall only able to be access from some of ip through the port 1521 to linux (centOS 5)?
(e.g.) the port 1521 only accessable from  192.168.0.1,192.168.0.2,192.168.0.3 to my oracle server (centOS 5), all the others are denied, will it possible?

Thanks
Francis SZE
Screenshot.png
LVL 15
fsze88Asked:
Who is Participating?
 
http:// thevpn.guruConnect With a Mentor Commented:
The 24 you added means all IPs from 192.168.123.1 to 192.168.123.254

If you do not want that replace

iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT

with

iptables -A INPUT --source   192.168.123.1 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT --source   192.168.123.2 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT --source   192.168.123.3 -p tcp  --dport 1521 -j ACCEPT
0
 
http:// thevpn.guruCommented:
using command line execute

iptables -A INPUT --source   192.168.0.1 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT --source   192.168.0.2 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT --source   192.168.0.3 -p tcp  --dport 1521 -j ACCEPT
iptables -A INPUT -p tcp  --dport 1521 -j DROP
0
 
sonicefuCommented:
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

 
http:// thevpn.guruCommented:
that is iptables, ipchains are outdated.
0
 
Kamran ArshadConnect With a Mentor IT AssociateCommented:
Hi,

Yes you can allow and block IP address ranges in CentOS using IPTables. Please read the below article for howto:

http://wiki.centos.org/HowTos/Network/IPTables
0
 
http:// thevpn.guruCommented:
Has anyone read my comment..the first one ?
0
 
sonicefuCommented:
Important Commands
Commands.pdf
0
 
sonicefuCommented:
Alternative Method
If you are using managed switch, you can achieve this goal by configuring access-list
0
 
fsze88Author Commented:
Dear Sir/Madam

I would like to know if I only accept 192.168.123.x to access linux (centOS 5) through the port 1521.
The only things I sould do is as following?

After that, all finished?
After saved (/sbin/service iptables save), after reboot, I would have same setting as before?
 iptables -F
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT  
 /sbin/service iptables save

Open in new window

0
 
http:// thevpn.guruCommented:
yes however add

iptables -A INPUT -s  -p tcp --dport 1521 -j DROP

if you change your default policy to ACCEPT in future time.
0
 
fsze88Author Commented:
So, I run following command once all done!?
Also, I would like to know what's meaning of 24 from the command line
iptables -A INPUT -s 192.168.123.0/<b>24</b> -p tcp --dport 1521 -j ACCEPT  
 iptables -F
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 iptables -A INPUT -i eth0 -j ACCEPT
 iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT  # using standard slash notation
 iptables -A INPUT -s  -p tcp --dport 1521 -j DROP 
 
 /sbin/service iptables save

Open in new window

0
 
Kamran ArshadIT AssociateCommented:
24 shows the number of bits used as network. Your IP address is class C address which has by default 24 bits for network and 8 bits for host.

xxxxxxxx.xxxxxxxx.xxxxxxxx.hhhhhhhh

Where x are network bits.
0
 
fsze88Author Commented:
Dear Sir/Madam

I would like to know the port number of samba?
Because I may need to share samba from the linux (centOS 5) to windows XP.

Thanks
Francis SZE
0
 
http:// thevpn.guruCommented:
netbios-ns      137/tcp                        # NETBIOS Name Service
netbios-ns      137/udp
netbios-dgm      138/tcp                        # NETBIOS Datagram Service
netbios-dgm      138/udp
netbios-ssn      139/tcp                        # NETBIOS session service
netbios-ssn      139/udp
0
 
http:// thevpn.guruCommented:
Hmm..and 445
0
 
fsze88Author Commented:
Dear sir/madam

Am I need to delete line7 "iptables -A INPUT -i eth0 -j ACCEPT"?

Is the following to open samba for anothers computer?

netbios-ns      137/tcp                        # NETBIOS Name Service
netbios-ns      137/udp
netbios-dgm      138/tcp                        # NETBIOS Datagram Service
netbios-dgm      138/udp
netbios-ssn      139/tcp                        # NETBIOS session service
netbios-ssn      139/udp

Manay Thanks
Francis SZE
0
 
fsze88Author Commented:
Dear sir/madam

I had input command as below , But the samba is not work fine.
anyone can help me!?

Many Thanks
Francis SZE
 iptables -F
 iptables -P INPUT DROP
 iptables -P FORWARD DROP
 iptables -P OUTPUT ACCEPT
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
 iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT  
 iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 445 -j ACCEPT  
 
 /sbin/service iptables save

Open in new window

access.PNG
0
 
fsze88Author Commented:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 1521 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 445 -j ACCEPT  

iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 137 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 138 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p tcp --dport 139 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p udp --dport 137 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p udp --dport 138 -j ACCEPT  
iptables -A INPUT -s 192.168.123.0/24 -p udp --dport 139 -j ACCEPT  
 
/sbin/service iptables save
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.