?
Solved

IPTables - Specify certain ip access

Posted on 2010-11-22
5
Medium Priority
?
652 Views
Last Modified: 2012-05-10
Dear all,

I need to setup the following in IP Tables on a Ubuntu Server 10.10.

IP Address 1: *.*.*.* = Allow all outbound, Deny all inbound except ports 80, 443
IP Address 2: *.*.*.* = Allow all outbound, Deny all inbound except ports 21

Thanks,

Lyon
0
Comment
Question by:LyonJay
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 16

Accepted Solution

by:
Blaz earned 400 total points
ID: 34188170
These rules acomplish what you stated above:

iptables -A INPUT -d <IP_address_1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP_address_1> -m tcp -p tcp  --dport 443 -j ACCEPT
iptables -A INPUT -d <IP_address_2> -m tcp -p tcp  --dport 21 -j ACCEPT
iptables -A INPUT -j DENY

However, plese note:
- you maybe have already existing rules that might interfere with these rules - check existing ones and modify accordingly
- you may need access to additional services lihe SSH access to the machine (for administration), DNS access, ICMP access
0
 
LVL 2

Assisted Solution

by:wk
wk earned 400 total points
ID: 34188297
As you said you are on Ubuntu, you may try ufw - uncomplicated firewall.

https://help.ubuntu.com/community/UFW

$ sudo apt-get install ufw
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
$ sudo ufw allow 21/tcp
$ sudo ufw enable
$ sudo ufw status

Done!

William Lee    CISA CISSP
Hong Kong
0
 
LVL 9

Assisted Solution

by:expert_tanmay
expert_tanmay earned 400 total points
ID: 34194475
# allow all out bound
iptables -P OUTPUT -j ACCEPT

#Default Drop all INPUT
iptables -P INPUT -j DROP

# allow to port 80 and 443 for ip1
iptables -A INPUT -d <IP1> -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -d <IP1> -m tcp -p tcp  --dport 443 -j ACCEPT

# allow to port 21 for ip2
iptables -A INPUT -d <IP2> -m tcp -p tcp  --dport 21 -j ACCEPT

cheers!!
0
 
LVL 7

Assisted Solution

by:expert1010
expert1010 earned 400 total points
ID: 34195967
I know this is not what you asked for but if you install for example ferm you'd have an easyer way to config your firewall. Ferm is just a compiler for iptables configuration but it makes life a lot easier.

Have a look at:
http://ferm.foo-projects.org/
0
 
LVL 19

Assisted Solution

by:Gabriel Orozco
Gabriel Orozco earned 400 total points
ID: 34201584
Just a question.

are these two ip address in the same ubuntu box, or are they behind the firewall?

that would make very different rules. (I must confess I envisioned the answer as I was reading the question, just as expert_tanmay did)
0

Featured Post

Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month14 days, 9 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question