uknet80
asked on
iptables restrict user from accessing server
Hi all,
i have samba running on linux, and application called quickbooks.see the ports running on linux machine under codes.
under iptables i set following:
#enable samba sharing for Quickbooks
iptables -A INPUT -p UDP -s 0/0 --dport 137 -j okay
iptables -A INPUT -p UDP -s 0/0 --dport 138 -j okay
iptables -A INPUT -p TCP -s 0/0 --dport 139 -j okay
iptables -A INPUT -p TCP -s 0/0 --dport 445 -j okay
#Quickbook Ports
iptables -A INPUT -p TCP -s 0/0 --dport 55333:55347 -j okay
iptables -A INPUT -p TCP -s 0/0 --dport 56720 -j okay
iptables -A INPUT -p TCP -s 0/0 --dport 8019:8021 -j okay
user can access share files under under samba, but when i connect to quickbooks using quickbooks software, it wan't let me untill iptables disabled, i don't know if that is caused by samba or quickbooks port can you help?
thanks
i have samba running on linux, and application called quickbooks.see the ports running on linux machine under codes.
under iptables i set following:
#enable samba sharing for Quickbooks
iptables -A INPUT -p UDP -s 0/0 --dport 137 -j okay
iptables -A INPUT -p UDP -s 0/0 --dport 138 -j okay
iptables -A INPUT -p TCP -s 0/0 --dport 139 -j okay
iptables -A INPUT -p TCP -s 0/0 --dport 445 -j okay
#Quickbook Ports
iptables -A INPUT -p TCP -s 0/0 --dport 55333:55347 -j okay
iptables -A INPUT -p TCP -s 0/0 --dport 56720 -j okay
iptables -A INPUT -p TCP -s 0/0 --dport 8019:8021 -j okay
user can access share files under under samba, but when i connect to quickbooks using quickbooks software, it wan't let me untill iptables disabled, i don't know if that is caused by samba or quickbooks port can you help?
thanks
[root@server~]# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 3235/hpiod
tcp 0 0 0.0.0.0:10050 0.0.0.0:* LISTEN 5964/zabbix_agentd
tcp 0 0 0.0.0.0:55338 0.0.0.0:* LISTEN 16621/QBDBMgrN_20
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 3362/mysqld
tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 3534/smbd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2881/portmap
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 3576/beremote
tcp 0 0 0.0.0.0:8019 0.0.0.0:* LISTEN 16656/qbmonitord
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 3403/sendmail: acce
tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 3534/smbd
tcp 0 0 0.0.0.0:989 0.0.0.0:* LISTEN 2927/rpc.statd
tcp 0 0 127.0.0.1:2207 0.0.0.0:* LISTEN 3240/python
tcp 0 0 :::55338 :::* LISTEN 16621/QBDBMgrN_20
tcp 0 0 :::10000 :::* LISTEN 3576/beremote
tcp 0 0 :::22 :::* LISTEN 3258/sshd
udp 0 0 10.1.0.2:137 0.0.0.0:* 3537/nmbd
udp 0 0 0.0.0.0:137 0.0.0.0:* 3537/nmbd
udp 0 0 10.1.0.2:138 0.0.0.0:* 3537/nmbd
udp 0 0 0.0.0.0:138 0.0.0.0:* 3537/nmbd
udp 0 0 0.0.0.0:45012 0.0.0.0:* 3638/avahi-daemon:
udp 0 0 0.0.0.0:983 0.0.0.0:* 2927/rpc.statd
udp 0 0 0.0.0.0:986 0.0.0.0:* 2927/rpc.statd
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3638/avahi-daemon:
udp 0 0 0.0.0.0:111 0.0.0.0:* 2881/portmap
udp 0 0 :::47748 :::* 3638/avahi-daemon:
udp 0 0 :::5353 :::* 3638/avahi-daemon:ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks to all
iptables -A INPUT -p tcp --dport SERVER_PORT_NUM -m state --state ESTABLISHED,RELATED -j ACCEPT