Solved

CentOS 5.6 & Edit IP Tables

Posted on 2012-03-19
2
374 Views
Last Modified: 2012-06-27
My CentOS 5.6 server currently has two IP addresses assigned to it.  The public IP address is assigned to eth0 and the private IP address is assigned to eth1.

I need to open the SSH port (port 22) on the private ip address only.  Right now it is opened on both the public and private.  

My current etc/sysconfig/iptables is below:



# Generated by iptables-save v1.3.5 on Wed Mar 14 14:20:11 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [334402:108639620]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Mar 14 14:20:11 2012
"/etc/sysconfig/iptables" 23L, 1076C



My ifconfig looks like




eth0   Link encap:Ethernet  HWaddr 40:40:FF:25:62:5B
          inet addr:36.75.132.9  Bcast:36.75.132.9  Mask:255.255.255.0
          inet6 addr: fe50::2124:ffff:fe25:625b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:644677 errors:0 dropped:0 overruns:0 frame:0
          TX packets:523666 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:443128196 (422.5 MiB)  TX bytes:114953349 (109.6 MiB)

eth1   Link encap:Ethernet  HWaddr 40:40:67:4F:64:7D
          inet addr:192.168.1.132  Bcast:192.168.1.132  Mask:255.255.224.0
          inet6 addr: fe60::4240:67ff:fe4f:647d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3 errors:0 dropped:0 overruns:0 frame:0
          TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:180 (180.0 b)  TX bytes:6654 (6.4 KiB)

lo       Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:6483 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6483 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:31100473 (29.6 MiB)  TX bytes:31100473 (29.6 MiB)


0
Comment
Question by:deklinm
2 Comments
 
LVL 6

Assisted Solution

by:torakeshb
torakeshb earned 200 total points
ID: 37740818
To block ssh from public interface an allow from private. :  iptables -A INPUT -i eth0  -p tcp --destination-port 22 -j DROP
0
 
LVL 21

Accepted Solution

by:
Papertrip earned 300 total points
ID: 37740836
There are several ways to do this, here are 2 of the simpler ways.

Change the "ListenAddress" option in /etc/ssh/sshd_config to listen only on 192.168.1.13
ListenAddress 192.168.1.13

Open in new window



Change your existing iptables rule for SSH to only listen on eth1
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp -i eth1 --dport 22 -j ACCEPT

Open in new window


Personally I would make the change in sshd_config.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now