deklinm
asked on
CentOS 5.6 & Edit IP Tables
My CentOS 5.6 server currently has two IP addresses assigned to it. The public IP address is assigned to eth0 and the private IP address is assigned to eth1.
I need to open the SSH port (port 22) on the private ip address only. Right now it is opened on both the public and private.
My current etc/sysconfig/iptables is below:
# Generated by iptables-save v1.3.5 on Wed Mar 14 14:20:11 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [334402:108639620]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Mar 14 14:20:11 2012
"/etc/sysconfig/iptables" 23L, 1076C
My ifconfig looks like
eth0 Link encap:Ethernet HWaddr 40:40:FF:25:62:5B
inet addr:36.75.132.9 Bcast:36.75.132.9 Mask:255.255.255.0
inet6 addr: fe50::2124:ffff:fe25:625b/ 64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:644677 errors:0 dropped:0 overruns:0 frame:0
TX packets:523666 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:443128196 (422.5 MiB) TX bytes:114953349 (109.6 MiB)
eth1 Link encap:Ethernet HWaddr 40:40:67:4F:64:7D
inet addr:192.168.1.132 Bcast:192.168.1.132 Mask:255.255.224.0
inet6 addr: fe60::4240:67ff:fe4f:647d/ 64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:180 (180.0 b) TX bytes:6654 (6.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6483 errors:0 dropped:0 overruns:0 frame:0
TX packets:6483 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31100473 (29.6 MiB) TX bytes:31100473 (29.6 MiB)
I need to open the SSH port (port 22) on the private ip address only. Right now it is opened on both the public and private.
My current etc/sysconfig/iptables is below:
# Generated by iptables-save v1.3.5 on Wed Mar 14 14:20:11 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [334402:108639620]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 5901 -j ACCEPT
-A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Mar 14 14:20:11 2012
"/etc/sysconfig/iptables" 23L, 1076C
My ifconfig looks like
eth0 Link encap:Ethernet HWaddr 40:40:FF:25:62:5B
inet addr:36.75.132.9 Bcast:36.75.132.9 Mask:255.255.255.0
inet6 addr: fe50::2124:ffff:fe25:625b/
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:644677 errors:0 dropped:0 overruns:0 frame:0
TX packets:523666 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:443128196 (422.5 MiB) TX bytes:114953349 (109.6 MiB)
eth1 Link encap:Ethernet HWaddr 40:40:67:4F:64:7D
inet addr:192.168.1.132 Bcast:192.168.1.132 Mask:255.255.224.0
inet6 addr: fe60::4240:67ff:fe4f:647d/
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:180 (180.0 b) TX bytes:6654 (6.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:6483 errors:0 dropped:0 overruns:0 frame:0
TX packets:6483 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:31100473 (29.6 MiB) TX bytes:31100473 (29.6 MiB)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.