Ad Widget

Collapse

iptables configuration

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • wombat613
    Junior Member
    • Feb 2015
    • 9
    #1

    iptables configuration

    I must have a small error in my iptables (Centos 7 client)

    if I service iptables stop I can communicate with the zabbix agent, put iptables back on, and no communication, so there has to be a mini error

    Code:
    # Generated by iptables-save v1.4.7 on Tue Mar 24 13:21:34 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-A OUTPUT -p tcp -m tcp --dport 10051 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --dport 10050 -j ACCEPT 
COMMIT
# Completed on Tue Mar 24 13:21:34 2015
    Any help would be appreciated.

    T. James
    Tags: None
    • aib
      Senior Member
      • Jan 2014
      • 1615
      #2
      Originally posted by wombat613
      Code:
      # Generated by iptables-save v1.4.7 on Tue Mar 24 13:21:34 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
-A OUTPUT -p tcp -m tcp --dport 10051 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --dport 10050 -j ACCEPT 
COMMIT
# Completed on Tue Mar 24 13:21:34 2015
      Please, keep in mind that all rules works as it written in file.
      So, after instruction which have a word REJECT - no any rules working.
      Move your rules about ports 10050 & 10051 before REJECT instructions.
      Code:
      :INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT 
-A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --dport 10051 -j ACCEPT 
-A OUTPUT -p tcp -m tcp --dport 10050 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
      Sincerely yours,
      Aleksey

        Comment

        • wombat613
          Junior Member
          • Feb 2015
          • 9
          #3
          Thanks That got it.

          T. James

            Comment

            Previous template Next
            Working...