[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

iptables

 Hola lista:

 

En mi iptables tengo las siguientes líneas:

 

 -A INPUT -p tcp -m tcp -m state -i eth0 --dport 25 --state NEW -j ACCEPT

-A INPUT -p tcp -m tcp -m state -i eth0 --dport 110 --state NEW -j ACCEPT

-A INPUT -p tcp -m tcp -m state -i eth0 --dport 21 --state NEW -j ACCEPT

 

 

Estos puertos no me los abre. Por que será??????? Si le estoy especificando el puerto....

 

Archivo de conf.

 

# Generated by iptables-save v1.3.6 on Fri Nov  2 16:01:58 2007

*nat

:OUTPUT ACCEPT [0:0]

:PREROUTING ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

# ENMASCARO

-A POSTROUTING -s 172.16.45.172/32 -d 0.0.0.0/0.0.0.0 -o eth0 -j MASQUERADE

COMMIT

# Completed on Fri Nov  2 16:01:58 2007

# Generated by iptables-save v1.3.6 on Fri Nov  2 16:01:58 2007

*mangle

:PREROUTING ACCEPT [1:78]

:INPUT ACCEPT [1:78]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

COMMIT

# Completed on Fri Nov  2 16:01:58 2007

# Generated by iptables-save v1.3.6 on Fri Nov  2 16:01:58 2007

*filter

:FORWARD ACCEPT [0:0]

:INPUT DROP [0:0]

:OUTPUT ACCEPT [0:0]

# Accept traffic from internal interfaces

-A INPUT ! -i eth0 -j ACCEPT

# Accept traffic with the ACK flag set

-A INPUT -p tcp -m tcp --tcp-flags ACK ACK -j ACCEPT

# Allow incoming data that is part of a connection we established

-A INPUT -m state --state ESTABLISHED -j ACCEPT

# Allow data that is related to existing connections

-A INPUT -m state --state RELATED -j ACCEPT

# Accept responses to DNS queries

-A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT

# Accept responses to our pings

-A INPUT -p icmp -m icmp --icmp-type echo-reply -j ACCEPT

# Accept notifications of unreachable hosts

-A INPUT -p icmp -m icmp --icmp-type destination-unreachable -j ACCEPT

# Accept notifications to reduce sending speed

-A INPUT -p icmp -m icmp --icmp-type source-quench -j ACCEPT

# Accept notifications of lost packets

-A INPUT -p icmp -m icmp --icmp-type time-exceeded -j ACCEPT

# Accept notifications of protocol problems

-A INPUT -p icmp -m icmp --icmp-type parameter-problem -j ACCEPT

# Allow connections to our SSH server

-A INPUT -p tcp -m tcp --dport ssh -j ACCEPT

# Allow connections to our IDENT server

-A INPUT -p tcp -m tcp --dport auth -j ACCEPT

# Permito lo que yo quiera y a quien yo quiera

-A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT

-A INPUT -p tcp -m tcp --dport 3128 -j ACCEPT

-A INPUT -p tcp -m tcp -m state -i eth0 --dport ftp --state NEW -j ACCEPT

-A INPUT -p tcp -m tcp --dport 445 -j ACCEPT

-A INPUT -p tcp -m tcp -m state -i eth0 --dport 25 --state NEW -j ACCEPT

-A INPUT -p tcp -m tcp -m state -i eth0 --dport 110 --state NEW -j ACCEPT

# -A INPUT -p tcp -s 172.16.45.1 -j ACCEPT Enruto salida -A FORWARD -p tcp -j DROP

-A FORWARD -p tcp -m tcp -s 172.16.45.172/22 -d 0.0.0.0/0.0.0.0 -i eth0 -o eth0 -j ACCEPT

-A FORWARD -p tcp -m tcp -s 172.16.45.1/22 -d 0.0.0.0/0.0.0.0 -i eth0 -o eth0 -j ACCEPT

COMMIT

# Completed on Fri Nov  2 16:01:58 2007

 

 

Reply to: