[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IPTables, IRC, and SSH

Hash: SHA1

>>>>> "Troy" == Troy Telford <troyt@myrealbox.com> writes:

    Troy>   I have every ruleset for my firewall set how I want it... except
    Troy> for IRC and ssh...

    [cut IRC part, cuz I don't use IRC so I wouldn't know]

    Troy> Second - SSH - I would like iptables to accept incoming connections
    Troy> to OpenSSH, but from a specific domain (myschool.edu).  However, I
    Troy> don't know the IP range for the domain, nor do I know how to set
    Troy> IPtables to allow connections from only that domain.  For that
    Troy> matter, I have only been able to have incoming SSH connections when
    Troy> iptables allows ALL incoming connections.  So what commands do I need
    Troy> to use for SSH?  (Again, with state tracking would be preferred).

Pick a machine in the domain and find out its IP address (nslookup).  Then run

  whois -h whois.arin.net [IP address]

In the output, look for the line that says "Netblock:".  It will give a range
of addresses.  Pretend that it says -  Then add rules
that go something like this:

/usr/sbin/iptables -N ssh_in
/usr/sbin/iptables -A ssh_in -d -j ACCEPT
/usr/sbin/iptables -A ssh_in -j REJECT

/usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ssh_in

(of course, put it in whatever style you like for the chains, and you can use
DROP instead of REJECT)

The "/16" means that the first 16 bits (i.e. 2 bytes) of the address are the
ones that matter.  You'll have to change that to fit whatever you find out from
whois, but if it's an .edu, it'll probably be 16.



- -- 
____     |     -----------------------------------------------------------
|  /   --+--
| /   ___|___    Hubert Chan <hackerhue@crosswinds.net>
| \   | _|_ |
|__|  |__|__|    GCS/M d- s:- a-- C++ UL+(++++) P++ L++ E++ W++ N++ o?
|        |       K? w--- O++ M- V- PS-- PE+++ Y+ PGP+ t+ 5 X R- tv+ b+
|      / | \     DI++++ D G e++ h! !r !y
|     /  |  \
|        |     <><------------------ http://www.crosswinds.net/~hackerhue/

PGP/GnuPG fingerprint: 6CC5 822D 2E55 494C 81DD  6F2C 6518 54DF 71FD A37F
Key can be found at http://www.crosswinds.net/~hackerhue/hackerhue.asc
Please encrypt all mail to me if possible.
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.5 and Gnu Privacy Guard <http://www.gnupg.org/>


Reply to: