Re: questions on iptables

[Piperみかこ <potthua@gmail.com>]

Hello

I have a server box who has public IP in the DC.

My requirements,

1. allow access to ssh and http port on the server from external.

2. allow access to any services from the server to external.

The #1 can be done by my rules already set.

But #2 doesn't work. for instance, when rsync connection to another server from that box, it won't work (connection timeout).

So how to ?

Thanks

On Sun, Dec 25, 2022 at 10:28 AM jeremy ardley <jeremy@ardley.org> wrote:

On 25/12/22 10:14, Piperみかこ wrote:
> Hello,
>
> I have setup the following iptables on linux server,
>
> sudo /usr/sbin/iptables -F
> sudo /usr/sbin/iptables -A INPUT -s 127.0.0.1 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -s xx.xx.xx.xx -j ACCEPT  # my server
> public IP
> sudo /usr/sbin/iptables -A INPUT -p tcp --dport 22 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -p tcp --dport 80 -j ACCEPT
> sudo /usr/sbin/iptables -A INPUT -p tcp -j DROP
>
> These rules work for incoming connections.
> But if I made a request from this server box to the external server,
> such as rsync to another remote server, it won't work.
>
> So how can I set up the outgoing rules as well?
>
> Thanks and happy holidays~
>
> Piper


It's not quite clear what you are doing. I guess your linux box is in
your LAN and you have an external server on the internet?

Anyway, it's usual to have a line like this to handle handshaking with
external systems.

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

--
Jeremy