This shows you the differences between two versions of the page.
Next revision Both sides next revision | |||
network:firewall [2016/02/03 20:58] walter created |
network:firewall [2016/02/04 21:38] walter [How to Open a Port] |
||
---|---|---|---|
Line 4: | Line 4: | ||
====== How to Open a Port ====== | ====== How to Open a Port ====== | ||
+ | <WRAP center round important 60%> | ||
+ | Don't forget to save the new config with **iptables-save > /etc/iptables/iptables.conf** unless editing the config directly. | ||
+ | </WRAP> | ||
- | FIXME | + | **First** gather the list of ports you need on which protocol. |
+ | |||
+ | ===== INPUT Chain ===== | ||
+ | This allows the port to make it through the INPUT chain and onto forwarding. \\ | ||
+ | The affects the INPUT chains for ALL network devices, although loopback is handled prior to this. \\ | ||
+ | Use the -i <interface> flag to restrict the rule to one network interface.\\ | ||
+ | ==== Single Port ==== | ||
+ | <code> | ||
+ | iptables -A <TCP|UDP> -p <tcp|udp> -m <tcp|udp> --dport <port> -j ACCEPT | ||
+ | </code> | ||
+ | ==== Multiple Ports ==== | ||
+ | <code> | ||
+ | iptables -A <TCP|UDP> -p <tcp|udp> -m multiport --dports <port1>,<port2>,...,<portN> -j ACCEPT | ||
+ | </code> | ||
+ | ===== FORWARD Chain ===== | ||
+ | |||
+ | If this interface has not been added to the list of interfaces allowed to forward packets between them, you must first add it with. | ||
+ | <code> | ||
+ | iptables -A fw-interfaces -i <interface> -j ACCEPT | ||
+ | </code> | ||
+ | Afterwards, you can add the rules that forward ports to specific machines. | ||
+ | ==== Single Port ==== | ||
+ | <code> | ||
+ | iptables -A fw-open -d <x.x.x.x/32> -p <tcp|udp> -m <tcp|udp> --dport <port> -j ACCEPT | ||
+ | </code> | ||
+ | ==== Multiple Ports ==== | ||
+ | <code> | ||
+ | iptables -A fw-open -d <x.x.x.x/32> -p <tcp|udp> -m multiport --dports<port1>,<port2>,...,<portN> -j ACCEPT | ||
+ | </code> |