iptables configuration - only one port is open

**groob** · 11-08-2010, 00:33

Hello!

I went through a lot of tutorials and posts here, but still no luck in solving my problem. So I decided to ask you for help.

I'd like to achieve two things - have SSH available from WAN as well as a range of ports for rtorrent. This means port 22 and i.e. 51777-51800 ports to be open.

My current post-firewall file is:

Code:

#!/bin/sh
iptables -D INPUT -j DROP
iptables -A INPUT -p tcp --syn -i "$1" --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 51777:51800 -j ACCEPT
iptables -A INPUT -j DROP

Unfortunately (when testing with http://ping.eu/port-chk/) I can confirm only 22 port to be open. The next line is for some reason ignored.

Could anyone tell me what is wrong here?

**Tamadite** · 12-08-2010, 21:46

Is the router the device where you run rtorrent?

**groob** · 12-08-2010, 21:57

Yes, rtorrent is launched there.

**Tamadite** · 12-08-2010, 22:06

Run

Code:

iptables -L INPUT -n -v

and check if the rule is there. The first column will tell you the number of packets that have matched the rule.

**groob** · 12-08-2010, 22:09

The output tells me nothing, so I'm pasting it here:

Code:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    2   112 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID
  13M 2098M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
16608  995K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          state NEW
55370   18M ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0          state NEW
    0     0 ACCEPT     2    --  *      *       0.0.0.0/0            224.0.0.0/4
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.0/4        udp dpt:!1900
54315 4182K SECURITY   all  --  vlan1  *       0.0.0.0/0            0.0.0.0/0          state NEW
  139 45592 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp spt:67 dpt:68
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:21
  118  7099 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
 4016  240K ACCEPT     tcp  --  vlan1  *       0.0.0.0/0            0.0.0.0/0          tcp dpt:22 flags:0x16/0x02
49000 3770K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

**Tamadite** · 14-08-2010, 15:55

Originally Posted by groob

The output tells me nothing, so I'm pasting it here:

Code:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    2   112 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          state INVALID
  13M 2098M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
16608  995K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          state NEW
55370   18M ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0          state NEW
    0     0 ACCEPT     2    --  *      *       0.0.0.0/0            224.0.0.0/4
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            224.0.0.0/4        udp dpt:!1900
54315 4182K SECURITY   all  --  vlan1  *       0.0.0.0/0            0.0.0.0/0          state NEW
  139 45592 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0          udp spt:67 dpt:68
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            192.168.1.1        tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0          tcp dpt:21
  118  7099 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
 4016  240K ACCEPT     tcp  --  vlan1  *       0.0.0.0/0            0.0.0.0/0          tcp dpt:22 flags:0x16/0x02
49000 3770K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

try:

Code:

iptables -I INPUT -p tcp --dport 51777:51800 -j ACCEPT

**groob** · 14-08-2010, 16:04

I'm afraid nothing has changed...
Still only 22 is open.

This is how iptables looks now:

Code:

iptables -D INPUT -j DROP

iptables -A INPUT -p tcp --syn -i "$1" --dport 22 -j ACCEPT
iptables -I INPUT -p tcp --dport 51777:51800 -j ACCCEPT

iptables -A INPUT -j DROP

**Tamadite** · 14-08-2010, 17:03

Given the INPUT table you showed you should run just the command I gave you. That's why I quoted the INPUT table.

**groob** · 14-08-2010, 17:08

I may not understand you clearly.
Do you want me to leave only one coomand in my post-firewall file?

Thread: iptables configuration - only one port is open

Thread Tools

Rate This Thread

Display

Hybrid View

iptables configuration - only one port is open

Similar Threads

wl-700ge + kamikaze/x-wrt: wie ports für emule/bittorrent freigeben

MSN blocking

Tags for this Thread

Posting Permissions