Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Kloxo & Iptables
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Kloxo & Iptables

ZiggaZigga Member
edited September 2011 in Help

So I want to set up a few Kloxo servers (while ssh is cool, bit hard to share resources with friends or do quick changes in a hurry), I'm having some trouble with setting up Iptables though. I followed the standard Iptables setup but now the two servers are refusing to talk to each other. Telnet into the servers timeout. So I'm appealing to the good folk on Lowendtalk :)

Also check below for my Iptables setup.

Comments

  • !/bin/sh

    firewall

    chkconfig: 3 21 91

    description: Starts, stops iptables firewall

    case "$1" in
    start)

    Clear rules

    iptables -t filter -F
    iptables -t filter -X
    echo - Clear rules : [OK]

    SSH In

    iptables -t filter -A INPUT -p tcp --dport 22 -j ACCEPT
    echo - SSH : [OK]

    Don't break established connections

    iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
    echo - established connections : [OK]

    Block all connections by default

    iptables -t filter -P INPUT DROP
    iptables -t filter -P FORWARD DROP
    iptables -t filter -P OUTPUT DROP
    echo - Block all connections : [OK]

    Loopback

    iptables -t filter -A INPUT -i lo -j ACCEPT
    iptables -t filter -A OUTPUT -o lo -j ACCEPT
    echo - Loopback : [OK]

    ICMP (Ping)

    iptables -t filter -A INPUT -p icmp -j ACCEPT
    iptables -t filter -A OUTPUT -p icmp -j ACCEPT
    echo - PING : [OK]

    DNS In/Out

    iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
    iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
    iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
    iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
    echo - DNS : [OK]

    NTP Out

    iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
    echo - NTP : [OK]

    FTP Out

    iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp --dport 30000:50000 -j ACCEPT

    FTP In

    iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
    iptables -t filter -A INPUT -p tcp --dport 30000:50000 -j ACCEPT
    iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    echo - FTP : [OK]

    HTTP + HTTPS Out

    iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT

    HTTP + HTTPS In

    iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
    iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
    echo - HTTP/HTTPS : [OK]

    Mail SMTP:25

    iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
    echo - SMTP : [OK]

    Mail POP3:110

    iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
    echo - POP : [OK]

    Mail IMAP:143

    iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
    echo - IMAP : [OK]

    Kloxo

    iptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPT
    echo - Kloxo : [OK]

    echo - Firewall [OK]
    exit 0
    ;;

    stop)
    echo "Stopping Firewall: "
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -t filter -F
    exit 0
    ;;
    *)
    echo "Usage: /etc/init.d/firewall {start|stop}"
    exit 1
    ;;
    esac

    Kloxo(slave)

    iptables -t filter -A INPUT -p tcp -s Master-IP --dport 7779 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -d Master-IP --dport 7779 -j ACCEPT
    echo - Kloxo(slave) : [OK]

    Kloxo(master)

    iptables -t filter -A INPUT -p tcp -s SLAVE IP --dport 7779 -j ACCEPT
    iptables -t filter -A OUTPUT -p tcp -d SLAVE IP --dport 7779 -j ACCEPT
    echo - Kloxo(master) : [OK]

  • Maybe this should be on the wiki instead....

    http://www.lowendbox.com/wiki/

  • innyainnya Member
    edited September 2011

    I agree that should be in wiki.

  • But why wiki? He asked for help?

  • did you add slave kloxo as sever in master kloxo?

  • japon said: But why wiki? He asked for help?

    Agree, lol

    And well, I don't know so much about iptables, but why to use the filter table?

    My normal setup is... allow the ports that you want, and finally drop all.

  • My normal setup is... allow the ports that you want, and finally drop all.

    Would not better to first DROP and then ACCEPT?

  • That is another strategy :P

  • He asked for help?

    Sorry about that. Was thinking this was a tutorial on what to do.

  • innya said: did you add slave kloxo as sever in master kloxo?

    I'm sorry, what do you mean? When I turn off the firewall service I can send updates to the slave fine. I can update things etc. Although I do get remote auth errors.

    Well I'm heading over to the kloxo forums to ask for help.

    I should mention I'm from the world of windows/cisco, so my understanding of Iptables is severely limited!

    Thanks for the help guys!

Sign In or Register to comment.