Sunday, 11 August 2013

Don't manage to set up iptables rules for client/server socket exchange on localhost

Don't manage to set up iptables rules for client/server socket exchange on
localhost

I am a client/server-IPC-iptables near-newbbie. I have made my homeworks
deeply during one year and thought this should work :
# cat /root/firewall/iptable | nocomment
iptables -F
iptables -F -t nat
iptables -P FORWARD DROP
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 1 -s 127.0.0.0/24 -p tcp --dport 80:65535 -j ACCEPT
iptables -I INPUT 1 -s 127.0.0.0/24 -p udp --dport 80:65535 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -s 127.0.0.0/24 -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -p udp -m udp --dport 631 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/24 -p tcp -m tcp --dport 631 -j ACCEPT
iptables -A INPUT -p tcp -i eth0 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -i eth0 -j REJECT --reject-with
icmp-port-unreachable
iptables -L -v -n
/etc/init.d/iptables save
# /root/firewall/iptable
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * * 127.0.0.0/24
0.0.0.0/0 udp dpts:80:65535
0 0 ACCEPT tcp -- * * 127.0.0.0/24
0.0.0.0/0 tcp dpts:80:65535
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 192.168.0.0/24
0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- * * 127.0.0.0/24
0.0.0.0/0 icmptype 0
0 0 ACCEPT udp -- * * 192.168.0.0/24
0.0.0.0/0 udp dpt:631
0 0 ACCEPT tcp -- * * 192.168.0.0/24
0.0.0.0/0 tcp dpt:631
0 0 REJECT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- eth0 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
* Saving iptables state ...
# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 xxxx::xxxx:xxxx:xxxx:xxxx prefixlen 64 scopeid 0x20<link>
inet6 xxxx::xxxx:xxxx:xxxx:xxxx::xxxx:xxxx:xxxx prefixlen 64
scopeid 0x0<global>
inet6 xxxx::xxxx:xxxx:xxxx::10 prefixlen 64 scopeid 0x0<global>
ether xx:xx:xx:xx:xx:xx txqueuelen 1000 (Ethernet)
RX packets 204122 bytes 114225536 (108.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 230083 bytes 27756306 (26.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 17
# ifconfig lo
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Boucle locale)
RX packets 443796 bytes 25809111 (24.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 443796 bytes 25809111 (24.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ping 127.0.0.1 does not work.
A client/server socket exchange on port 9000 does not work (from a web
example).
Browsing the Web works
What am I doing wrong please ?
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)