[WLUG] Need IPTABLES help please

Carl T. Miller carl at carltm.com
Fri Jan 3 09:51:42 EST 2020 

Hi Jay,

I'd be willing to assist, although I'll need more info.

First, send me the output of this command, which details
all the rules currently running, even some that you normally
do not see.

(for t in security nat raw mangle filter; do iptables -nvL -t $t | sed \
"s/^C/Table ipv4 $t: C/"; done; for t in security raw mangle filter;
do iptables -nvL -t $t | sed "s/^C/Table ipv6 $t: C/"; done) |\
sed '/^$/d;s/\(^[^T]\)/   \1/'

Next, send me a copy of the iptables config files.  These vary
based on the distro and the firewall options that have been
chosen.

For security purposes, feel free to send this info to carl at carltm.com
rather than the list.

c


On 1/2/20 9:12 PM, Jay Nugent wrote:
> Greetings,
>    I really suck at IPTABLES, so I've been reluctant to delve into 
> this problem and thought that direction from a knowledable advisor 
> would be better than just getting frustrated and putting it off for 
> another month, or two, or a year.   There is no IPTABLES firewall 
> currently configured per 'iptables -L'.
>
>
>    Here is what I have:
>
>       o A Raspberry-Pi sitting on my LAN (192.168.1.46)
>       o An instance on JNOS packet Radio software that runs its own IP
>         stack and talks to the Linux IP stack through a Tunnel (TUN0) 
> with
>         192.168.1.45 on the Linux end and 192.168.1.44 on the JNOS end.
>         NOTE:  192.168.1.44 is Proxy ARPed onto the ETH0 interface
>
>    Routing all works fine, as packets addressed to 192.168.1.44 on the 
> LAN are received by the Linux IP stack and are routed up the Tunnel to 
> JNOS, and vice verse.
>
>
>    Here is what I need IPTABLES to do:
>
>       o Block all TELNET(23), FTP(20,21), and SMTP(25) inbound 
> connections
>         from the ETH0 interface on the LAN that are destined up the 
> Tunnel
>         to JNOS (192.168.1.44).
>
>       o It would be nice to *not* block these services from the
>         Raspberry-Pi itself, for Telnet especially.
>
>
>    Can anyone assist with the rules I'll need to enter?
>
>
>       Thanks!
>          --- Jay Nugent  WB8TKL
>
> ______________________________________________________
> washlug mailing list    washlug web site
> washlug at washlug.org     www.washlug.org
> http://linux.marcdatabase.com/mailman/listinfo/washlug
>
>

More information about the washlug mailing list