Need HELP with IPTABLES RULES on an ubuntu router!!
by Big T from LinuxQuestions.org on (#5JF04)
hello, I am a student, and I need help I need to make these 2 "activities" and they are not working I send what I did and everything below (sorry for my English in advance) I also have to add I'm using this on a private local network:
I need to make on /etc/rc.local a script with some IPTABLES rules but they are not working and I think they should work.
1st one should allow FTP for a local network only (192.168.22.0/24) and I made this:
-sudo iptables -A INPUT -p tcp -s 192.168.22.0/24 --dport 20 -m conntrack --ctstate
NEW,ESTABLISHED -j ACCEPT
-sudo iptables -A OUTPUT -p tcp --sport 20 -m conntrack --ctstate ESTABLISHED -j
ACCEPT
-sudo iptables -A INPUT -p tcp -s 192.168.22.0/24 --dport 21 -m conntrack --ctstate
NEW,ESTABLISHED -j ACCEPT
-sudo iptables -A OUTPUT -p tcp --sport 21 -m conntrack --ctstate ESTABLISHED -j
ACCEPT
This does not work I do not know why.
The second activity was to allow SSH only from the local network (192.22.186.0/16 is an example network not the one I'm using btw):
-sudo iptables -A INPUT -p tcp --dport 22 -s 172.22.123.0/16 -j ACCEPT
-sudo iptables -A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
-sudo iptables -A INPUT -p tcp --dport 22 -j DROP
PLEASE IF YOU KNOW HOW TO DO THIS HIT ME UP Ill be so grateful, btw i let you what I tried and the versions of everything
Router: Ubuntu Server 18.04
Server: Ubuntu Server 18.04
Client: Windows 8.1 (not sure about the exact version)
The main problem Is that FTP allows everyone to use it while the idea is to make it only work for 192.168.22.0/24 network users. I am a newbie here and don't know why does not work, if there is an expert that knows where the mistake is hit me up. I'm working through a VPN and well should not allow me to connect from my pc neither from the VPN but it allows both of them.
VPN is used to connect virtually to proxmox.
Machines are in a local network with an IP 172.22.123.0/24, and the router has 2 pins one 172.22.123.254 and
the other 172.22.0.101/24 pin number1 is the one that redirects to the local network, and the second one goes to the classroom router and then to the internet.
Windows is just a local network client, to emulate like the user of the local network you have created with the router and the ubuntu server.
Sorry if I miss anything you can tell me what else you need the IPtables rules are written above. I'm a newbie this is a class practice
FTP AND SSH works correctly they thing is to fix the rules to make FTP work only to the network (192.168.22.0/24 class network)
and allow SSH from the local network only (so you cant access the server for example from outside of 172.22.123.0)
BTW thanks to all of you that may help and that took time to read it, have a Good Day/Night
I need to make on /etc/rc.local a script with some IPTABLES rules but they are not working and I think they should work.
1st one should allow FTP for a local network only (192.168.22.0/24) and I made this:
-sudo iptables -A INPUT -p tcp -s 192.168.22.0/24 --dport 20 -m conntrack --ctstate
NEW,ESTABLISHED -j ACCEPT
-sudo iptables -A OUTPUT -p tcp --sport 20 -m conntrack --ctstate ESTABLISHED -j
ACCEPT
-sudo iptables -A INPUT -p tcp -s 192.168.22.0/24 --dport 21 -m conntrack --ctstate
NEW,ESTABLISHED -j ACCEPT
-sudo iptables -A OUTPUT -p tcp --sport 21 -m conntrack --ctstate ESTABLISHED -j
ACCEPT
This does not work I do not know why.
The second activity was to allow SSH only from the local network (192.22.186.0/16 is an example network not the one I'm using btw):
-sudo iptables -A INPUT -p tcp --dport 22 -s 172.22.123.0/16 -j ACCEPT
-sudo iptables -A INPUT -p tcp --dport 22 -s 127.0.0.0/8 -j ACCEPT
-sudo iptables -A INPUT -p tcp --dport 22 -j DROP
PLEASE IF YOU KNOW HOW TO DO THIS HIT ME UP Ill be so grateful, btw i let you what I tried and the versions of everything
Router: Ubuntu Server 18.04
Server: Ubuntu Server 18.04
Client: Windows 8.1 (not sure about the exact version)
The main problem Is that FTP allows everyone to use it while the idea is to make it only work for 192.168.22.0/24 network users. I am a newbie here and don't know why does not work, if there is an expert that knows where the mistake is hit me up. I'm working through a VPN and well should not allow me to connect from my pc neither from the VPN but it allows both of them.
VPN is used to connect virtually to proxmox.
Machines are in a local network with an IP 172.22.123.0/24, and the router has 2 pins one 172.22.123.254 and
the other 172.22.0.101/24 pin number1 is the one that redirects to the local network, and the second one goes to the classroom router and then to the internet.
Windows is just a local network client, to emulate like the user of the local network you have created with the router and the ubuntu server.
Sorry if I miss anything you can tell me what else you need the IPtables rules are written above. I'm a newbie this is a class practice
FTP AND SSH works correctly they thing is to fix the rules to make FTP work only to the network (192.168.22.0/24 class network)
and allow SSH from the local network only (so you cant access the server for example from outside of 172.22.123.0)
BTW thanks to all of you that may help and that took time to read it, have a Good Day/Night