Slackware(64) 14.2 - Iptables Rules
by inukaze from LinuxQuestions.org on (#5CF2T)
Hi there again, yestarday i am trying to open and test some ports on my Slackware, on my Router the ports are open.
Short version :
I want to Open & Test the ports :
Code:RDP : 3389
VNC : 5900-5910
Kaillera : 27888
IceCast1? : 8000
IceCast2? : 27950-27965
SMP/VLC : 5298-5353
RetroArch : 55435
Mumble : 64738
Torrents : 6881-6891
SSH : 22
FTP : 20-21
Telnet : 23Well the thing was yesterday make trying to make that, testing with commands
iptables, nc, netstat
i delete the rules at all, the disaster was i don't have access to data traffic on my eth0, incluse the ethtool show me "Link detected: no", well i know that can be solve re-connecting the physical cable again xD.
After hours trying solutions i watch on internet, and not one work for me, i think i had an Slackware 14.2 of 32 Bits installed on another partition with the same configuration.
my dunno is "Which is the right way to apply with iptable the rules like" :
Code:*mangle
:PREROUTING ACCEPT [988:95064]
:INPUT ACCEPT [988:95064]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1868:149163]
:POSTROUTING ACCEPT [1868:149163]
*nat
:PREROUTING ACCEPT [28:6181]
:INPUT ACCEPT [28:6181]
:OUTPUT ACCEPT [501:33485]
:POSTROUTING ACCEPT [501:33485]
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [535:43223]=============================================================
Extended Version :
i make a backup of that iptables rules and import to my Slackware64 14.2, the file had the follow content :
Code:# Generated by iptables-save v1.6.0 on Wed Jan 6 01:45:02 2021
*mangle
:PREROUTING ACCEPT [988:95064]
:INPUT ACCEPT [988:95064]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1868:149163]
:POSTROUTING ACCEPT [1868:149163]
COMMIT
# Completed on Wed Jan 6 01:45:03 2021
# Generated by iptables-save v1.6.0 on Wed Jan 6 01:45:03 2021
*nat
:PREROUTING ACCEPT [28:6181]
:INPUT ACCEPT [28:6181]
:OUTPUT ACCEPT [501:33485]
:POSTROUTING ACCEPT [501:33485]
COMMIT
# Completed on Wed Jan 6 01:45:03 2021
# Generated by iptables-save v1.6.0 on Wed Jan 6 01:45:03 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [535:43223]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-host-unreachable
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
COMMIT
# Completed on Wed Jan 6 01:45:04 2021Someone can sayme each command with iptables to apply exactaly that same configuration manually ?
my dunno is "Which is the right way to apply with iptable the rules like" :
Code:*mangle
:PREROUTING ACCEPT [988:95064]
:INPUT ACCEPT [988:95064]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1868:149163]
:POSTROUTING ACCEPT [1868:149163]
*nat
:PREROUTING ACCEPT [28:6181]
:INPUT ACCEPT [28:6181]
:OUTPUT ACCEPT [501:33485]
:POSTROUTING ACCEPT [501:33485]
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [535:43223]i know the "-A INPUT . . ." just need to be precceded by iptables command like :
Code:iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-host-unreachable
iptables -A INPUT -p udp -m udp --dport 123 -j ACCEPTI use the chroot environment for make the backup of iptables rules from my another distro :
Code:TARGET=/media/Slack32 ; \
mount --rbind /proc $TARGET/proc ; \
mount --make-rslave $TARGET/proc ; \
mount --rbind /sys $TARGET/sys ; \
mount --make-rslave $TARGET/sys ; \
mount --rbind /dev $TARGET/dev ; \
mount --make-rslave $TARGET/dev ; \
mount --bind /etc/fstab $TARGET/etc/fstab ; \
mount --bind /etc/resolv.conf $TARGET/etc/resolv.conf ; \
linux32 chroot $TARGET /bin/bash -lInside the chroot environment i make a backup of the iptables rules with
Code:iptables-save > iptables-slack32.iptablesi exit and remount the devices on my Slackware64 14.2
Code:exit ; umount -l $TARGET ; mount -ai go the the mountpoint of Slackware 14.2 and use iptables-restore for read the another configuration file to import
[CODE]cd /media/Slack32 ; su -c "iptables-restore < ./iptables-slack32.iptables ; iptables-save ; ldconfig" root
The final thing i do was :
Code:/etc/rc.d/rc.NetworkManager stop
/etc/rc.d/rc.inet1 stop
/etc/rc.d/rc.inet2 stop
/etc/rc.d/rc.inetd stop
/etc/rc.d/rc.inet1 start
/etc/rc.d/rc.inet2 start
/etc/rc.d/rc.inetd start
/etc/rc.d/rc.NetworkManager start
ip link set eth0 down
ip link set eth0 upAnd i got internet again.
Short version :
I want to Open & Test the ports :
Code:RDP : 3389
VNC : 5900-5910
Kaillera : 27888
IceCast1? : 8000
IceCast2? : 27950-27965
SMP/VLC : 5298-5353
RetroArch : 55435
Mumble : 64738
Torrents : 6881-6891
SSH : 22
FTP : 20-21
Telnet : 23Well the thing was yesterday make trying to make that, testing with commands
iptables, nc, netstat
i delete the rules at all, the disaster was i don't have access to data traffic on my eth0, incluse the ethtool show me "Link detected: no", well i know that can be solve re-connecting the physical cable again xD.
After hours trying solutions i watch on internet, and not one work for me, i think i had an Slackware 14.2 of 32 Bits installed on another partition with the same configuration.
my dunno is "Which is the right way to apply with iptable the rules like" :
Code:*mangle
:PREROUTING ACCEPT [988:95064]
:INPUT ACCEPT [988:95064]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1868:149163]
:POSTROUTING ACCEPT [1868:149163]
*nat
:PREROUTING ACCEPT [28:6181]
:INPUT ACCEPT [28:6181]
:OUTPUT ACCEPT [501:33485]
:POSTROUTING ACCEPT [501:33485]
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [535:43223]=============================================================
Extended Version :
i make a backup of that iptables rules and import to my Slackware64 14.2, the file had the follow content :
Code:# Generated by iptables-save v1.6.0 on Wed Jan 6 01:45:02 2021
*mangle
:PREROUTING ACCEPT [988:95064]
:INPUT ACCEPT [988:95064]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1868:149163]
:POSTROUTING ACCEPT [1868:149163]
COMMIT
# Completed on Wed Jan 6 01:45:03 2021
# Generated by iptables-save v1.6.0 on Wed Jan 6 01:45:03 2021
*nat
:PREROUTING ACCEPT [28:6181]
:INPUT ACCEPT [28:6181]
:OUTPUT ACCEPT [501:33485]
:POSTROUTING ACCEPT [501:33485]
COMMIT
# Completed on Wed Jan 6 01:45:03 2021
# Generated by iptables-save v1.6.0 on Wed Jan 6 01:45:03 2021
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [535:43223]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -j ACCEPT
-A INPUT -i eth1 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-host-unreachable
-A INPUT -p udp -m udp --dport 123 -j ACCEPT
COMMIT
# Completed on Wed Jan 6 01:45:04 2021Someone can sayme each command with iptables to apply exactaly that same configuration manually ?
my dunno is "Which is the right way to apply with iptable the rules like" :
Code:*mangle
:PREROUTING ACCEPT [988:95064]
:INPUT ACCEPT [988:95064]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1868:149163]
:POSTROUTING ACCEPT [1868:149163]
*nat
:PREROUTING ACCEPT [28:6181]
:INPUT ACCEPT [28:6181]
:OUTPUT ACCEPT [501:33485]
:POSTROUTING ACCEPT [501:33485]
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [535:43223]i know the "-A INPUT . . ." just need to be precceded by iptables command like :
Code:iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -i eth0 -j ACCEPT
iptables -A INPUT -i eth1 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8000 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j REJECT --reject-with icmp-host-unreachable
iptables -A INPUT -p udp -m udp --dport 123 -j ACCEPTI use the chroot environment for make the backup of iptables rules from my another distro :
Code:TARGET=/media/Slack32 ; \
mount --rbind /proc $TARGET/proc ; \
mount --make-rslave $TARGET/proc ; \
mount --rbind /sys $TARGET/sys ; \
mount --make-rslave $TARGET/sys ; \
mount --rbind /dev $TARGET/dev ; \
mount --make-rslave $TARGET/dev ; \
mount --bind /etc/fstab $TARGET/etc/fstab ; \
mount --bind /etc/resolv.conf $TARGET/etc/resolv.conf ; \
linux32 chroot $TARGET /bin/bash -lInside the chroot environment i make a backup of the iptables rules with
Code:iptables-save > iptables-slack32.iptablesi exit and remount the devices on my Slackware64 14.2
Code:exit ; umount -l $TARGET ; mount -ai go the the mountpoint of Slackware 14.2 and use iptables-restore for read the another configuration file to import
[CODE]cd /media/Slack32 ; su -c "iptables-restore < ./iptables-slack32.iptables ; iptables-save ; ldconfig" root
The final thing i do was :
Code:/etc/rc.d/rc.NetworkManager stop
/etc/rc.d/rc.inet1 stop
/etc/rc.d/rc.inet2 stop
/etc/rc.d/rc.inetd stop
/etc/rc.d/rc.inet1 start
/etc/rc.d/rc.inet2 start
/etc/rc.d/rc.inetd start
/etc/rc.d/rc.NetworkManager start
ip link set eth0 down
ip link set eth0 upAnd i got internet again.