On 05/25/2010 02:30 PM, Bob Goodwin wrote:
> On 25/05/10 06:45, kalinix wrote:If this applies for ssh only, you could
> do something like this, on box9:
>>
>>
>> IPTABLES -I INPUT -i eth0 -s ip.of.box.6 -p tcp -m tcp --dport 22 -j
>> ACCEPT
>>
>>
>> If you need more services to be available for box9, you simply let out
>> -m tcp and --dport 22, to get this:
>>
>>
>> IPTABLES -I INPUT -i eth0 -s ip.of.box.6 -j ACCEPT
>>
>>
>> To see all the packages from box6, you can insert the rule below:
>>
>>
>> IPTABLES -I INPUT -i eth0 -s ip.of.box.6 -m state --state NEW -j LOG
>> --log-prefix "IPTABLES - NEW PACKETS FROM BOX6: " --log-level 6
>>
>>
>> and watch the result in /var/log/messages (with tail -f /var/log/messages)
>>
>>
>>
>>
>>
>> Calin
>>
>
>
>
> I am using the provided F-12 iptables firewall. All I recall
> changing was opening a port for VOIP. This problem has existed since
> I originally installed this version. This is 64 bit while box9 which
> works as expected is 32, other than that they are similar F-12's on
> Dell boxes.
>
> I installed a gigabit NIC on this box6 and and a new fast switch,
> data transfer is fast but I would like to be able to make it work
> from either end. I have three computers tied together through the
> new switch, one is an NFS server.
>
> Man iptables says:
>
> iptables [-t table] {-A|-D} chain rule-specification
>
>
> Would this then be the correct command to use?
>
> iptables -A IPTABLES -I INPUT -i eth0 -s ip.of.box6 -m state
> --state NEW -j LOG --log-prefix "IPTABLES - NEW PACKETS FROM
> BOX6: " --log-level 6
You have conflicting options there. "-A" appends a rule to the end of a
chain, "-I" inserts a rule (by default, at the top) of a chain.
If you want to log ALL new connections from box6 (remember that the "-s"
bit is specifying connections coming FROM box6), use the "-I"
version. If you want to just catch connections not already handled
by the rules, use the "-A" version.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer, C2 Hosting ricks@xxxxxxxx -
- AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 -
- -
- I haven't lost my mind. It's backed up on tape somewhere, but -
- probably not recoverable. -
----------------------------------------------------------------------
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
