Port is open but I am unable to connect
Sascha Reissner
sascha.reissner at toxicnet.de
Tue Sep 7 21:35:04 CEST 2004
just to make sure.. you are certain, that you want -s 1.2.3.4?
this means source ip is 1.2.3.4 (so the ip you connect from, not the ip
you connect _to_)
Jacob Friis Larsen wrote:
> When I add -s 1.2.3.4 I am unable to connect to my server.
> nmap shows that the correct ports are open.
> Any ideas?
>
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 22 -m state
> --state NEW
>
> This is my script:
> <script>
> #!/bin/sh
>
> # Modules
> modprobe ip_conntrack_ftp
>
> # Defaults
> iptables -P INPUT DROP
> iptables -P FORWARD DROP
> iptables -P OUTPUT DROP
>
> # Flush
> iptables -t nat -F POSTROUTING
> iptables -t nat -F PREROUTING
> iptables -t nat -F OUTPUT
> iptables -F
>
> # STATE RELATED for router
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> # Localhost
> iptables -A INPUT -i lo -j ACCEPT
> iptables -A OUTPUT -o lo -j ACCEPT
>
> # Open ports on router for server/services
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 20 -m state
> --state NEW
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 21 -m state
> --state NEW
> iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 22 -m state
> --state NEW
> iptables -A INPUT -j ACCEPT -p tcp --dport 25 -m state --state NEW
> iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW
> iptables -A INPUT -j ACCEPT -p tcp --dport 143 -m state --state NEW
> iptables -A INPUT -j ACCEPT -p tcp --dport 993 -m state --state NEW
> </script>
>
> Thanks,
> Jacob
>
>
More information about the netfilter
mailing list