iptables

V4mpireuk

Verified User
Joined
Mar 29, 2010
Messages
33
Hi,

I was wondering if iptables is configured with directadmin or if it leaves it entirely down to the user as the usual rules file under /etc/sysconfig/iptables doesn't exist and cant tell if its running or not because on my home server is doesn't show in ps x either so no idea if its set for some unusual file name for the rules or not can anyone help also if its not setup and running on boot can anyone give me a list of ALL the required ports that are used in conjuction with a directadmin server like mail/da itself ssh etc.

Cheers,

Gary
 
You need to set up iptables yourself. DirectAdmin does not manage it at all nor should it.
 
iptables is the user interface to the linux kernel's netfilter modules.

You can install iptables on your linux server using your OS Distribution's package manager, and then install one of the firewalls listed in these forums, as the defaults won't work on a webserver/mailserver.

Jeff
 
i can use iptables fine its also installed and doesn't show as running same on another server as mine without directadmin but only the ports forwarded on iptables work but doesn't show as running... can somone give me all the ports used on a directadmin server as i dont know all of them off hand and cant find the info
 
Well DirectAdmin use just 2222.. then there are the services.. i should miss some.. but...

Apache 80 443 (SSL)
POP3 110 995 (SSL)
SMTP 25 548/465 (SSL)
IMAP 143 993 (SSL)
FTP 21
SSH 22
NAMED/BIND 53
MYSQL 3306 - NOT NECESSARY TO BE OPENED IF YOU DONT WANNA GIVE EXTERNAL ACCESS TO DATABASES

As i sayd i should have forget some... but those should be almost all the most importants.

Regards.
 
ok thanks will give them a try and see if anything if blocked but to me that rings a bell to be the correct list and no others unless i run something
 
As I mentioned before, iptables is a user interface to a stuff built into the kernel. It's not a daemon, and will never show up as running. On one of my CentOS box (the only one I've just tested) when I use
Code:
# service iptables status
I get a list of the current status of all the ports; the same as I'd get if I ran
Code:
# iptables -L
but not in the same format.

Jeff
 
well i've done all the ports and its blocking dns when running even tho port 53 is open does da use a non-standard port as in the config in /etc/named.conf its commented out as not needed if using standard port it seems but i cant find anywhere stating another port
 
For DNS you should open port 53 for both TCP/IP and for UDP, both in and out. When you do that you generally don't need to uncomment that line. At least, I don't, when using the KISS firewall.

Jeff
 
How to redirect loopback interface traffic to ethernet interface

What I am trying to Achieve:
==================
Test/Configure All NAT Scenarios(Full Cone,Port Restricted etc) by (1) .using iptables (2) ethernet interface (3) loopback interface

Setted Up following configuration :
=====================

I am running one VM in a Linux BOX, and performed following configuration :

Linux BOX IP is : 192.168.0.4
Linux Box Virtual Box Gateway IP is : 192.168.56.1

Running Stun Server Binded on : 192.168.56.1 (Primary) and 192.168.0.4 (Secondary)

Running Stun Client on VM at 127.0.0.1 :2000 , and configured iptables rules to forward loopback interface traqffic to ethernet interface (192.168.56.102) and vice versa

Expected Result
=========

I should configure each NAT Simulation via iptables/ethernet/loopback interface on which STUN Server running on Host and Stun Client running on VM, and it should tell the *type of NAT*

Actual Result
========
iptables doing nothing with the packets in/out to loopback interface
sendto call fails with error : "error 22 invalid arguement" because socket has bind with 127.0.0.1:2000 and destination address is : 192.168.56.1



See below in short
================
[Loopback-Interface(127.0.0.1 :2000 / *Running STUN Client*/ VM) -->[*IPTABLES RULES TO/FROM*] <-- Ethernet-Interface(VM -- 192.168.56.102:2000) ==>|| ==> HOST(Gateway - 192.168.56.1:3478 - *Running STUN Server*)] ::



Examples Rules ::

sudo iptables -t nat -A POSTROUTING -o eth0 -p udp --source 127.0.0.1 --sport 2000 -j SNAT --to-source 192.168.56.102

sudo iptables -t nat -A POSTROUTING -o eth0 -p tcp --source 127.0.0.1 --sport 2001 -j SNAT --to-source 192.168.56.102
sudo iptables -t nat -A PREROUTING -i eth0 -p udp --destination 192.168.56.102 --dport 2000 -j DNAT --to-destination 127.0.0.1

sudo iptables -t nat -A PREROUTING -i eth0 -p tcp --destination 192.168.56.102 --dport 2000 -j DNAT --to-destination 127.0.0.1



// It Seems iptables doesn't pick packets from loopback interface



References : http://www.linuxquestions.org/quest...redirect-127-0-0-1-to-192-168-1-113-a-818817/

Please let me know if any body can help on this.
 
Back
Top