Ping a Specific Port

Question

tftd

Asked: 2012-04-06 14:35:15 +0800 CST2012-04-06 14:35:15 +0800 CST 2012-04-06 14:35:15 +0800 CST

Set generic iptables rules?

772

This may be a really dumb question but how can you open a port on multiple interfaces without defining the interfaces? For example how do I open port 22 on all interfaces?

On my machine I have some interfaces that are dynamic and may or may not be available so I have to set "generic" rules.

This code is not working for me but I can't figure out why:

# My default policy is to drop the input.
# The other policies are required like that.
$IPTABLES -P INPUT DROP
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -t nat -P POSTROUTING ACCEPT
$IPTABLES -t nat -P PREROUTING ACCEPT
$IPTABLES -t mangle -P OUTPUT ACCEPT
$IPTABLES -t mangle -P PREROUTING ACCEPT

#Open port 22 on all interfaces ?
$IPTABLES -A INPUT -p tcp --dport 22 -j ACCEPT

So apparently there's something wrong with the last line... but I can't see it?

Edit: iptables -nvL

root@machine:/etc/rc.d# iptables -nvL
Chain INPUT (policy DROP 22 packets, 1378 bytes)
 pkts bytes target     prot opt in     out     source               destination
   18  1484 ACCEPT     all  --  *      *       192.168.0.0/24     192.168.0.1
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    4   236 ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0
    0     0 DROP       all  --  eth1   *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     all  --  192.168.0.1 *       0.0.0.0/0            0.0.0.0/0
   24  1362 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:53
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:53
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:80
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           tcp dpt:443
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp dpt:443

Chain FORWARD (policy ACCEPT 490 packets, 194K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 49 packets, 35544 bytes)
 pkts bytes target     prot opt in     out     source               destination

1 Answers

Voted

phemmer · Answer 1 · 2012-04-06T16:55:35+08:00

Best Answer

phemmer

2012-04-06T16:55:35+08:002012-04-06T16:55:35+08:00

According to your iptables -nvL output, you have a rule to drop all traffic coming in eth1. This is likely your issue.

The rule youre trying to add uses -A INPUT, so it appends the rule to the end of the chain. Given that there are other rules in your -nvL output that arent in your script, I'm guessing you have some other rules that are being applied elsewhere first.

The solution here is to change the -A INPUT to -I INPUT which will add the rule at the beginning, before the DROP rule.

3

Set generic iptables rules?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?