Firewall iptables, what is the rule to allow server additional ips?

Forum Moderators: phranque

Message Too Old, No Replies

Firewall iptables, what is the rule to allow server additional ips?

basketmen

12:13 pm on Nov 15, 2015 (gmt 0)

I have 5 ips
1.1.1.1
1.1.1.2
1.1.1.3
1.1.1.4
1.1.1.5

i already install openvz & openvz webpanel in main ip
then create a vps with ip 1.1.1.2

i cant open 1.1.1.2 in browser address & ssh, but if i disable iptables firewall, i can open it

service iptables save
service iptables stop
chkconfig iptables off

so i need to enable iptables firewall, what is the rule so i can to allow the server additional ips (1.1.1.2-1.1.1.5) in /etc/sysconfig/iptables ?

i tried these but still not right

-A INPUT -s 1.1.1.2 -j ACCEPT
-A INPUT -s 1.1.1.2 -d 1.1.1.5 -p tcp -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --s 1.1.1.2 -j ACCEPT
-A INPUT -i eth0 -m iprange --src-range 1.1.1.2-1.1.1.5 -j ACCEPT

please help guys

lammert

2:07 pm on Nov 15, 2015 (gmt 0)

Without knowing the rest of the configuration of your firewall it is difficult to say what would be the optimal configuration line. What you are trying to do here is to open an IP address for all outgoing traffic on all ports, which is probably not what you want. I assume you want to open the addresses for incoming traffic and only on specific ports. Also, did you reload the iptables configuration into the firewall after the change, or did you only change the configuration file? The latter will not have much effect.

You could try the following line and see if it has any effect:

-A INPUT --destination 1.1.1.2 --dport 80 -j ACCEPT

What this basically does is accepting traffic with as destination port 80 on 1.1.1.2. Traffic to other ports on that IP address is not allowed.