Networker

Re: [Networker] IPTABLES on Networker Server?

2009-06-15 10:25:36
Subject: Re: [Networker] IPTABLES on Networker Server?
From: Francis Swasey <Frank.Swasey AT UVM DOT EDU>
To: NETWORKER AT LISTSERV.TEMPLE DOT EDU
Date: Mon, 15 Jun 2009 10:15:10 -0400
On 6/15/09 9:52 AM, Matt Temple wrote:
Dear Networker group,

Is there anyone reading this list who is running Linux
on a Networker Server and who is also running IPTABLES,
who would be willing to share his/her IPTABLES
settings.

Uhm... yes... what do you need to know?

I have the following rules:

-m tcp -p tcp -s <client_network> --dport 7937:9936 -j ACCEPT
-m udp -p udp -s <client_network> --dport 7938 -j ACCEPT

and in general you will always need:

-m state --state ESTABLISHED,RELATED -j ACCEPT

I picked 7937:9936 because that was the output of the nsrports command on my server. If you have run nsrports and adjusted the Service ports, you should adjust the iptables rule to match.

--
Frank Swasey                    | http://www.uvm.edu/~fcs
Sr Systems Administrator        | Always remember: You are UNIQUE,
University of Vermont           |    just like everyone else.
  "I am not young enough to know everything." - Oscar Wilde (1854-1900)

To sign off this list, send email to listserv AT listserv.temple DOT edu and type 
"signoff networker" in the body of the email. Please write to networker-request 
AT listserv.temple DOT edu if you have any problems with this list. You can access the 
archives at http://listserv.temple.edu/archives/networker.html or
via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER