What do I need to

... make this work.....


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i lo -m comment --comment "Allow loopback connections" -j ACCEPT
iptables -A INPUT -i gre1 -m comment --comment "Allow loopback connections" -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A INPUT -p icmp -m comment --comment "Allow Ping to work as expected" -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.168.0/30 -j SNAT --to-source <ip>


iptables -A INPUT -p tcp -m multiport --destination-ports 22,53,8080,655,47 -j ACCEPT
iptables -A INPUT -p udp -m multiport --destination-ports 655,53,47 -j ACCEPT
iptables -A INPUT -p udp -d 209.141.39.50 -m multiport --destination-ports 27005:27030,27100:27120,28000:28020 -j ACCEPT
iptables -A INPUT -p tcp -d 209.141.39.50 -m multiport --destination-ports 27015,27100:27120 -j ACCEPT

# Pre
iptables -t nat -A PREROUTING -p udp -d 209.141.39.50 -m multiport --destination-ports 27005:27030,27100:27120,28000:28020 -j DNAT --to-destination 192.168.168.2
iptables -t nat -A PREROUTING -p tcp -d 209.141.39.50 -m multiport --destination-ports 27015,27100:27120 -j DNAT --to-destination 192.168.168.2

iptables -A FORWARD -p udp -d 192.168.168.2 -m multiport --destination-ports 27005:27030,27100:27120,28000:28020 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.168.2 -m multiport --destination-ports 27015,27100:27120 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#iptables -P INPUT DROP
#iptables -P FORWARD DROP


What am I missing.... when I enable the drops at the end, I get no connections through at all from gre.

I have never seen default policies at the end of an iptables script...they typically go at the beggining.

I don't know if that is the issue, but I would just move the below to the top of the script:

iptables -P INPUT DROP
iptables -P FORWARD DROP

Is this a VPS? If it is OpenVZ, try replacing eth0 with venet0 in the file.

weloveservers said:

Is this a VPS? If it is OpenVZ, try replacing eth0 with venet0 in the file.

Click to expand...

Absolutely agreed!