What do I need to

Munzy · Mar 28, 2015

... make this work.....

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -i lo -m comment --comment "Allow loopback connections" -j ACCEPT
iptables -A INPUT -i gre1 -m comment --comment "Allow loopback connections" -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A INPUT -p icmp -m comment --comment "Allow Ping to work as expected" -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.168.0/30 -j SNAT --to-source <ip>

iptables -A INPUT -p tcp -m multiport --destination-ports 22,53,8080,655,47 -j ACCEPT
iptables -A INPUT -p udp -m multiport --destination-ports 655,53,47 -j ACCEPT
iptables -A INPUT -p udp -d 209.141.39.50 -m multiport --destination-ports 27005:27030,27100:27120,28000:28020 -j ACCEPT
iptables -A INPUT -p tcp -d 209.141.39.50 -m multiport --destination-ports 27015,27100:27120 -j ACCEPT

# Pre
iptables -t nat -A PREROUTING -p udp -d 209.141.39.50 -m multiport --destination-ports 27005:27030,27100:27120,28000:28020 -j DNAT --to-destination 192.168.168.2
iptables -t nat -A PREROUTING -p tcp -d 209.141.39.50 -m multiport --destination-ports 27015,27100:27120 -j DNAT --to-destination 192.168.168.2

iptables -A FORWARD -p udp -d 192.168.168.2 -m multiport --destination-ports 27005:27030,27100:27120,28000:28020 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -d 192.168.168.2 -m multiport --destination-ports 27015,27100:27120 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

#iptables -P INPUT DROP
#iptables -P FORWARD DROP

What am I missing.... when I enable the drops at the end, I get no connections through at all from gre.

tonyg · Mar 28, 2015

I have never seen default policies at the end of an iptables script...they typically go at the beggining.

I don't know if that is the issue, but I would just move the below to the top of the script:

iptables -P INPUT DROP
iptables -P FORWARD DROP

weloveservers · Mar 30, 2015

Is this a VPS? If it is OpenVZ, try replacing eth0 with venet0 in the file.

Hostissimus · Apr 14, 2015

weloveservers said:
Is this a VPS? If it is OpenVZ, try replacing eth0 with venet0 in the file.

Absolutely agreed!

What do I need to

Munzy

Active Member

tonyg

New Member

weloveservers

New Member

Hostissimus

New Member