Search code examples
centosfirewalliptables

Unable to connect host after iptable configuration from centos 6

I have to allow port 9000 so sonarqube can be accessible, so I flushed the IPTABLE and add the below configuration, but from then below things happening:

  • no external URL connecting
  • unable to FTP connect via filezilla (but NFtp working)

Below is the configuration:

# Generated by iptables-save v1.4.7 on Thu Feb  1 08:11:50 2018
*filter
:INPUT DROP [19:1566]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [9:928]
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -m comment --comment "Allow ftp connections on port 21" -j ACCEPT
-A INPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Allow ftp connections on port 20" -j ACCEPT
-A INPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m conntrack --ctstate ESTABLISHED -m comment --comment "Allow passive inbound connections" -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate NEW,ESTABLISHED -m comment --comment "Allow ftp connections on port 21" -j ACCEPT
-A OUTPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate ESTABLISHED -m comment --comment "Allow ftp connections on port 20" -j ACCEPT
-A OUTPUT -p tcp -m tcp --sport 1024:65535 --dport 1024:65535 -m conntrack --ctstate RELATED,ESTABLISHED -m comment --comment "Allow passive inbound connections" -j ACCEPT
COMMIT
# Completed on Thu Feb  1 08:11:50 2018

Please help.

Centos 6.9

Solution

  • I finally able to configure where all things git, composer, jenkins are able to coomunicate to external world and I can able to ssh via mingw git bash, and the configuration script is:

    #!/bin/bash

iptables -F

iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp --dport 9090 -j ACCEPT


iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT

iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

/sbin/service iptables save

/sbin/service iptables restart

/sbin/service network restart

iptables -L -v