Howto open port using iptables

Saturday, February 21, 2009

If you want your machine to respond to requests initiated from elsewhere on the internet, in effect to be a server, you need to open the required ports. To do this properly, you need to know:

1. What service you want to open up?
2. Whether it is a tcp or udp service?
3. What port number(s) it uses?

You may also wish to think about restricting access to certain machines; e.g. if you only want people in the X dept to access the machine.

For example, to enable ssh access to your box from anywhere on campus, you could use something like

iptables -A allowed -p tcp --dport 22 -s 129.2.0.0/16 -j ACCEPT
iptables -A allowed -p udp --dport 22 -s 129.2.0.0/16 -j ACCEPT

iptables -A allowed -p tcp --dport 22 -s 128.8.0.0/16 -j ACCEPT
iptables -A allowed -p udp --dport 22 -s 128.8.0.0/16 -j ACCEPT

This allows both udp and tcp traffic from either of the two class B networks to access port 22 on your machine. Of course, you need to have an sshd daemon running as well for this to work; the code above merely punches the required holes in the firewall.

0 Responses to "Howto open port using iptables"

Leave a Reply