[nos-bbs] IPTABLES for TUN device

Bob Tenty bobtenty at gmail.com
Sat Mar 3 01:48:04 EST 2012 

Jose,

You will do yourself very much a favour be installing "shorewall" in Ubuntu.

Bob VE3TOK

On 12-03-02 11:59 PM, Jose Ng Lee wrote:
> Hi Michael,
> Thanks for the reply, good explanation of Iptables and the 
> references.  Your right Iptables subject is too broad.
> My goal for now is to have Linux talk to the Jnos through the tun 
> device and viceversa.  I was using before Firestarter graphic 
> interface to setup the firewall.  With the Firestarter disable was 
> able to communicate linux to Jnos.  Firestarter on was not able to and 
> just couldn't set it up the rules.
> So, I unistalled Firestarter.  The default Iptables firewall is on now 
> but couldn't get it to communicate Linux to Jnos.  For an easier way 
> to setup Iptables, I use Webmin through the web browser to modify the 
> rules.  It got me confuse how to setup the rules and tried declaring 
> the IP but doesn't work.  Later, I tried declaring in the Incoming and 
> Outgoing packets to Accept the packets from the tun0 interface and now 
> is working.  The tun0 interface is only on when jnos is execute so 
> have to declare other interface and write the name tun0.
> My next step is to setup the iptables to allow telnet from internet to 
> the Jnos.  I tried and couldn't telnet to my Jnos from the internet.
> Thanks,
> Jose / HP2AT
>
>     ----- Original Message -----
>     *From:* Michael Fox - N6MEF <mailto:n6mef at mefox.org>
>     *To:* 'TAPR xNOS Mailing List' <mailto:nos-bbs at tapr.org>
>     *Sent:* Friday, March 02, 2012 10:57 PM
>     *Subject:* Re: [nos-bbs] IPTABLES for TUN device
>
>     Jose,
>
>     It looks like no one has responded to you yet.  That may be
>     because you asked a rather broad question.  You'll need to be much
>     more specific about iptables.
>
>     IPtables is for filtering (among other things).  For the best
>     security, you want to set a default policy of drop and then
>     specify the specific traffic that you want to allow.  So you need
>     to define those traffic types first, then translate to iptables
>     rules.  If you define what you want, and take a stab at writing
>     the rules, there are probably several of us here who would be
>     happy to help you refine them.
>
>     If you're new to iptables, here's some background info to get you
>     started:
>
>     Iptables has 3 principle filtering tables:  input, forward,
>     output.  Input is what traffic you want linux to accept coming in
>     on that interface.  In other words, this is traffic destined for
>     linux that comes in on the tun0 interface.  Forward is for traffic
>     you want linux to allow to pass through from one interface to
>     another.  This can be two way on the tun0 device.  For example,
>     you may want to allow certain ICMP traffic to go out from JNOS,
>     through Linux, to the internet, but not allow incoming traffic of
>     that type from the internet to reach JNOS.  So you need to define
>     what traffic do you want to allow linux to forward from other
>     interfaces TO tun0  and what traffic do you want linux to forward
>     FROM tun0 to other interfaces.  Output is for what traffic you
>     want linux to be able to originate on that interface.
>
>     To specify the traffic types, you'll need to define if they're IP,
>     TCP, ICMP, etc., which ports (line TCP port 23 for default telnet,
>     etc.), and possibily which source and/or destination addresses to
>     allow to send that traffic.  For example, you may want to allow
>     linux to forward telnet to JNOS as long as it is from a 44.x
>     address, but not from other addresses.
>
>     Once you have figured out what traffic you want to allow, here are
>     three good references to help write the rules:
>
>     https://help.ubuntu.com/community/IptablesHowTo
>
>     http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html 
>     (this is how I learned -- it has some good templates)
>
>     O'Reilly iptables pocket reference:
>     http://www.amazon.com/Linux-iptables-Pocket-Reference-Gregor/dp/0596005695/ref=sr_1_sc_1?ie=UTF8&qid=1330745373&sr=8-1-spell
>     <http://www.amazon.com/Linux-iptables-Pocket-Reference-Gregor/dp/0596005695/ref=sr_1_sc_1?ie=UTF8&qid=1330745373&sr=8-1-spell>
>
>
>     Michael
>
>     N6MEF
>
>     *From:*nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org]
>     *On Behalf Of *Jose Ng Lee
>     *Sent:* Friday, March 02, 2012 11:20 AM
>     *To:* TAPR xNOS Mailing List
>     *Subject:* [nos-bbs] IPTABLES for TUN device
>
>     Hi,
>
>     Anyone can help me with a sample IPTABLES configuration that works
>     with TUN device.
>
>     Thanks,
>
>     Jose / HP2AT
>
>     ------------------------------------------------------------------------
>     _______________________________________________
>     nos-bbs mailing list
>     nos-bbs at tapr.org
>     https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs
>
>
>
> _______________________________________________
> nos-bbs mailing list
> nos-bbs at tapr.org
> https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tapr.org/pipermail/nos-bbs_lists.tapr.org/attachments/20120303/7190438a/attachment.html>

More information about the nos-bbs mailing list