Iptables - general
From MyWiki
On ubuntu - https://www.howtoforge.com/nat_iptables
Allow incoming ports :
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
Incoming ports for samba :
netbios-ns – 137/tcp # NETBIOS Name Service netbios-dgm – 138/tcp # NETBIOS Datagram Service netbios-ssn – 139/tcp # NETBIOS session service microsoft-ds – 445/tcp # if you are using Active Directory iptables -A INPUT -p tcp -m tcp --dport 137 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 138 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 139 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 445 -j ACCEPT
Good ref - https://fedoraproject.org/wiki/How_to_edit_iptables_rules#Appending_Rules
This adds a rule at the end of the specified chain - https://fedoraproject.org/wiki/How_to_edit_iptables_rules#Appending_Rules
To delete a rule you must know its position in the chain
iptables -D INPUT 5
Postion 3 looks good for insert
iptables -I INPUT 1 -p tcp -m tcp --dport 137 -j ACCEPT iptables -I INPUT 1 -p tcp -m tcp --dport 138 -j ACCEPT iptables -I INPUT 1 -p tcp -m tcp --dport 139 -j ACCEPT iptables -I INPUT 1 -p tcp -m tcp --dport 445 -j ACCEPT
Suggestion for masquerading:
# /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # /sbin/iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT # /sbin/iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT
To enable natted routing in Raspberry Pi
# Generated by iptables-save v1.4.14 on Sat Nov 28 20:14:01 2015 *filter :INPUT ACCEPT [5922:672417] :FORWARD ACCEPT [1948640:1261159173] :OUTPUT ACCEPT [4899:634446] -A FORWARD -i eth0 -o usb0 -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Sat Nov 28 20:14:01 2015 # Generated by iptables-save v1.4.14 on Sat Nov 28 20:14:01 2015 *nat :PREROUTING ACCEPT [23978:1493968] :INPUT ACCEPT [107:30172] :OUTPUT ACCEPT [1193:75732] :POSTROUTING ACCEPT [302:21040] -A POSTROUTING -o usb0 -j MASQUERADE COMMIT # Completed on Sat Nov 28 20:14:01 2015 </source
