just to make sure.. you are certain, that you want -s 1.2.3.4?
this means source ip is 1.2.3.4 (so the ip you connect from, not the ip you connect _to_)
Jacob Friis Larsen wrote:
When I add -s 1.2.3.4 I am unable to connect to my server. nmap shows that the correct ports are open. Any ideas?
iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 22 -m state --state NEW
This is my script: <script> #!/bin/sh
# Modules modprobe ip_conntrack_ftp
# Defaults iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP
# Flush iptables -t nat -F POSTROUTING iptables -t nat -F PREROUTING iptables -t nat -F OUTPUT iptables -F
# STATE RELATED for router iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Localhost iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT
# Open ports on router for server/services
iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 20 -m state --state NEW
iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 21 -m state --state NEW
iptables -A INPUT -s 1.2.3.4 -j ACCEPT -p tcp --dport 22 -m state --state NEW
iptables -A INPUT -j ACCEPT -p tcp --dport 25 -m state --state NEW
iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m state --state NEW
iptables -A INPUT -j ACCEPT -p tcp --dport 143 -m state --state NEW
iptables -A INPUT -j ACCEPT -p tcp --dport 993 -m state --state NEW
</script>
Thanks, Jacob
