Jump to content

Recommended Posts

You can use my config (which is working) for iptables:

# Authserver
iptables -A INPUT -p tcp --dport 3724 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3724 -m state --state ESTABLISHED -j ACCEPT

# server 1
iptables -A INPUT -p tcp --dport 8085 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 8085 -m state --state ESTABLISHED -j ACCEPT

# server 2
iptables -A INPUT -p tcp --dport 8086 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 8086 -m state --state ESTABLISHED -j ACCEPT

Link to post
Share on other sites

After that, be sure to save the rules so in a reboot it is already done (in gentoo for example it is /etc/init.d/iptables save).

Also I suggest to set the default policy to DROP, it is harder to configure, but way more secure. With:

iptables -P INPUT DROP

iptables -P OUTPUT DROP

Those two lines will drop all packets not matched by any rule (EVEN the output packets)

EDIT: I posted the iptables rules as it is mentioned in the topic. This will only open the ports, but not do NAT.

If you use a router, you should redirect also the ports to the machine running TC

Edited by StormByte
Link to post
Share on other sites

With a dedicated server, you should be able to log in via ssh, and do the commands I put before. If you are using any GUI to configure it, it is unknown for me and I can't help with that.

But I suggest login via SSH, a dedicated server requires some linux knowledge :)

Link to post
Share on other sites

You don't need a reject all rule, and that is also not good, as if this rule is before any other, all will be rejected despite further rules.

To set reject all, it is better to change the policy, as I stated before, with -P command.

Also, I suggest you to delete all rules and redo them from scratch

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...