0

I'm trying to figure out how can I restart iptables setup made from webmin. When created the firewall rules, webmin saved everything into iptables.up.rules. I used the iptables to DROP as default action, and ACCEPT traffic only from certain IP addresses using NAT, because Filtering was making connection really slow. One of the IPs was my office IP. After resetting the modem/router at the office, our IP changed, and now I can't access webmin.

I have SSH access via other server, which is also at the ACCEPT list, and has static IP.

So I'm trying to modify iptables.up.rules, and change the old office IP to the new one, but nothing happens.

trying:

user@serv:/# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
user@serv:/#

no rules / NAT.

can't restart iptables, nothing happens when restarting webmin, tried

user@serv:/# modprobe -r iptable_nat
FATAL: Module iptable_nat is in use.

any ideas how to resolve without rebooting?

thanx.

Ali Nikneshan
  • 223
  • 2
  • 7
alechko
  • 31
  • 1
  • 4

2 Answers2

3

ok finally success! after modifying /etc/iptables.up.rules, needed to:

iptables-restore /etc/iptables.up.rules
alechko
  • 31
  • 1
  • 4
1

I'm presuming you just want to enable access for your new office ip to and from the firewall so you can then connect from the office ip via webmin? Webmin listens on port 10000 by default afaik.

iptables rule to the firewall

iptables -I INPUT -p tcp -m tcp --dport 10000 -s x.x.x.x -j ACCEPT

iptables rule from the firewall

iptables -I OUTPUT -p tcp -m tcp --sport 10000 -d x.x.x.x -j ACCEPT

where x.x.x.x is your office ip.

Then run iptables-save from the cli.

I'm not sure if you'll have to restart iptables, I doubt it but if you do -

service iptables restart

Mark Hillick
  • 280
  • 1
  • 7
  • service iptables not existing. for the ACCEPT rules from the iptables, I've already tried even to ACCEPT any connection, not just for 10000 port, but the webmin settings are overriding any iptables rule I insert from cli. – alechko May 16 '12 at 11:11
  • Can you flush all your rules? iptables -F, which should leave your default rule actions. I'm not familiar with webmin but it just seems to be a web interface for managing a *nix box so restarting it will have no effect on your iptable rules. – Mark Hillick May 16 '12 at 12:15
  • Tried iptables -F, no good. And if there are no rules under iptables -L, so you can't flush them. The thing is that the rules in webmin config file "iptables.up.rules" override anything I do manually. – alechko May 16 '12 at 13:11
  • The only other thing then would be to clear the iptables.up.rules file with "cat /dev/null > iptables.up.rules". I've never used webmin so I'm not familiar with how it constructs the firewall rules. – Mark Hillick May 16 '12 at 13:18
  • not working. I've already tried to remove the file completley, not working either. – alechko May 16 '12 at 14:13