4

Server: Ubuntu Server 10.04 LTS

I have my iptables locked down so only ssh and http traffic is allowed in. Im trying to tunnel sql example: ssh -L 3306:127.0.0.1:3306 my@domain.com it works fine if I set my INPUT to ALLOW but as you can see below its set to drop so my ports are blocked. I asume its just a rule I need to add but everything I found on google has failed. Ideas?

iptables.up.rules

*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [57:4388]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-port-unreachable
COMMIT

terminal output

xxx@xxx:/etc# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:www
ACCEPT     icmp --  anywhere             anywhere            icmp any

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Ryan Mills
  • 237
  • 1
  • 6

1 Answers1

5

You need to allow packets to arrive via loopback:

-A INPUT -i lo -j ACCEPT

You can tighten up the rule somewhat by ensuring that packets arriving via loopback also have the loopback address:

-A INPUT -d 127.0.0.1/32 -i lo -j ACCEPT
Steven Monday
  • 13,019
  • 4
  • 35
  • 45