Iptables help

[jono]

Hello,

I am stuggling to configure Iptables to allow any and all traffic from devices connected to the LAN.

I have media servers running on the PiAF machine (we have very few simultaneous calls, so the hardware copes perfectly)

I find that with Iptables enabled, the media server, although running, cannot be seen by the media players. The media players, I believe, use random ports (Un Plug N Pray) so it would be helpful if it were possible to permit 192.168.3.0/255.255.255.0 addresses.

I have set up a rule using webmin to accept If source is 192.168.3.0/255.255.255.0.....but the media players are still not connecting.....with Iptables off, they are.

Can anyone point me in the right direction?

Thank you.

 

[jroper]

If you have an eternal firewall, and you can secure your server from the outside world, then there would be no harm in disabling the firewall entirely.


Joe

 

[jono]

Thanks, Joe.

Yes, I've had to disable iptables; I do have a firewall/router in place, however, I've got a couple of remote extensions so have had to open up relevant ports on the router.

I would like to have Iptables running too.....for the benefits of fail2ban.

 

[jroper]

Hi

Would you have more success with an individual entry for each IP address you want to connect I wonder?

Joe

 

[jono]

You might be right. I shall try that tomorrow....will have to set everything static...but, no matter.

Thanks.

 

[tel0p]

fail2ban

I have my box behind a firewall and long ago disabled iptables.

After installing fail2ban I get email notifications if there was a ban. I thought this was good enough as I can monitor my system in realtime. Yesterday I accidently banned my desktop machine (forgot to add ignoreip = 192.168.1.10 in /etc/fail2ban/jail.conf). I then noted that I couldn't connect.

Am I correct in assuming that fail2ban initiates iptables to block an IP or does it do the heavy lifting on it's own?