We Keep Coding

How to open port in boinc useing iptables

witch code do i need to open boinc iptables ?
I need to connect to grcpool.com server
I found i need to open the port tcp and udp (31416)
i'm useing this code:
sudo iptables -A OUTPUT -p tcp --dport 31416 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -p tcp --sport 31416 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 31416 -m state --state NEW -j ACCEPT
sudo iptables -A INPUT -p udp --sport 31416 -m state --state ESTABLISHED -j ACCEPT
but still does not works :/
Can anyone help me ??
Thanks for helping me !

Hello i found out how to open the firewall iptables
Code:
sudo iptables -A INPUT -p tcp -m tcp --dport 31416:34356 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 31416:34356 -m state --state ESTABLISHED -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 31416 -j ACCEPT
sudo iptables -A OUTPUT -p tcp --sport 31416 -m state --state ESTABLISHED -j ACCEPT

Port forwarding on NAT using KVM/QEMU

I'm using NAT mode for guest networking. I need my machines to be accessible from outside the guest. I've set up iptables to port forward a specific port on host to port 22 on guest, but this does not seem to work.
I added this rules:
# Port Forwardings
-A PREROUTING -i eth0 -p tcp --dport 9867 -j DNAT --to-destination 192.168.122.136:22
# Forward traffic through eth0 - Change to match you out-interface
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
When I ssh 192.168.122.136 from host it works perfectly, however when I try ssh 192.168.122.136 -p 9867 it shows ssh: connect to host 192.168.122.1 port 9867: Connection refused
I've enabled port forwarding on /etc/ufw/sysctl.conf
using iptables -t nat -L shows that the rule is set up on iptable
DNAT tcp -- anywhere anywhere tcp dpt:9867 to:192.168.122.136:22

Found my answer here. basicly I changed the above to
# connections from outside
iptables -t nat -A PREROUTING -p tcp --dport 9867 -j DNAT --to 192.168.122.136:22
# for local connection
iptables -t nat -A OUTPUT -p tcp --dport 9867 -j DNAT --to 192.168.122.136:22
# Masquerade local subnet
iptables -t nat -A POSTROUTING -s 192.168.122.0/24 -j MASQUERADE
iptables -A FORWARD -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i virbr0 -o eth0 -j ACCEPT
iptables -A FORWARD -i virbr0 -o lo -j ACCEPT

Redirection using iptables

I have a server on cloud with following iptables.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p tcp --sport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 443 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 9200 -m state --state New,RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -j DROP
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2900 -j DNAT --to-destination 127.0.0.1:9200
What I have to add in other chains so that i can access my service on 2900 port.

Rules apply from the top down.
6.2 Destination NAT
This is done in the PREROUTING chain, just as the packet comes in; this means that anything else on the Linux box itself (routing, packet filtering) will see the packet going to its `real' destination
https://www.netfilter.org/documentation/HOWTO/NAT-HOWTO-6.html#ss6.2
So you want the PREROUTING line at the top, so the NAT happens first.
Then an INPUT entry allowing incoming connections on your destination port, after NAT.
Except, what's up with your INPUT rules not accepting RELATED and ESTABLISHED and your output rules setting specific source ports? Outbound traffic usually comes from random high ports.
From https://serverfault.com/a/578781/57144 and https://serverfault.com/a/578787/57144 you want to explicitly say NEW connections for incoming ports, and should prefer fewer rules for performance (if applicable).
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 2900 -j DNAT --to-destination 127.0.0.1:9200
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9200 -j ACCEPT
# or
# iptables -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 80,443,9200 -j ACCEPT
iptables -A INPUT -j DROP

Iptables: forward request on different interfaces and port

I have a machine with 2 interfaces:
eth0 inet addr:1.1.1.1
eth1 inet addr:2.2.2.2
eth0 is a server, eth1 is the network on virtual machine.
I have ssh on server, so 1.1.1.1:22 is busy.
I need a rule for redirecting incoming connections on eth0 port 6000 to eth1, ip 2.2.2.100 on port 22 (virtual machine ip).
In this mode if I did, on an external machine,
ssh -p 6000 root#1.1.1.1
I would login on the virtual machine.
I tried this rule but it didn't work:
sudo iptables -P FORWARD ACCEPT
sudo iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 6000 -j DNAT --to 2.2.2.100:22

Well there are like 1 million scripts/tutorials/things for this case, but if someone lands from google to here is something like this:
iptables -I FORWARD -d 2.2.2.2 -m comment --comment "Accept to forward ssh traffic" -m tcp -p tcp --dport 22 -j ACCEPT
iptables -I FORWARD -m comment --comment "Accept to forward ssh return traffic" -s 2.2.2.2 -m tcp -p tcp --sport 22 -j ACCEPT
iptables -t nat -I PREROUTING -m tcp -p tcp --dport 60000 -m comment --comment "redirect pkts to virtual machine" -j DNAT --to-destination 2.2.2.2:22
iptables -t nat -I POSTROUTING -m comment --comment "NAT the src ip" -d 2.2.2.2 -o eth1 -j MASQUERADE

Iptable rules not behaving as expected

I have the following iptable rules for a new system.
Basically I am trying to allow incoming www, ssl and ssh and allow outgoing ftp,ssh,smtp,dns,www and ssl connections. Plus a special rules for an outgoing mysql connection to a specific mysql server, a DoS attack helper and some dropped packet logging. All other connections I want dropped.
My trouble is, every single time I run the shell script for these rules, I get locked out tighter than a drum. It drops the established ssh session and won't allow me to begin a new one. I have to reboot through a console as even flushing the rules in a console session does not help.
It does not matter if the fallback rules (top three after the flush) are at the beginning or the end. I've tried many ways and I am hoping a new set of eyes may see what I am missing:
iptables -F
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --dports 80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m multiport --sports 80,443 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o eth0 -p tcp -m multiport --dport 21,22,25,53,80,443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -m multiport --sport 21,22,25,53,80,443 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -p tcp -s 172.xxx.xxx.xxx --sport 1024:65535 -d 172.xxx.xxx.xxx --dport 3306 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 172.xxx.xxx.xxx --sport 3306 -d 172.xxx.xxx.xxx --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dport 80,443 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7
iptables -A LOGGING -j DROP
Any help would be appreciated. NOTE: I obfuscated the internal IP for posting.