>>> *Open port 10050 within ip range of >>> 172.22.4.0/24 and 172.22.5.0/24 on both of servers? >>> >> > ACCEPT tcp -- anywhere anywhere tcp dpt:https > ACCEPT tcp -- 184-xxx-xxx-xx.static.my.com anywhere tcp > dpt:mysql > ACCEPT tcp -- example.host.com anywhere tcp dpt:mysql > ACCEPT tcp -- performance-checking-server.company.info > anywhere tcp dpt:mysql > ACCEPT icmp -- anywhere anywhere icmp echo-reply > > ACCEPT tcp -- anywhere anywhere tcp dpt:ssh > LOG all -- anywhere anywhere limit: avg > 40/min burst 5 LOG level warning > DROP all -- anywhere anywhere
iptables currently indicate that the server will grant access to port 443 (https) from anywhere, port 22 (ssh) from anywhere and port 3306 (mysql) for hosts example.host.com, perform....info, 184...static.my.com. so essentially, IMO, you have been asked to add a rule to INPUT chain so that, similar to the above ports, port 10050 could be accessed from hosts matching the CIDR 172.22.4.0/24 and 172.22.5.0/24. A word of caution, If you don't know what you are doing with iptables, you can lock yourself out and cannot ssh to the machine. so, use them at your own risk. The following link gives a basic idea of how you can use iptables to white list ip addresses. http://library.linode.com/security/firewalls/iptables#sph_whitelist-traffic-from-specific-addresses The examples they have provided in the link appends rule to the INPUT chain but your last rule in the chain is DROP (see above), so you will need to use the insert variant of the iptables command using the -I option to insert your rule before the LOG rule. Hope this helps. -- 0 _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
