Firewall configuration - IPTables on Debian 10

Discussion in 'Systems Administration' started by Maxx_Qc, Mar 24, 2020.

  1. Hey guys, so I'm trying to setup the firewall on my server but nothing seems to really work... Basically I have a mongodb and I can still connect remotely, but not locally meaning that my plugin cannot connect to the database so the server doesn't start. I added every rules from this page: https://docs.mongodb.com/manual/tutorial/configure-linux-iptables-firewall/

    Of course, I also added the traditionnal ports (ssh, https, http, mysql, minecraft, minecraft rcon).

    Any help would be very much appreciated since I never really used any firewall but I want top notch security.
    Thank you :)
     
  2. Phoenix616

    Resource Staff

    Well without knowing which firewall rules you used exactly (as not every rule on that page would apply to your situation?) it's hard to help you.

    Tbh. if all you want is use mongo locally then I would suggest to only bind it to localhost and not to any public port, that way you don't even need to deal with the firewall.
     
  3. I used all of them on the website as mention in the main post. I need to be able to use it locally and remotely (the plugin needs to connect to it and I need to be able to edit some stuff using mongodb compass on my computer). I find it quite weird that it is not working locally but it is remotely. If it can help, I also blocked all incoming, forwarding and the output using
    iptables -P INPUT REJECT
    iptables -P FORWARD REJECT
    iptables -P OUTPUT REJECT
     
  4. After spending too much hours on this, I finally figured it out. I just didn't use the right iptables rules in the first place. I followed a misguiding tutorial. Everything is working fine right now.
     
  5. Can you let us know what you did
     
  6. I just setted up everything back again, I must've failed something the first time.

    sudo iptables -A INPUT -p tcp -m state --state NEW --dport 25555 -j ACCEPT
    where 25555 is the port
    you do that for every ports
    and then
    sudo iptables-save
    and also
    sudo dpkg-reconfigure iptables-persistent

    of course to block everything
    sudo iptables -P INPUT DROP
    sudo iptables -P OUTPUT DROP
    sudo iptables -P FORWARD DROP
     
    • Like Like x 1
  7. If this can help anyone out there, don't follow the mongodb tutorial I linked. Only accept the 27017 and 28017 ports.

    upload_2020-3-30_0-24-48.png