firewall problems
Craig White
craigwhite at azapple.com
Thu Aug 25 21:44:54 UTC 2005
OK Then for next time...
iptables -A #appends new rule to end of chain (probably a bad idea since
the end of the chain is the reject so the packet is rejected before it
is accepted
iptables -I # inserts new rule to begining of chain (better idea since
it comes before REJECT everything happens at the end of the chain)
man iptables
Craig
On Thu, 2005-08-25 at 16:35 -0500, Steven J Lamb wrote:
> im sorry i was not very specific. what i did was used iptables to add the
> line. however i tryied modifying /etc/sysconfig/iptables and restarted it
> ... lets see if that works
> ----- Original Message -----
> From: "Craig White" <craigwhite at azapple.com>
> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> Sent: Thursday, August 25, 2005 4:31 PM
> Subject: Re: firewall problems
>
>
> >I assumed that you were using a text editor. You should be able to
> > select the last line that you added, 'cut' it to the clipboard, paste it
> > above the REJECT line.
> >
> > Otherwise, what are you using to make the changes?
> >
> > Craig
> >
> > On Thu, 2005-08-25 at 16:27 -0500, Steven J Lamb wrote:
> >> i am quite a newbie ...
> >>
> >> what you say means that i need to do a remove of both lines and add the
> >> both in in the revers order ... is that correct ?
> >>
> >> ----- Original Message -----
> >> From: "Craig White" <craigwhite at azapple.com>
> >> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> >> Sent: Thursday, August 25, 2005 4:25 PM
> >> Subject: Re: firewall problems
> >>
> >>
> >> > put the last line you added BEFORE the REJECT line
> >> >
> >> > then
> >> >
> >> > service iptables restart
> >> >
> >> > Craig
> >> >
> >> > On Thu, 2005-08-25 at 16:18 -0500, Steven J Lamb wrote:
> >> >> ----- Original Message -----
> >> >> From: "Thomas Cameron" <thomas.cameron at camerontech.com>
> >> >> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> >> >> Sent: Thursday, August 25, 2005 3:49 PTable: filter
> >> >> Chain FORWARD (policy ACCEPT)
> >> >> target prot opt source destination
> >> >> RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
> >> >>
> >> >> Chain INPUT (policy ACCEPT)
> >> >> target prot opt source destination
> >> >> RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
> >> >>
> >> >> Chain OUTPUT (policy ACCEPT)
> >> >> target prot opt source destination
> >> >>
> >> >> Chain RH-Firewall-1-INPUT (2 references)
> >> >> target prot opt source destination
> >> >> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
> >> >> ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type
> >> >> 255
> >> >> ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
> >> >> ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
> >> >> ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp
> >> >> dpt:5353
> >> >> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp
> >> >> dpt:631
> >> >> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
> >> >> RELATED,ESTABLISHED
> >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> >> >> tcp
> >> >> dpt:22
> >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> >> >> tcp
> >> >> dpt:80
> >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> >> >> tcp
> >> >> dpt:21
> >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> >> >> tcp
> >> >> dpt:25
> >> >> REJECT all -- 0.0.0.0/0 0.0.0.0/0
> >> >> reject-with
> >> >> icmp-host-prohibited
> >> >> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
> >> >> tcp
> >> >> dpt:110
> >> >>
> >> >> note that i added the last line and saw no change in behavior.
> >> >> although i
> >> >> have not restarted or anything to that effect
> >> >> Subject: Re: firewall problems
> >> >>
> >> >>
> >> >> >> I am attempting to get my email server up and running. I am running
> >> >> >> fedora
> >> >> >> core 4. I have gotten my SMTP to work correctly. however my POP3
> >> >> >> does
> >> >> >> not
> >> >> >> appear to get through the firewall. I did not have to punch a hole
> >> >> >> in
> >> >> >> the
> >> >> >> firewall myself for the SMTP, so I figured I would not need to for
> >> >> >> my
> >> >> >> pop.
> >> >> >> when I telnet localhost 110 I get in to my server but when I telnet
> >> >> >> in
> >> >> >> from another machine I do not get into my server. I assume this
> >> >> >> indicates
> >> >> >> a firewall problem however I do not know what I need to modify in
> >> >> >> order
> >> >> >> to
> >> >> >> fix this problem.
> >> >> >
> >> >> > What do you get when you run "service iptables status" as root? Can
> >> >> > you
> >> >> > post it to the list, please?
> >> >> >
> >> >> > Thomas
> >> >> >
> >> >> > --
> >> >> > fedora-list mailing list
> >> >> > fedora-list at redhat.com
> >> >> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >> >> >
> >> >>
> >> >
> >> > --
> >> > fedora-list mailing list
> >> > fedora-list at redhat.com
> >> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >> >
> >>
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
> >
>
More information about the fedora-list
mailing list