Help with iptables firewall rules
Felipe Alfaro Solana
lkml at mac.com
Sun Feb 6 18:19:39 UTC 2005
On 6 Feb 2005, at 18:54, Robert L Cochran wrote:
> I'm trying to allow my print server on 192.168.1.160 to communicate
> with my machine. Otherwise, I don't seem able to print to my Laserjet.
> It seems to be doing that by sending TCP packets to port 1023. So I
> added this rule to my firewall:
>
> -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1023
> -j ACCEPT
>
> But the packets still get rejected:
>
> Feb 6 12:26:04 bobcp4 kernel: Packet dropped..IN=eth1 OUT=
> MAC=00:11:09:61:11:6b:00:c0:02:55:52:55:08:00 SRC=192.168.1.160
> DST=192.168.1.14 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=34854 PROTO=TCP
> SPT=515 DPT=1023 WINDOW=1024 RES=0x00 ACK PSH SYN URGP=0
>
> I also had 2 other rules:
>
> # -A RH-Firewall-1-INPUT -s 192.168.1.160 -p tcp -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> # -A RH-Firewall-1-INPUT -s 192.168.1.160 -p udp -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
> They are shown commented out, but when I uncommented them the effect
> was the same as above: again the packets were rejected and nothing
> printed. Any idea of what I am doing wrong? Port 631 is open.
Where did you insert your rule? Make sure there is no DENY ALL rule
before the one you added. It's very common in firewall rulesets to end
the set with a DENY ALL rule. Thus, any rule you append will be
useless.
More information about the fedora-list
mailing list