Help with iptables firewall rules
Kam Leo
kam.leo at gmail.com
Sun Feb 6 20:48:16 UTC 2005
On Sun, 06 Feb 2005 14:17:31 -0500, Robert L Cochran
<cochranb at speakeasy.net> wrote:
> Felipe Alfaro Solana wrote:
>
> > On 6 Feb 2005, at 18:54, Robert L Cochran wrote:
> >
> >> I'm trying to allow my print server on 192.168.1.160 to communicate
> >> with my machine. Otherwise, I don't seem able to print to my
> >> Laserjet. It seems to be doing that by sending TCP packets to port
> >> 1023. So I added this rule to my firewall:
> >>
> >> -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport
> >> 1023 -j ACCEPT
> >>
> >> But the packets still get rejected:
> >>
> >> Feb 6 12:26:04 bobcp4 kernel: Packet dropped..IN=eth1 OUT=
> >> MAC=00:11:09:61:11:6b:00:c0:02:55:52:55:08:00 SRC=192.168.1.160
> >> DST=192.168.1.14 LEN=44 TOS=0x00 PREC=0x00 TTL=30 ID=34854 PROTO=TCP
> >> SPT=515 DPT=1023 WINDOW=1024 RES=0x00 ACK PSH SYN URGP=0
> >>
> >> I also had 2 other rules:
> >>
> >> # -A RH-Firewall-1-INPUT -s 192.168.1.160 -p tcp -m state --state
> >> NEW,ESTABLISHED,RELATED -j ACCEPT
> >> # -A RH-Firewall-1-INPUT -s 192.168.1.160 -p udp -m state --state
> >> NEW,ESTABLISHED,RELATED -j ACCEPT
> >>
> >> They are shown commented out, but when I uncommented them the effect
> >> was the same as above: again the packets were rejected and nothing
> >> printed. Any idea of what I am doing wrong? Port 631 is open.
> >
> >
> > Where did you insert your rule? Make sure there is no DENY ALL rule
> > before the one you added. It's very common in firewall rulesets to end
> > the set with a DENY ALL rule. Thus, any rule you append will be useless.
> >
> There is indeed a global REJECT rule at the end of this chain. But I
> added the rule near the start of the chain. There must be something I'm
> missing here about the state of the packets.
>
> Bob
>
If your printer is using a JetDirect interface the port is 9100.
More information about the fedora-list
mailing list