Iptables problem with allowing http
Claude Jones
claude_jones at levitjames.com
Tue Mar 15 13:36:14 UTC 2005
At least I think that's the problem, though I can't see why.
My rules:
iptables -P INPUT DROP
iptables -A INPUT -i ! ${UPLINK} -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport http -m state --state NEW -j ACCEPT
#to allow ftp?
#iptables -A INPUT -p tcp -m state --state RELATED -j ACCEPT
iptables -A INPUT -p tcp -i ${UPLINK} -j REJECT --reject-with tcp-reset
iptables -A INPUT -p udp -i ${UPLINK} -j REJECT --reject-with
icmp-port-unreachable
iptables -vL results in:
Chain INPUT (policy DROP 10 packets, 320 bytes)
pkts bytes target prot opt in out source
destination
397 46790 ACCEPT all -- !eth0 any anywhere anywhere
4435 3628K ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere
anywhere tcp dpt:http state NEW
0 0 ACCEPT tcp -- any any anywhere
anywhere state RELATED
3 144 REJECT tcp -- eth0 any anywhere
anywhere reject-with tcp-reset
116 20550 REJECT udp -- eth0 any anywhere
anywhere reject-with icmp-port-unreachable
0 0 ACCEPT all -- !eth0 any anywhere anywhere
0 0 ACCEPT all -- any any anywhere
anywhere state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- any any anywhere
anywhere tcp dpt:http state NEW
0 0 ACCEPT tcp -- any any anywhere
anywhere state RELATED
0 0 REJECT tcp -- eth0 any anywhere
anywhere reject-with tcp-reset
0 0 REJECT udp -- eth0 any anywhere
anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT 35 packets, 7985 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 5105 packets, 609K bytes)
pkts bytes target prot opt in out source
destination
Attempts to connect to my ip via http are being refused with a
'connection refused' - seems like the connection is live, but attempts
to connect are rebuffed. Anyone spot something wrong in the above?
--
Claude Jones
Bluemont, VA, USA
More information about the fedora-list
mailing list