iptables help needed
Simon Slater
pyevet at aapt.net.au
Mon Jun 2 08:26:38 UTC 2008
G'day all,
I've been plugging away at this for some time and have no idea which
direction to turn. The iptables on a gateway box (FC6) is blocking
access to the internet from a laptop (F8). On each attempt to access
the internet, the gateway responds with a reset.
I have turned on everything in iptables using lokkit and
system-config-iptables, with some hand editing to boot (guided by
various howto's), probably allowing more than I need, but cannot get the
laptop out through the firewall.
Any help will be greatly appreciated.
Port forwarding is on, internet is ppp0, lan is eth0. The rules I've
ended up with follow:
[root at ipex ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp
dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:https
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:netbios-ns
ACCEPT udp -- anywhere anywhere state NEW
udp dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:microsoft-ds
ACCEPT tcp -- anywhere anywhere state NEW
tcp dpt:nfs
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
[root at ipex ~]# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root at ipex ~]#
--
'ooroo
Simon
Registered Linux User #463789. Sign up at: http://counter.li.org/
More information about the fedora-list
mailing list