Neil Aggarwal wrote:
Fabian: I rebooted the machine to see what would happen. It went back to not accepting the connections again. If I turn off the firewall, everything works fine. I believe there is something flaky in the iptables implementation of CentOS 4.4 from what I am seeing. Any ideas?
I often write my rules as chains that end in a -j LOG --prefix "chainX" then a -j REJECT, and this helps identify where my traffic is failing. I can then later switch off the logging and turn the rejecting to dropping. Below is a particularly lean example, but it shows a method by which you can get detailed feedback on how your chains match certain packets that you pass to them.
#!/bin/bash #fail=DROP fail=REJECT log=1 ... [ $log -eq 1 ] && iptables -A INPUT -j LOG --log-prefix 'start:' iptables -N my0ssh iptables -A my0ssh -p tcp -m tcp --m state --state NEW -j RETURN [ $log -eq 1 ] && iptables -A my0ssh -j LOG --log-prefix "my0ssh no match" ... iptables -A INPUT -j my0ssh iptables -J LOG --log-prefix 'fall-thru-failure:' iptables -A INPUT -j $fail _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
